February 23, 2023

The Week in Security: U.S. Special Ops Command server exposed emails, phishing campaign hits npm

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

Read More about The Week in Security: U.S. Special Ops Command server exposed emails, phishing campaign hits npm

The Week in Security: U.S. Special Ops Command server exposed emails, phishing campaign hits npm

February 22, 2023

Developers beware: Imposter HTTP libraries lurk on PyPI

ReversingLabs researchers discovered dozens of malicious packages on Python Package Index that mimic popular libraries

Read More about Developers beware: Imposter HTTP libraries lurk on PyPI

Developers beware: Imposter HTTP libraries lurk on PyPI

February 21, 2023

Core-JS: Beware hidden dependencies from indebted Russian developers

This is not a drill: Denis Pushkarev has big debts — and his code is EVERYWHERE

Read More about Core-JS: Beware hidden dependencies from indebted Russian developers

Core-JS: Beware hidden dependencies from indebted Russian developers

February 21, 2023

OSC&R targets software supply chain attacks

Modeled after MITRE ATT&CK, OSC&R aims to improve software supply chain security. Experts share its hits — and misses.

Read More about OSC&R targets software supply chain attacks

OSC&R targets software supply chain attacks

February 17, 2023

From the Labs: YARA Rule for Detecting Lorenz

ReversingLabs’ YARA detection rule for Lorenz can help you find this ransomware in your environment.

Read More about From the Labs: YARA Rule for Detecting Lorenz

From the Labs: YARA Rule for Detecting Lorenz

February 16, 2023

The Week in Security: Russian hackers targeted U.S. gas and electric, malicious PyPI packages show prowess

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

Read More about The Week in Security: Russian hackers targeted U.S. gas and electric, malicious PyPI packages show prowess

The Week in Security: Russian hackers targeted U.S. gas and electric, malicious PyPI packages show prowess

February 15, 2023

Less talk, more action: High hopes for CISA's new C-SCRM office

CISA's C-SCRM turns a page on a busy year for federal software supply chain security directives and guidance. Will it move the needle?

Read More about Less talk, more action: High hopes for CISA's new C-SCRM office

Less talk, more action: High hopes for CISA's new C-SCRM office

February 15, 2023

Lessons from ChatGPT, Bing AI, Bard and Copilot: Chatty AI is just a toy

Beep, boop; hope, hype: Generative AI isn't ready for prime time. So don't play games with your software development

Read More about Lessons from ChatGPT, Bing AI, Bard and Copilot: Chatty AI is just a toy

Lessons from ChatGPT, Bing AI, Bard and Copilot: Chatty AI is just a toy

February 14, 2023

SCA is necessary, but AppSec must evolve to tackle software supply chain security

Software teams face growing supply chain complexity and threats. Here's why your application security team needs to go beyond open source and vulnerabilities.

Read More about SCA is necessary, but AppSec must evolve to tackle software supply chain security

SCA is necessary, but AppSec must evolve to tackle software supply chain security

February 14, 2023

Software composition analysis and the evolution of application security

Forrester has assessed that software composition analysis (SCA) has grown into an established market. Here are the highlights for teams tasked with software supply chain security

Read More about Software composition analysis and the evolution of application security

Software composition analysis and the evolution of application security

February 14, 2023

The SCA tools landscape and what it means to software supply chain security

The Forrester Software Composition Analysis Landscape, Q1 2023 report provides a competitive analysis of SCA tools. Here's how they deliver (and miss) on software supply chain security

Read More about The SCA tools landscape and what it means to software supply chain security

The SCA tools landscape and what it means to software supply chain security

February 13, 2023

Why knowing the "ground truth" is key to software security

Software bills of materials (SBOMs) deliver a ground truth for software teams. Here's how they can protect their supply chains.

Read More about Why knowing the "ground truth" is key to software security

Why knowing the "ground truth" is key to software security

February 9, 2023

Open-source repository malware sows Havoc

Aabquerys is a malicious npm package discovered typosquatting on a legitimate module that downloads malicious components

Read More about Open-source repository malware sows Havoc

Open-source repository malware sows Havoc

February 9, 2023

The Week in Security: CISA operationalizes software supply chain security, GuLoader targets e-commerce

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond.

Read More about The Week in Security: CISA operationalizes software supply chain security, GuLoader targets e-commerce

The Week in Security: CISA operationalizes software supply chain security, GuLoader targets e-commerce

February 8, 2023

Leaky app gives researcher 'total, global control' over the Toyota supplier network

Researcher Eaton Zveare discloses massive back door in Toyota web app exploiting a JsonWebToken used for authentication

Read More about Leaky app gives researcher 'total, global control' over the Toyota supplier network

Leaky app gives researcher 'total, global control' over the Toyota supplier network