The Hidden Threats in Large Language Models A backdoor attack in the context of large language models (LLMs) refers to a type of malicious activity where an adversary intentionally inserts hidden triggers into the model during its training phase. These…
Category: DZone Security Zone
Developing Security-By-Design Across the Zoho Application Suite
Delivering secure application services free from exposed vulnerabilities — without imposing overbearing authentication controls that frustrate users, or draconian code review requirements that inhibit developer innovation — is a challenge as old as the internet itself. Organizations naturally prioritize building…
How Open Source Project Tetragon Is Evolving Security via eBPF
Over the last decade, the eBPF open-source project quietly laid the groundwork for major evolutionary gains in Linux subsystems and how they keep pace with the new world of microservices and distributed applications. Today, that foundation has made possible eBPF…
SBOMs in Action: Securing Your Golden AMIs From Build to Runtime
Golden Amazon Machine Images (AMIs) are the foundation for launching consistent and efficient instances in your AWS cloud environment. Ensuring their security and immutability is paramount. This guide delves into how Software Bill of Materials (SBOMs), cryptographic signing, and runtime…
Penetration Testing for Beginners: A Step-By-Step Guide
In an era where digital transformation is rapidly advancing, the importance of cybersecurity cannot be overstated. One of the essential aspects of maintaining robust security is penetration testing, commonly known as pentesting. This guide aims to provide beginners with a…
Create JWT Using DataWeave JWT Library
Recently in one of my projects, there was a requirement to create JWT within the MuleSoft application and send that as an OAuth token to the backend for authentication. After doing some research, I got to know several ways to…
regreSSHion: Should We Panic About the New OpenSSH Vulnerability?
What Is the regreSSHion Vulnerability (CVE-2024-6387)? regreSSHion is a newly discovered vulnerability in OpenSSH that affects glibc-based Linux systems. regreSSHion (CVE-2024-6387) may allow arbitrary code execution with root privileges on systems with default configurations. Why Is Everyone Worried About the…
How DevSecOps Can Combat Zero-Day Threats
Zero-day threats are becoming more dangerous than ever. Recently, bad actors have taken over the TikTok accounts of celebrities and brands through a zero-day hack. In late May to early June, reports of high-profile TikTok users losing control over their…
Mitigate the Security Challenges of Telecom 5G IoT Microservice Pods Architecture Using Istio
Deploying microservices in a Kubernetes cluster is critical in 5G Telecom. However, it also introduces significant security risks. While firewall rules and proxies provide initial security, the default communication mechanisms within Kubernetes, such as unencrypted network traffic and lack of…
Securing Your Machine Identities Means Better Secrets Management
In 2024, GitGuardian released the State of Secrets Sprawl report. The findings speak for themselves; with over 12.7 million secrets detected in GitHub public repos, it is clear that hard-coded plaintext credentials are a serious problem. Worse yet, it is a…