MITRE’s System of Trust: A standard for software supply chain security
MITRE’s System of Trust framework is aiming to standardize how software supply chain security is assessed. MITRE's Robert Martin explains.
MITRE’s System of Trust: A standard for software supply chain security
What’s hot at #RSAC? Our picks for the big security show
It's two years in, and COVID is still threatening to steal RSA Conference's mojo. But for those willing to brave Moscone in San Francisco (and those attending virtually), you won’t be disappointed. Here are our picks for must-see talks.
Go below the surface on tampering: The trouble with software integrity validation
The growing number of software supply chain attacks is putting pressure on validation of software integrity and authenticity.
It’s not a secret if you publish it on PyPI
Python packages can contain sensitive information. Here's how software development teams can keep secrets secret
Coinminer and npm: What you see is not always what you get
Package repository content can be different from source code repository content. Here's what your software team needs to know.
Software supply chain risk demands our attention
Software supply chain attacks are a top concern. But tools for monitoring and stopping them lags. Meet ReversingLabs' new platform: secure.software.
Pandemic paradigm shift: CISOs say remote workforce a game-changer, leading to burnout
Chief Information Security Officers from energy, finance, and retail sectors reflect on new security challenges–and CISO burnout.
From the Labs: YARA Rule for Detecting Malware Wipers
ReversingLabs’ team of threat analysts have released new YARA detection rules for malware wipers discovered targeting Ukraine. We break them down for you here.
Happy anniversary? An assessment of the Cybersecurity EO one year on
One year ago today, the White House released an executive order regarding improving the nation’s cybersecurity (a.k.a. EO 14028). Here's where things stand.
Update: NPM dependency confusion hacks target German firms
Research by ReversingLabs suggests that dependency confusion attacks on npm repositories have been used to compromise German firms - exposing an apparent red team exercise.
Emotet's back. Here's how to keep from getting hacked
The Emotet malware is back just months after a highly publicized take-down. Dragan Damjanovic of KPMG and Dado Horvat, a Senior Threat Analyst at ReversingLabs, talk about how to keep your organization safe.
Conti pivots as ransomware as a service struggles
The resurgence of the Conti ransomware group in the face of leaks and takedowns is worth paying attention to -and a signal of trouble ahead for enterprises
Not all SBOMs Are the Same. Choose Wisely!
The importance of generating SBOM data for responding to newly reported vulnerabilities and software supply chain attacks only grows.
Interview: Tomislav Peričin Explains NIST’s New Secure Software Development Framework
The U.S. is raising the bar for secure software. Listen as ReversingLabs Chief Software Architect talks about what's in NIST's new Secure Software Development Framework guidance and software bills of material (SBOMs), and what they mean for your software development organization.
Wiper malware targeting Ukraine: Evidence of planning, and haste
Ukrainian organizations have been targeted by hundreds of attacks in recent weeks, including two new examples of destructive wiper malware. We take a closer look at HermeticWiper and IsaacWiper.