Log4j one year in: Vulnerability fuels attacks — and a new urgency for software supply chain security
Log4j one year in: Vulnerability fuels attacks — and a new urgency for software supply chain security
The Week in Security: Docker Hub leaks secrets, Black Basta ransomware gangs up on retailer
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
W4SP continues to nest in PyPI: Same supply chain attack, different distribution method
Days after researchers for Phylum and Checkmarx revealed an ongoing software supply chain attack spreading the W4SP Stealer malware through malicious packages on the Python Package Index (PyPI), ReversingLabs researchers discovered 10 additional PyPI packages pushing modified versions of W4SP that were overlooked.
ZetaNile: Open source software trojans from North Korea
ReversingLabs Malware Researcher Joseph Edwards takes a deep dive into ZetaNile, a set of open-source software trojans being used by Lazarus/ZINC.
Meta’s GDPR fine: Why your DevOps needs red teaming
GitHub repojacking attack: 10 lessons for software teams
Software supply chain attacks are on the rise because of their reach. Here are 10 valuable lessons from the recent GitHub namespace attack.
Your support must scale: Don’t be like Meta, dev teams
A rash of small businesses on Facebook found their accounts locked after being hacked. And it’s impossible to contact Meta to get the problem fixed.
4 ways GitOps can help secure your software pipeline
GitOps can help control configuration drift and enable your infrastructure security to shift left, for starters. Here are four ways it can enable better software security.
Introducing ReversingLabs Cloud Deep Scan, Protection for Your Cloud File Shares
ReversingLabs Cloud Deep Scan can help organizations quickly identify threats in their AWS file shares and storage. Here are the key features.
The Week in Security: Disguised Russian software used in U.S. Army, CDC applications
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Track this: Apple, Google hit with BIG privacy law claims
Within the space of a few days, both Google and Apple have suffered huge legal challenges.
How to write detailed YARA rules for malware detection
New malware appears or evolves daily, so updating tools like YARA rules for detection is critical. Here's how my research team develops YARA rules.
From the Labs: YARA Rule for Detecting GwisinLocker
ReversingLabs’ YARA detection rule for GwisinLocker can help you find this ransomware in your environment.
The Week in Security: Former Uber CSO convicted over hack cover-up, supply chain attack targets media
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.
Dropbox reveals hack: What DevOps can learn from it
Dropbox was hacked last month. The company has now revealed more details — and there are some big surprises.