ReversingLabs

Paul Roberts

Director of Content and Editorial at RL. Paul is a reporter, editor and industry analyst with 20 years’ experience covering the cybersecurity space. He is the founder and editor in chief at The Security Ledger, a cybersecurity news website. His writing about cyber security has appeared in publications including Forbes, The Christian Science Monitor, MIT Technology Review, The Economist Intelligence Unit, CIO Magazine, ZDNet and Fortune Small Business. He has appeared on NPR’s Marketplace Tech Report, KPCC AirTalk, Fox News Tech Take, Al Jazeera and The Oprah Show.

find Paul Roberts on:

Posts from Paul Roberts

September 23, 2022

The pandemic turned out to be a boon for public-private cybersecurity cooperation

The shift to remote work punched holes in government networks. But it also fostered a transformation in public-private cooperation, one NSA official noted at LABScon.

Conversing labs with guest Joseph Edwards

September 8, 2022

ConversingLabs: Unpacking the Follina exploit

In our latest episode of the ConversingLabs podcast, host Paul Roberts interviews ReversingLabs researcher Joseph Edwards about his analysis of Follina, a newly discovered exploit with a pretty name, but nasty intentions.

September 7, 2022

Enduring Security Framework's software supply chain guidelines: A roadmap for the post-SolarWinds world

New federal guidance codifies lessons from the SolarWinds hack, including for securing third-party code and development pipelines. A software bill of materials (SBOM) is central. Here are four key takeaways.

August 22, 2022

To secure your CI/CD pipelines, round up the usual suspects

A presentation at the Black Hat Briefings in Las Vegas dug into the “how” of CI/CD compromises. As it turns out, many of the culprits will be familiar to security teams.

August 12, 2022

Researchers demo flaws in GitHub Copilot AI generated code and warn of AI bias

GitHub updated guidance on using its Copilot AI-powered code bot after researchers demonstrated at Black Hat that it often generates vulnerable code.

August 3, 2022

Software supply chain security takes center stage at Black Hat 2022

software-supply-chain-security-takes-center-stage-at-black-hat-2022

July 21, 2022

The Week in Cybersecurity: SolarWinds attackers tap Google Drive, malware spreads via Play Store apps

Cozy Bear APT group is using Dropbox and Google drive to cover up attacks, malware is spreading via Google Play Store apps, and more.

Stylized image showing chess pieces on a board with a glowing knight and a bright red background displaying ‘LOG4J’ and a warning symbol. Source code lines appear in the background, symbolizing the ongoing cybersecurity risk posed by the Log4j vulnerability.

July 19, 2022

CISA: Log4j threat will linger for years—so be prepared

A survey of the post-Log4j landscape found few successful hacks linked to it. The bad news? Log4Shell will linger for years — so you need to prepare.

July 8, 2022

The Week in Cybersecurity: NPM removes malicious modules, Microsoft backtracks on macros

Fallout from another supply chain attack involving malicious npm modules. Also: Microsoft backtracks on a pledge to disable Office macros.