GitHub updated guidance on using its Copilot AI-powered code bot after researchers demonstrated at Black Hat that it often generates vulnerable code.
Read More about Researchers demo flaws in GitHub Copilot AI generated code and warn of AI bias
The National Vulnerability Database does not tell the full story of software risk. Here's why the NVD — and your AppSec approach — needs to be modernized.
Read More about NVD Analysis: Why you need to modernize your application security
There are many problems facing the cybersecurity community today, and they will only get worse before they get better. Despite this bleak view, former Cybersecurity and Infrastructure Security Agency (CISA) Director Chris Krebs reminded the audience at Black Hat USA 2022 to place their hope in people to have a more secure future.
Read More about The state of cybersecurity: 'Things are going to get worse before they get better,' Krebs tells Black Hat 2022
...
Read More about How to Hunt for Ransomware with Combined PAN XSOAR Integrations
...
Read More about GwisinLocker ransomware targets South Korean industrial and pharma firms
As the ReveringLabs team embraces the Black Hat USA conference in Las Vegas this week, we wanted to share some exciting news that will be vital to the company’s ongoing growth: Ali Khan has been named ReversingLabs’ first-ever Field CISO.
Read More about Ali Khan Named ReversingLabs' First Field CISO
A new Chinese offensive framework may be abused by threat actors, hackers steal $190 million from Nomad Token Bridge, and more.
Read More about The Week in Cybersecurity: Meet Manjusaka, 'the Chinese sibling of Sliver and Cobalt Strike'
Black Hat is set to return next week with two years of pent up cybersecurity research and discoveries. Here are the talks you don't want to miss.
Read More about Buckle up for Black Hat 2022: Sessions your security team should not miss
software-supply-chain-security-takes-center-stage-at-black-hat-2022
Read More about Software supply chain security takes center stage at Black Hat 2022
Here is a run-down of the 10 streams from OpenSSF's Open Source Software Security Mobilization Plan.
Read More about OpenSSF's open source security mobilization initiative: Inside the 10-point action plan
Updates include: Improved static analysis, improved integrations and automation, smoother workflows for a better user experience, and ease of administration.
Read More about New Features for TitaniumScale, version 3.0
An analysis of three in-the-wild payloads delivered using the recently discovered Follina exploit shows how attackers can use it to achieve persistent access in victim environments and turbo-charge efforts to ‘live off the land’ and avoid detection by security monitoring tools.
Read More about Threat analysis: Follina exploit fuels 'live-off-the-land' attacks
Better threat hunting and investigations with flexibility in threat status classifications, reliable dynamic and network analysis, and smoother workflows and maintenance.
Read More about New Features for the A1000, version 6.4
Cozy Bear APT group is using Dropbox and Google drive to cover up attacks, malware is spreading via Google Play Store apps, and more.
Read More about The Week in Cybersecurity: SolarWinds attackers tap Google Drive, malware spreads via Play Store apps
More than 30 years after the AIDS computer virus spread via infected floppy disks, ransomware has taken the world by storm. But echoes of that first attack can still be heard today.
Read More about Three decades later, ransomware's first act still resonates