New malicious packages in PyPI: What it means for securing open source repositories
After a recent discovery of malicious PyPI packages, questions remain about the security community’s ability to mitigate threats posed to open source repositories.
New malicious packages in PyPI: What it means for securing open source repositories
The Week in Cybersecurity: French hospital hit with ransomware attack
Cybercriminals are continuing to target medical facilities, Twitter’s alleged lack of cybersecurity measures, and more.
How abuse.ch evolved into an essential threat hunting platform
To secure your CI/CD pipelines, round up the usual suspects
A presentation at the Black Hat Briefings in Las Vegas dug into the “how” of CI/CD compromises. As it turns out, many of the culprits will be familiar to security teams.
6 reasons AppSec teams should shift gears and go beyond legacy vulnerabilities
The National Vulnerability Database represents a minority of software supply chain threats. With attacks surging, teams must shift focus from vulnerabilities to malware.
The Week in Cybersecurity: Cybercrime growth outpaces the security industry
Evidence has surfaced of cybercrime’s fast-paced growth in 2022, a new Google Chrome zero-day vulnerability is being exploited, and more.
Black Hat: We should have seen the Colonial ransomware attack coming, says Kim Zetter
Few need to be reminded of the fears that the Colonial Pipeline hack caused in May of 2021, in which airlines scrambled to keep their planes fueled for long-haul flights and Americans across the eastern seaboard panic-bought gas in expectation of supply disruptions.
The Week in Cybersecurity: MFA shortcomings paved the way for Cisco breach
MFA’s shortcomings paved the way for Cisco’s data breach
NVD Analysis: Why you need to modernize your application security
The National Vulnerability Database does not tell the full story of software risk. Here's why the NVD — and your AppSec approach — needs to be modernized.
The state of cybersecurity: 'Things are going to get worse before they get better,' Krebs tells Black Hat 2022
There are many problems facing the cybersecurity community today, and they will only get worse before they get better. Despite this bleak view, former Cybersecurity and Infrastructure Security Agency (CISA) Director Chris Krebs reminded the audience at Black Hat USA 2022 to place their hope in people to have a more secure future.
How to Hunt for Ransomware with Combined PAN XSOAR Integrations
...
GwisinLocker ransomware targets South Korean industrial and pharma firms
...
Ali Khan Named ReversingLabs' First Field CISO
As the ReveringLabs team embraces the Black Hat USA conference in Las Vegas this week, we wanted to share some exciting news that will be vital to the company’s ongoing growth: Ali Khan has been named ReversingLabs’ first-ever Field CISO.
The Week in Cybersecurity: Meet Manjusaka, 'the Chinese sibling of Sliver and Cobalt Strike'
A new Chinese offensive framework may be abused by threat actors, hackers steal $190 million from Nomad Token Bridge, and more.
Buckle up for Black Hat 2022: Sessions your security team should not miss
Black Hat is set to return next week with two years of pent up cybersecurity research and discoveries. Here are the talks you don't want to miss.