Ideas, Observations & Stories in Cybersecurity
Introduction We will move our discussion ahead from our last topic on Ransomware and will go through a ransomware Akira. In the crowded and ever-evolving ransomware landscape, Akira has quickly established itself as one of the most disruptive players. Emerging in March 2023, Akira targets organizations with a double extortion playbook — exfiltrating sensitive data…
Introduction Ransomware has evolved from being a nuisance for individual computer users to one of the most damaging threats to modern organizations.It’s not just about encrypting files anymore — the latest ransomware operations have become full-fledged criminal enterprises, combining data theft, extortion, and public shaming into a single high-pressure attack model. In this blog, we’ll…
Introduction We have discussed in the previous post regarding the introduction, basically Insecure deserialization is a critical vulnerability that often lurks in legacy systems and internal applications. Serialization and deserialization are foundational operations in modern software development, enabling communication between systems, data storage, and object persistence. However, improper use of deserialization—particularly with unsafe serializers like…
In the realm of cybersecurity, one vulnerability that continues to haunt developers and security professionals alike is insecure deserialization. This seemingly innocuous process, crucial for transferring data between systems, harbors a myriad of risks when implemented carelessly. We delve deep into the intricacies of insecure deserialization, uncover its potential threats. I will also demonstrate practical…
