Fallout from another supply chain attack involving malicious npm modules. Also: Microsoft backtracks on a pledge to disable Office macros.
Read More about The Week in Cybersecurity: NPM removes malicious modules, Microsoft backtracks on macros
ReversingLabs researchers have uncovered a widespread campaign to install malicious npm modules that are harvesting sensitive data from forms embedded in mobile apps and websites.
Read More about Update: IconBurst npm software supply chain attack grabs data from apps and websites
International relations intersects with cybersecurity, learn how to leverage YARA rules, plus new developments on AstraLocker 2.0.
Read More about The Week in Cybersecurity: NATO creates cyber rapid response
SBOM Facts: Know what's in your software to fend off supply chain attacks
Read More about SBOM Facts: Know what's in your software to fend off supply chain attacks
ReversingLabs recently discovered instances of the AstraLocker 2.0 malware distributed directly from Microsoft Word files used in phishing attacks.
Read More about Smash-and-grab: AstraLocker 2.0 pushes ransomware direct from Office docs
Austrian group KNOTWEED spreads malware via Microsoft products, new malware-infested apps pop up in the Google Play store, and mo
Read More about The Week in Cybersecurity: Austrian hackers-for-hire KNOTWEED serve up Subzero malware
The RSA Conference brings some of the brightest minds in information security together in one place.
Read More about ConversingLabs highlights: RSA Conference spotlights software supply chain, critical infrastructure risk
Read More about How to build trust in a zero-trust environment: Security leaders share insights
Omer Gil and Daniel Krivelevich outlined the top CI/CD security risks at RSA Conference 2022. Here's what your software security team needs to know.
Read More about 5 CI/CD breaches analyzed: Why you need to update your software security
A survey of more than 300 technology professionals found widespread concern about supply chain attacks, but only sporadic efforts to detect such attacks.
Read More about Survey finds software supply chain security top of mind for dev teams — but tampering detection lags
ReversingLabs delivered a game-show style review of its survey on software supply chain security at RSA Conference. Here are the questions and answers.
Read More about Taking the quiz: Are you up to speed on supply chain risk?
MITRE’s System of Trust framework is aiming to standardize how software supply chain security is assessed. MITRE's Robert Martin explains.
Read More about MITRE’s System of Trust: A standard for software supply chain security
It's two years in, and COVID is still threatening to steal RSA Conference's mojo. But for those willing to brave Moscone in San Francisco (and those attending virtually), you won’t be disappointed. Here are our picks for must-see talks.
Read More about What’s hot at #RSAC? Our picks for the big security show
The growing number of software supply chain attacks is putting pressure on validation of software integrity and authenticity.
Read More about Go below the surface on tampering: The trouble with software integrity validation
Python packages can contain sensitive information. Here's how software development teams can keep secrets secret
Read More about It’s not a secret if you publish it on PyPI