BlackCat (ALPHV): What we know about the MGM hack
Ransomware-as-a-service gang ALPHV (a.k.a. BlackCat) carried out a sophisticated attack on the hotel and casino company MGM. Here’s what the ReversingLabs threat team understands.
BlackCat (ALPHV): What we know about the MGM hack
With growing threats to Apple devices, Kandji ramps up
Kandji Director of Threat Intelligence Devin Byrd talks about the growing enterprise threats to macOS and iOS endpoints.
EPSS vs. CVSS: Exploit prediction could move the needle on software risk
Will the Exploit Prediction Scoring System improve application security now — and software supply chain security in the future? Here's what you need to know.
The art of security chaos engineering
What if dev and app sec teams showed the same ingenuity, nimbleness and ruthless efficiency as cybercriminals? Fastly's Kelly Shortridge explains why that's essential to resilience.
IoT and the supply chain: The road to securing devices
In this episode of ConversingLabs, recorded on the sidelines of Black Hat in Las Vegas, NetRise CEO Thomas Pace talks about supply chain threats to the Internet of Things (IoT).
SANS DevSecOps report: 5 key takeaways
"Shift left" is giving way to up-front software risk assessments, and companies are increasingly tapping external support for third-party compliance. Learn more from application security peers.
20 application security pros you should follow
These leading app sec experts provide a steady flow of security knowledge to keep you up to speed.
Lemons and liability: How security warranties could tame the software market
In this ConversingLabs, Daniel Woods shares insights from his research on software warranties and discusses how shifting liability to producers could define the market.
Threat research roundup: Lessons learned from recent PyPI and npm supply chain attacks
RL threat researchers have discovered multiple malicious campaigns on open source repositories. Join the webinar to discuss key takeaways for app sec teams.
VMConnect supply chain attack continues, evidence points to North Korea
ReversingLabs researchers discovered more packages that are part of the previously identified VMConnect campaign, as well as evidence linking the campaign to North Korea's Lazarus Group.
10 Hacker Summer Camp speakers to follow year-round
Knowledge sharing with cybersecurity experts doesn't have to stop after Hacker Summer Camp wraps up. Follow these top speakers throughout the year.
The Week in Security: WinRAR exploit targets traders, malicious npm packages go after game devs
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Supply chain security: Is technical debt weighing your team down?
Doing just vulnerability management and piecemeal app sec testing are equivalent to paying only the interest on mounting security technical debt. Where does your organization stand?
Fake Roblox packages target npm with Luna Grabber info-stealing malware
ReversingLabs researchers have identified more than a dozen malicious packages targeting Roblox API users on the npm repository. This latest campaign recalls a 2021 attack.
Risk modeling model exposes supply chain's 'hiddenness of knowledge'
GUAC-ALYTICs will use a new algorithmic engine to model risk across open-source software supply chain interdependencies. Here's what you need to know.