EU cyber laws ‘will’ make FOSS devs liable
The Python Software Foundation is very, very unhappy with the draft Cyber Resilience Act (CRA) and Product Liability Act (PLA).
EU cyber laws ‘will’ make FOSS devs liable
What’s hot at RSA Conference 2023: 6 must-see malware analysis and threat hunting talks
There is so much to take in at RSAC. Cut through the noise with our list of threat-focused talks you don't want to miss.
OSC&R embraces GitHub: Will it move the needle on supply chain security?
Here's what the Open Software Supply Chain Attack Reference (OSC&R) framework move means in the short run — and long term.
The Week in Security: 3CX attackers identified as North Korean, CISA pushes Secure by Design
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Has public USB ‘juice jacking’ made it into the wild?
Déjà vu, but carry protection, dev teams traveling with credentials: Public-USB hacks could finally have gone rogue, per the FBI.
Why 'shift left' is now a dirty term in some security circles
Here's why some security practitioners question the term — and what they think app sec teams should focus on instead.
What went wrong with the 3CX software supply chain attack — and how it could have been prevented
Experts break down the incident, and explain how app sec tools are evolving to detect and prevent such attacks.
The Week in Security: Social engineering-attacks up with the rise of AI tools, Genesis Market seized
Research connects the rise of AI tools and an increase in social engineering attacks. Also: A stolen credentials site is seized.
CISA Cybersecurity Performance Goals update: Key changes and additions
CPGs are now better aligned with NIST's Cybersecurity Framework (CSF), and supply chain goals have been added. MFA guidance is also new.
With Twitter code in the wild, DevSecOps doubts surface
First, Twitter's source code was leaked. Then it open-sourced its ranking algorithm. Should we worry about the unintended consequences of “transparency”?
Docker's BuildKit adds attestation: How it works and key limitations
Here's what you need to know about BuildKit and its Supply Chain Levels for Software Artifacts (SLSA) provenance capabilities for SBOMs.
The 3CX breach was targeted — but the plan was broader
The compromise was limited to their app. But there's a bigger lesson: Supply chain security complacency comes with a cost.
Integrate threat hunting into SOC triage to mitigate software supply chain risk
Here's how robust threat hunting and malware analysis can enhance your triage process — and help you get a handle on software supply chain security.
Red flags flew over software supply chain-compromised 3CX update
The VOIP software company missed signs that its client had been tampered with before it pushed the update to customers.
The Week in Security: Twitter gets subpoena for source code leak, 3CX supply chain attack surfaces
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.