Blog | ReversingLabs (37)

February 2, 2023

The Week in Security: Russia takes aim at Ukraine with Sandworm, the truth about Russia's top search engine

Russia-affiliated Sandworm is using malware strains to attack entities in Ukraine. Also: A massive Yandex code leak reveals the ranking factors of Russia’s search engines.

February 1, 2023

Leverage third-party software validation to bolster your supply chain security

Here's how risks emerge with third-party software, and how third-party software can be validated end-to-end.

January 31, 2023

Google’s Open Source Team Layoffs A Security Risks

Firing ‘the best of the best’ in open source does not bode well for software security. Will the last to leave please turn off the lights?

January 30, 2023

Go beyond Software Bills of Mediocrity

SBOMs could become Software Bills of Mediocrity. But not if we can agree on their value for software supply chain security. Chris Romeo explains.

January 26, 2023

The Week in Security: After breach, 'unusual activity' detected in GoTo and LastPass dev environments

This week: GoTo says its 2022 breach was worse than reported, also affecting LastPass. Also: A hacktivist finds FBI No Fly list on an unsecured server.

January 25, 2023

Lessons from Log4Shell: 4 key takeaways for DevSecOps teams

Top leaders and practitioners from eBay, Fidelity, T-Mobile and Tasktop share lessons from the Log4Shell vulnerability. Here are four key takeaways.

January 24, 2023

Move over, npm: Now VS Code extensions can’t be trusted

It’s super easy to spoof Visual Studio Code extensions. And it’s incredibly hard to detect. In this week’s Secure Software Blogwatch, we run and hide.

January 23, 2023

AI unleashed: Are you repared for next-gen software supply chain attacks?

ChatGTP and GitHub Copilot seem like a win for developers — under pressure to release new features continuously. But the code produced by generative AI needs serious scrutiny.

January 20, 2023

From the Labs: YARA Rule for Detecting Black Basta

ReversingLabs’ YARA detection rule for Black Basta can help you find this ransomware in your environment.

January 19, 2023

The Week in Security: PyPI hit by ‘Lolip0p’ info-stealing attack, ransomware targets ship fleet

This week: A new software supply chain attack has been discovered on PyPI. Also: A ransomware attack on ship management software impacts 1000 vessels.