May 25, 2023

The Week in Security: Lazarus targets Microsoft servers in espionage campaign, the future of PyPI

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: Application security, cybersecurity, and beyond.

Read More about The Week in Security: Lazarus targets Microsoft servers in espionage campaign, the future of PyPI

The Week in Security: Lazarus targets Microsoft servers in espionage campaign, the future of PyPI

May 24, 2023

Practitioners reveal growing concerns about software security

In a recent survey, 300 IT and software pros were asked about the state of software supply chain security. Here are takeaways from a webinar discussion.

Read More about Practitioners reveal growing concerns about software security

Practitioners reveal growing concerns about software security

May 23, 2023

Red teaming a country: Lessons learned from hacking India's government

John Jackson and his Sakura Samurai crew took India up on an invitation to test the security of government websites and apps. Here are the lessons learned.

Read More about Red teaming a country: Lessons learned from hacking India's government

Red teaming a country: Lessons learned from hacking India's government

May 23, 2023

PyPI paused as automated attack overwhelms admins

The Python repo was flooded with malicious typo-squatting packages. Weekend warriors quit defense and hit pause.

Read More about PyPI paused as automated attack overwhelms admins

PyPI paused as automated attack overwhelms admins

May 22, 2023

Too costly to fail — and about to get costlier: Why software security matters

The cost of attacks on software supply chains could exceed $80.6B by 2026, a 76% increase over the $45.8B expected in 2023, a market research firm finds.

Read More about Too costly to fail — and about to get costlier: Why software security matters

Too costly to fail — and about to get costlier: Why software security matters

May 18, 2023

RATs found hiding in the npm attic

ReversingLabs researchers discovered two malicious packages that contained TurkoRat, an open source infostealer that lurked on npm for two months before being detected.

Read More about RATs found hiding in the npm attic

RATs found hiding in the npm attic

May 18, 2023

The Week in Security: Capita AWS bucket exposes benefits data, Toyota leaks customer data on 2M

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

Read More about The Week in Security: Capita AWS bucket exposes benefits data, Toyota leaks customer data on 2M

The Week in Security: Capita AWS bucket exposes benefits data, Toyota leaks customer data on 2M

May 17, 2023

How to Use Threat Intelligence Indicator Feeds with Microsoft Sentinel

Learn how ReversingLabs threat intelligence indicator feeds can enhance Microsoft Sentinel. Plus, get a free trial of Early Detection of Ransomware for Sentinel.

Read More about How to Use Threat Intelligence Indicator Feeds with Microsoft Sentinel

How to Use Threat Intelligence Indicator Feeds with Microsoft Sentinel

May 17, 2023

Lessons from MSI's UEFI key breach: How safe are the secrets in your software?

Stolen keys allow bootkits to avoid Intel’s “Guard” features. And there’s no way to revoke them.

Read More about Lessons from MSI's UEFI key breach: How safe are the secrets in your software?

Lessons from MSI's UEFI key breach: How safe are the secrets in your software?

May 16, 2023

7 obstacles to success with software bills of materials

The path to success for SBOMs faces many hurdles. Here are key factors that threaten your investments.

Read More about 7 obstacles to success with software bills of materials

7 obstacles to success with software bills of materials

May 12, 2023

Detecting Debugger Evasion: Exception Flooding

Quantum, once a popular ransomware gang, is no longer an active threat. However, ReversingLabs researchers created detection rules for a debugger evasion recently added to the Malware Behavior Catalog as Exception Flooding.

Read More about Detecting Debugger Evasion: Exception Flooding

Detecting Debugger Evasion: Exception Flooding

May 11, 2023

ReversingLabs and Synopsys join forces to combat software supply chain threats

ReversingLabs Software Supply Chain Security will be paired with Synopsys to spot malware and tampering in commercial, third-party, and open-source software.

Read More about ReversingLabs and Synopsys join forces to combat software supply chain threats

ReversingLabs and Synopsys join forces to combat software supply chain threats

May 11, 2023

The Week in Security: Coalition takes down Russia's Snake espionage tool, GitHub plugs API leaks

...

Read More about The Week in Security: Coalition takes down Russia's Snake espionage tool, GitHub plugs API leaks

The Week in Security: Coalition takes down Russia's Snake espionage tool, GitHub plugs API leaks

May 10, 2023

Why fear rules when it comes to software bills of materials

In this ConversingLabs Cafe interview, Josh Corman, founder of I Am The Cavalry, talks about what’s behind industry skepticism around SBOMs.

Read More about Why fear rules when it comes to software bills of materials

Why fear rules when it comes to software bills of materials

May 9, 2023

Red teamers take on AI at DEF CON 31

It takes a village... Researchers play capture the flag to find vulns in tools like ChatGPT — with a White House assist.

Read More about Red teamers take on AI at DEF CON 31

Red teamers take on AI at DEF CON 31