Rust finds its mojo: Move forward to memory-safe code

t’s confirmed: The Linux kernel will have Rust support soon.

The Week in Security: Is Lapsus$ back in action?

The famous hacking group Lapsus$ appears to be back in action. Also: Russian cyber spies are targeting Ukraine by posing as internet providers.

White House now requires software adhere to NIST standards

Selling software to the government? You must now attest to conformity with NIST standards. And SBOMs, while not required, are preferred.

Iran-backed APT actors utilize CVEs to carry out cyber attacks on critical infrastructure

The Week in Cybersecurity: U.S. mandates federal agencies use secure third-party software tools

A new U.S. federal government memo mandates the federal use of secure third-party software products and services. Also, Twitter whistleblower Mudge Zatko reveals new details of the company’s security practices (or lack thereof) with Congress.

Why Twitter security sucks: Half of staff has PII access

Peiter “Mudge” Zatko (pictured) was grilled by U.S. senators this week. Twitter’s former head of security has some damning things to say about the service’s DevOps security — or lack of it.

OpenSSF's npm best practices: A solid first step for supply chain security — but trust issues remain

Here's what you need to know about the new OpenSSF npm security best practices.

From the Labs: YARA Rule for Detecting GoodWill

ReversingLabs’ YARA detection rule for GoodWill can help you find this ransomware in your environment.

ConversingLabs: Unpacking the Follina exploit

In our latest episode of the ConversingLabs podcast, host Paul Roberts interviews ReversingLabs researcher Joseph Edwards about his analysis of Follina, a newly discovered exploit with a pretty name, but nasty intentions. 

The Week in Cybersecurity: Vice Society ransomware group targets back-to-school

Vice Society ransomware group targets America’s education sector, the U.S. government’s new position on software supply chain security, and more.

Enduring Security Framework's software supply chain guidelines: A roadmap for the post-SolarWinds world

New federal guidance codifies lessons from the SolarWinds hack, including for securing third-party code and development pipelines. A software bill of materials (SBOM) is central. Here are four key takeaways.

From the Labs: YARA Rule for Detecting Blue Locker

ReversingLabs’ open source YARA detection rule for Blue Locker can help you find this ransomware in your environment.

The SBOM is evolving: 4 key trends boosting software supply chain security

Software bills of materials will never be a panacea for software supply chain security. Here are key trends that will deliver some welcome evolution, however.

From the Labs: YARA Rule for Detecting Acepy

ReversingLabs’ YARA detection rule for Acepy can help you find this ransomware in your environment.

The Week in Cybersecurity: Cyber espionage operation fueled for months by targeted phishing attacks

A China-linked cyber espionage campaign targets critical entities in Australia and the South China Sea, password manager LastPass gets hacked (again), and more