CISA: Log4j threat will linger for years—so be prepared
A survey of the post-Log4j landscape found few successful hacks linked to it. The bad news? Log4Shell will linger for years — so you need to prepare.
CISA: Log4j threat will linger for years—so be prepared
The Week in Cybersecurity: Chips hit by 'Retbleed', journalists the chosen target of APTs
A new attack known as ‘Retbleed’ impacts microprocessors, journalists are becoming desirable targets for cybercriminals, and more.
The Week in Cybersecurity: NPM removes malicious modules, Microsoft backtracks on macros
Fallout from another supply chain attack involving malicious npm modules. Also: Microsoft backtracks on a pledge to disable Office macros.
Update: IconBurst npm software supply chain attack grabs data from apps and websites
ReversingLabs researchers have uncovered a widespread campaign to install malicious npm modules that are harvesting sensitive data from forms embedded in mobile apps and websites.
The Week in Cybersecurity: NATO creates cyber rapid response
International relations intersects with cybersecurity, learn how to leverage YARA rules, plus new developments on AstraLocker 2.0.
SBOM Facts: Know what's in your software to fend off supply chain attacks
SBOM Facts: Know what's in your software to fend off supply chain attacks
Smash-and-grab: AstraLocker 2.0 pushes ransomware direct from Office docs
ReversingLabs recently discovered instances of the AstraLocker 2.0 malware distributed directly from Microsoft Word files used in phishing attacks.
The Week in Cybersecurity: Austrian hackers-for-hire KNOTWEED serve up Subzero malware
Austrian group KNOTWEED spreads malware via Microsoft products, new malware-infested apps pop up in the Google Play store, and mo
ConversingLabs highlights: RSA Conference spotlights software supply chain, critical infrastructure risk
The RSA Conference brings some of the brightest minds in information security together in one place.
How to build trust in a zero-trust environment: Security leaders share insights
5 CI/CD breaches analyzed: Why you need to update your software security
Omer Gil and Daniel Krivelevich outlined the top CI/CD security risks at RSA Conference 2022. Here's what your software security team needs to know.
Survey finds software supply chain security top of mind for dev teams — but tampering detection lags
A survey of more than 300 technology professionals found widespread concern about supply chain attacks, but only sporadic efforts to detect such attacks.
Taking the quiz: Are you up to speed on supply chain risk?
ReversingLabs delivered a game-show style review of its survey on software supply chain security at RSA Conference. Here are the questions and answers.
MITRE’s System of Trust: A standard for software supply chain security
MITRE’s System of Trust framework is aiming to standardize how software supply chain security is assessed. MITRE's Robert Martin explains.
What’s hot at #RSAC? Our picks for the big security show
It's two years in, and COVID is still threatening to steal RSA Conference's mojo. But for those willing to brave Moscone in San Francisco (and those attending virtually), you won’t be disappointed. Here are our picks for must-see talks.