June 22, 2023

The Week in Security: BlackCat threatens to leak Reddit data, attackers target npm packages (again)

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

Read More about The Week in Security: BlackCat threatens to leak Reddit data, attackers target npm packages (again)

The Week in Security: BlackCat threatens to leak Reddit data, attackers target npm packages (again)

June 21, 2023

Passkeys standard: Time to add it to your dev plans?

Forward-thinking DevOps shops are doing it already. Isn’t it time your team got on board?

Read More about Passkeys standard: Time to add it to your dev plans?

Passkeys standard: Time to add it to your dev plans?

June 21, 2023

MITRE’s System of Trust: A discussion about standardizing software supply chain risk

Robert Martin of MITRE and Cassie Crossley of Schneider Electric discuss how MITRE’s System of Trust helps operationalize software supply chain security.

Read More about MITRE’s System of Trust: A discussion about standardizing software supply chain risk

MITRE’s System of Trust: A discussion about standardizing software supply chain risk

June 20, 2023

How to Investigate Security Incidents with Threat Intelligence in Microsoft Sentinel

From Indicators to Action: Streamlining Incident Response with Integrated Threat Intelligence in Sentinel

Read More about How to Investigate Security Incidents with Threat Intelligence in Microsoft Sentinel

How to Investigate Security Incidents with Threat Intelligence in Microsoft Sentinel

June 20, 2023

OWASP Top 10 for LLM Applications: Can AI risk be tamed?

OWASP is expanding its Top 10 series with a list of large language model vulnerabilities. Here's what AppSec teams need to know.

Read More about OWASP Top 10 for LLM Applications: Can AI risk be tamed?

OWASP Top 10 for LLM Applications: Can AI risk be tamed?

June 16, 2023

From the Labs: YARA Rule for Detecting HermeticRansom

The ReversingLabs YARA detection rule for HermeticRansom can help you find this ransomware in your environment.

Read More about From the Labs: YARA Rule for Detecting HermeticRansom

From the Labs: YARA Rule for Detecting HermeticRansom

June 15, 2023

CISA SBOM-a-rama tackles challenges: 5 key takeaways

CISA hosted SBOM-a-rama on Wednesday to move software bills of material — a list of ingredients for software and services — forward. Here are top takeaways and insights.

Read More about CISA SBOM-a-rama tackles challenges: 5 key takeaways

CISA SBOM-a-rama tackles challenges: 5 key takeaways

June 15, 2023

The Week in Security: Ukraine APT attacks tied to Russia, critical eye placed on AI-generated software

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

Read More about The Week in Security: Ukraine APT attacks tied to Russia, critical eye placed on AI-generated software

The Week in Security: Ukraine APT attacks tied to Russia, critical eye placed on AI-generated software

June 14, 2023

How to trust open source software: A conversation with OpenSSF's Naveen Srinivasan

ConversingLabs caught up with Srinivasan to discuss how OpenSSF's Security Scorecard can aid developers in assessing open source software components for their projects.

Read More about How to trust open source software: A conversation with OpenSSF's Naveen Srinivasan

How to trust open source software: A conversation with OpenSSF's Naveen Srinivasan

June 14, 2023

How hackers access secrets

Bad actors are finding secrets across the supply chain. Here are the key attack methods — and what's needed to prevent them.

Read More about How hackers access secrets

How hackers access secrets

June 13, 2023

MOVEit software exploit walks before it runs

Cl0p quietly tested the flaw for two years before launching the full exploit. Lesson: Look both ways before crossing.

Read More about MOVEit software exploit walks before it runs

MOVEit software exploit walks before it runs

June 12, 2023

Self-attestation on software security: What development teams need to know

Software vendors that do business with the government must prove they are practicing basic supply chain security. Here's a rundown on the requirements.

Read More about Self-attestation on software security: What development teams need to know

Self-attestation on software security: What development teams need to know

June 8, 2023

The Gigabyte firmware backdoor: Lessons learned about supply chain security

Firmware attacks can pose a substantial risk to the software supply chain. Here's what your software security team can learn from the latest compromise.

Read More about The Gigabyte firmware backdoor: Lessons learned about supply chain security

The Gigabyte firmware backdoor: Lessons learned about supply chain security

June 8, 2023

The Week in Security: AI hallucinations linked to software supply chain risk, CI fix deemed critical

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

Read More about The Week in Security: AI hallucinations linked to software supply chain risk, CI fix deemed critical

The Week in Security: AI hallucinations linked to software supply chain risk, CI fix deemed critical

June 7, 2023

What's the difference between app sec and supply chain security? It's all in the hack

ReversingLabs Field CISO Matt Rose explains the difference between application security hacks and software supply chain hacks.

Read More about What's the difference between app sec and supply chain security? It's all in the hack

What's the difference between app sec and supply chain security? It's all in the hack