SBOM Facts: Know what's in your software to fend off supply chain attacks

SBOM Facts: Know what's in your software to fend off supply chain attacks

Smash-and-grab: AstraLocker 2.0 pushes ransomware direct from Office docs

ReversingLabs recently discovered instances of the AstraLocker 2.0 malware distributed directly from Microsoft Word files used in phishing attacks.

The Week in Cybersecurity: Austrian hackers-for-hire KNOTWEED serve up Subzero malware

Austrian group KNOTWEED spreads malware via Microsoft products, new malware-infested apps pop up in the Google Play store, and mo

ConversingLabs highlights: RSA Conference spotlights software supply chain, critical infrastructure risk

The RSA Conference brings some of the brightest minds in information security together in one place.

How to build trust in a zero-trust environment: Security leaders share insights

5 CI/CD breaches analyzed: Why you need to update your software security

Omer Gil and Daniel Krivelevich outlined the top CI/CD security risks at RSA Conference 2022. Here's what your software security team needs to know.

Survey finds software supply chain security top of mind for dev teams — but tampering detection lags

A survey of more than 300 technology professionals found widespread concern about supply chain attacks, but only sporadic efforts to detect such attacks.

Taking the quiz: Are you up to speed on supply chain risk?

ReversingLabs delivered a game-show style review of its survey on software supply chain security at RSA Conference. Here are the questions and answers.

MITRE’s System of Trust: A standard for software supply chain security

MITRE’s System of Trust framework is aiming to standardize how software supply chain security is assessed. MITRE's Robert Martin explains.

What’s hot at #RSAC? Our picks for the big security show

It's two years in, and COVID is still threatening to steal RSA Conference's mojo. But for those willing to brave Moscone in San Francisco (and those attending virtually), you won’t be disappointed. Here are our picks for must-see talks.

Go below the surface on tampering: The trouble with software integrity validation

The growing number of software supply chain attacks is putting pressure on validation of software integrity and authenticity.

It’s not a secret if you publish it on PyPI

Python packages can contain sensitive information. Here's how software development teams can keep secrets secret

Coinminer and npm: What you see is not always what you get

Package repository content can be different from source code repository content. Here's what your software team needs to know.

Software supply chain risk demands our attention

Software supply chain attacks are a top concern. But tools for monitoring and stopping them lags. Meet ReversingLabs' new platform: secure.software.

Pandemic paradigm shift: CISOs say remote workforce a game-changer, leading to burnout

Chief Information Security Officers from energy, finance, and retail sectors reflect on new security challenges–and CISO burnout.