Update: NPM dependency confusion hacks target German firms
Research by ReversingLabs suggests that dependency confusion attacks on npm repositories have been used to compromise German firms - exposing an apparent red team exercise.
Update: NPM dependency confusion hacks target German firms
Emotet's back. Here's how to keep from getting hacked
The Emotet malware is back just months after a highly publicized take-down. Dragan Damjanovic of KPMG and Dado Horvat, a Senior Threat Analyst at ReversingLabs, talk about how to keep your organization safe.
Conti pivots as ransomware as a service struggles
The resurgence of the Conti ransomware group in the face of leaks and takedowns is worth paying attention to -and a signal of trouble ahead for enterprises
Not all SBOMs Are the Same. Choose Wisely!
The importance of generating SBOM data for responding to newly reported vulnerabilities and software supply chain attacks only grows.
Interview: Tomislav Peričin Explains NIST’s New Secure Software Development Framework
The U.S. is raising the bar for secure software. Listen as ReversingLabs Chief Software Architect talks about what's in NIST's new Secure Software Development Framework guidance and software bills of material (SBOMs), and what they mean for your software development organization.
Wiper malware targeting Ukraine: Evidence of planning, and haste
Ukrainian organizations have been targeted by hundreds of attacks in recent weeks, including two new examples of destructive wiper malware. We take a closer look at HermeticWiper and IsaacWiper.
Ransomware Intelligence that Drives Operations
Early Stage Ransomware Intelligence is crucial to preventing ransomware attacks before they happen.
NIST raises the bar for federal software supply chain with call for SBOMs
The government’s standards body issued guidelines for secure development, asking firms selling to the government to implement a software bill of materials.
Microsoft disables Excel, Office macros by default. Will it matter?
ReversingLabs data shows that attachments that use decades-old scripting languages like XLM and VBA are often malicious. Still, Microsoft’s move to harden Excel and other Office apps may not move the security needle.
After Russian arrests, REvil ransomware implants persist
Almost two weeks after Russian authorities claimed to have dismantled the REvil ransomware group with a string of arrests, evidence for a reduction in the availability of REvil implants has yet to appear.
Here’s what happened with Log4Shell while you were out
A look back at 2021: The year ransomware took the gloves off
We came into 2021 well aware of the risks ransomware posed. Even that didn’t prepare us for what was to come, as ransomware gangs and nation states launched attacks on critical infrastructure with cyber-physical consequences
A look back at 2021: The year supply chain threats went mainstream
Ransomware may have grabbed most of the headlines, but history will remember 2021 as the year that governments and companies finally woke up to the lurking threat posed by vulnerable software supply chains
Log4j: Why your organization needs to embrace software bills of materials
This widespread vulnerability is an object lesson for why software development organizations and their customers should be using SBOMs.
Get smart: Leverage threat intel to detect ransomware
Operationalizing high fidelity threat intelligence can help your organization short circuit emerging ransomware attacks. Here’s how.