Software Supply Chain Security (2)

August 22, 2023

Fake Roblox packages target npm with Luna Grabber info-stealing malware

ReversingLabs identified more than a dozen malicious packages targeting Roblox users on the npm public repository, recalling an attack from 2021.
August 21, 2023

Risk modeling initiative aims to expose the 'hiddenness of knowledge' in the supply chain

GUAC-ALYTICs will model risk across open source software supply chain interdependencies using a new algorithmic engine. Here's what you need to know.
August 17, 2023

The Week in Security: Researchers hack 'unbreakable' card-shuffling hardware, Discord.io shut after breach

This week: Ocean's 1337, anyone? After a popular card shuffling machine was declared secure and unbreakable, security researchers from IOActive decided to take a closer look. What they found may (not) surprise you! Also: a vulnerability could be behind a breach that spilled info on more than 700,000 Discord users.
August 16, 2023

CISA's Secure by Design: Too much, too soon?

Four months after the release of Secure by Design/Secure by Default, CISA's software security initiative is little more than an aspirational exercise.
August 15, 2023

6 things you may have missed at Hacker Summer Camp

Black Hat, DEF CON, and BSides (Hacker Summer Camp) is known for being information-overload for cybersecurity leaders and practitioners. Here are the sessions that stand out.
August 14, 2023

OWASP researcher: Supply chain attacks show organizations must shift beyond vulnerabilities

Researcher Jeremy Long says organizations need to shift from traditional app sec testing to tools that can remediate malicious threats.
August 10, 2023

The Week in Security: Cloudflare Tunnels abuse ramps up, U.K. voter data exposed

This week: Hackers are increasingly abusing Cloudflare Tunnels for nefarious purposes. Also: Britons' data exposed in an Electoral Commission cyberattack. 
August 8, 2023

Do you trust your software? Why verification matters

To manage risk, you need to trust your software — and that requires verification, provided by using modern tools and taking a holistic approach.
August 7, 2023

8 Black Hat sessions you don’t want to miss

Black Hat USA is a showcase for top security experts and companies. Here's our short list of must-see sessions for 2023.
August 3, 2023

VMConnect: Malicious PyPI packages imitate popular open source modules

ReversingLabs threat researchers have identified a new malicious PyPI campaign that includes a suspicious VMConnect package published to the PyPI repo.
August 3, 2023

ReversingLabs @ Hacker Summer Camp: See you there

Every summer, teams congregate in Las Vegas to talk about all things cybersecurity. ReversingLabs has a lot going on. Here’s what we're up to at BSides, Black Hat, and DEF CON. 
August 1, 2023

Rust programming language progress report: New threat modeling, tools bolster supply chain security

Here's why the Rust Foundation Security Initiative's audit and resulting new tooling matter for secure coding — and software supply chain security.

SUBSCRIBE

Get our blog delivered to your in-box weekly to stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

Apple Devices as a Growing Attack Vector Apple Devices as a Growing Attack Vector
Conversations About Threat Hunting and Software Supply Chain Security
ReversingGlass: EPSS 3.0 + CVSS: Why Prioritizing Software Risk is Key ReversingGlass: EPSS 3.0 + CVSS: Why Prioritizing Software Risk is Key
Glassboard conversations with ReversingLabs Field CISO Matt Rose