The Gigabyte firmware backdoor: Lessons learned about supply chain security
Firmware attacks can pose a substantial risk to the software supply chain. Here's what your software security team can learn from the latest compromise.
The Gigabyte firmware backdoor: Lessons learned about supply chain security
The Week in Security: AI hallucinations linked to software supply chain risk, CI fix deemed critical
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
What's the difference between app sec and supply chain security? It's all in the hack
ReversingLabs Field CISO Matt Rose explains the difference between application security hacks and software supply chain hacks.
PyPI hackers code sneaky new tactic. Researchers caught 'em red handed
Compiled-code behavior analysis beats old-skool app sec tools.
5 AI threats keeping SOC teams up at night
Your security operations team should be planning how to stay ahead of these emerging AI risks.
The state of app sec with Chris Romeo: The year of the application is near
ConversingLabs caught up with Chris Romeo of Kerr Ventures at RSA Conference 2023 to talk about the state of application security. Watch (or listen) — and learn.
The Week in Security: Barracuda email flaw left open for months, calls for AI governance turn existential
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security
When byte code bites: Who checks the contents of compiled Python files?
The ReversingLabs research team has identified a novel attack on PyPI using compiled Python code to evade detection — possibly the first attack to take advantage of PYC file direct execution.
‘Extinction risk’: Could code-writing AI wipe out humans via software backdoors?
Experts warn ChatGPT-based coding could do to us what an asteroid did to the dinosaurs. Hype — or heads-up to reckon with?
Can AI-based software supply chain risk be tamed by NeMo Guardrails?
Nvidia's tool is among the first to promise to manage the risk from generative AI. Here's what it can do — and an analysis of the scope of risk from AI.
Q&A with ReversingLabs COO Peter Doggart: With software supply chain security, 'your brand is at stake'
The new Chief Operating Officer at ReversingLabs talks about the challenge of securing software supply chains — and the promise ReversingLabs offers.
The Week in Security: Lazarus targets Microsoft servers in espionage campaign, the future of PyPI
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: Application security, cybersecurity, and beyond.
Practitioners reveal growing concerns about software security
In a recent survey, 300 IT and software pros were asked about the state of software supply chain security. Here are takeaways from a webinar discussion.
Red teaming a country: Lessons learned from hacking India's government
John Jackson and his Sakura Samurai crew took India up on an invitation to test the security of government websites and apps. Here are the lessons learned.
PyPI paused as automated attack overwhelms admins
The Python repo was flooded with malicious typo-squatting packages. Weekend warriors quit defense and hit pause.