March 30, 2023

The Week in Security: Twitter gets subpoena for source code leak, 3CX supply chain attack surfaces

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

Read More about The Week in Security: Twitter gets subpoena for source code leak, 3CX supply chain attack surfaces

The Week in Security: Twitter gets subpoena for source code leak, 3CX supply chain attack surfaces

March 29, 2023

Do you trust AI to find app sec holes while you sleep?

Purr-fect? Or cat-astrophe? Microsoft wants you to cat nap as its Security Copilot combats software security threats.

Read More about Do you trust AI to find app sec holes while you sleep?

Do you trust AI to find app sec holes while you sleep?

March 28, 2023

How bulk pull requests help scale open source bug fixes

Flaws quickly spread across the supply chain. Here's how researchers at Alpha Omega and beyond are automating fixes.

Read More about How bulk pull requests help scale open source bug fixes

How bulk pull requests help scale open source bug fixes

March 27, 2023

VS Code hack shows how supply chain attacks can extend to other software development tools

A Visual Studio Code Extensions Marketplace flaw highlights the risk potential. Here's how the VS Code IDE can proliferate to npm.

Read More about VS Code hack shows how supply chain attacks can extend to other software development tools

VS Code hack shows how supply chain attacks can extend to other software development tools

March 24, 2023

From the Labs: YARA Rule for Detecting NB65

ReversingLabs YARA detection rule for NB65 can help you find this ransomware in your environment.

Read More about From the Labs: YARA Rule for Detecting NB65

From the Labs: YARA Rule for Detecting NB65

March 23, 2023

The Week in Security: NuGet hit by typosquatting, fake ChatGPT plug-in hijacks Facebook accounts

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

Read More about The Week in Security: NuGet hit by typosquatting, fake ChatGPT plug-in hijacks Facebook accounts

The Week in Security: NuGet hit by typosquatting, fake ChatGPT plug-in hijacks Facebook accounts

March 22, 2023

Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague

The vulnerabilities left the door open to malicious plug-in updates. Here's what you need to know.

Read More about Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague

Jenkins patches high-severity XSS vulnerabilities: Lessons learned from CorePlague

March 21, 2023

How to mitigate secrets risk — and prevent future breaches

Software secrets are in the crosshairs of malicious actors. Here are three key steps to mitigate risk — and best practices your team can take to prevent future breaches.

Read More about How to mitigate secrets risk — and prevent future breaches

How to mitigate secrets risk — and prevent future breaches

March 20, 2023

Application security practices are maturing — but it's a work in progress

While best practices adoption for AppSec is up, many supply chain security problems remain, the OpenSSF SLSA framework survey shows.

Read More about Application security practices are maturing — but it's a work in progress

Application security practices are maturing — but it's a work in progress

March 16, 2023

The Week in Security: YoroTrooper steals credentials in Europe, AI-created videos spread malware

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

Read More about The Week in Security: YoroTrooper steals credentials in Europe, AI-created videos spread malware

The Week in Security: YoroTrooper steals credentials in Europe, AI-created videos spread malware

March 15, 2023

GitHub enforces 2FA — it’s about time (given the state of supply chain security)

GitHub just got a little safer, by finally forcing users into two-factor authentication. What took you so long, Microsoft?

Read More about GitHub enforces 2FA — it’s about time (given the state of supply chain security)

GitHub enforces 2FA — it’s about time (given the state of supply chain security)

March 14, 2023

Introducing New Secrets Management Capabilities For Mitigating Software Supply Chain Risk

ReversingLabs is giving dev and app sec teams something new: broader visibility into software supply chain risks — and data-driven prioritization to automatically suppress third-party secrets and other false positive results.

Read More about Introducing New Secrets Management Capabilities For Mitigating Software Supply Chain Risk

Introducing New Secrets Management Capabilities For Mitigating Software Supply Chain Risk

March 13, 2023

Fixing secrets leaks requires holistic software stack protection

The recent hacks at CircleCI and other organizations show that your software supply chain may be a grab bag of software secrets. Only an end-to-end security approach can solve the problem.

Read More about Fixing secrets leaks requires holistic software stack protection

Fixing secrets leaks requires holistic software stack protection

March 13, 2023

When it comes to financial services, mind the gaps in your AppSec testing

Why you need to upgrade to software supply chain security: Adversaries can compromise your organization without comprehensive malware identification.

Read More about When it comes to financial services, mind the gaps in your AppSec testing

When it comes to financial services, mind the gaps in your AppSec testing

March 9, 2023

PyPI repo poisoned with "Colour-Blind" RAT

Here are the key takeaways from the Colour-Blind remote access trojan, with insights from supply chain security experts

Read More about PyPI repo poisoned with "Colour-Blind" RAT

PyPI repo poisoned with "Colour-Blind" RAT