The Week in Security

June 1, 2023

The Week in Security: Barracuda email flaw left open for months, calls for AI governance turn existential

This week: Barracuda’s appliances had an undetected flaw, which was abused by hackers for months. Also: Could AI bring on an ‘extinction event?’
May 25, 2023

The Week in Security: Lazarus targets Microsoft servers in espionage campaign, the future of PyPI

This week: North Korean APT Lazarus uses Microsoft IIS servers to carry out espionage. Also: What’s the future of PyPI amidst continuing attacks?
May 18, 2023

The Week in Security: Capita AWS bucket exposes benefits data, Toyota leaks customer data on 2M

This week: An unsecured AWS bucket exposed English citizen’s data. Also: A data breach on Toyota leaked the data of more than 2 million customers.
May 11, 2023

The Week in Security: Coalition takes down Russia's Snake espionage tool, GitHub plugs API leaks

U.S. and other countries take down Russia’s Snake malware, used to conduct global espionage. Also: GitHub auto-blocks API key and token leaks for all repos.
May 4, 2023

The Week in Security: SolarWinds hack set off alarms for months before discovery

The DOJ detected the SolarWinds Orion breach six months prior to public disclosure. Also: anxiety, fear, depression - the life of a ransomware criminal.
April 27, 2023

The Week in Security: A possible Colonial Pipeline 2.0, ransomware takes bite out of American eateries

This week: Canadian gas pipeline explosion could have been caused by a cyber attack. Also: Financial services firm NCR hit with a ransomware attack.
April 20, 2023

The Week in Security: 3CX attack caused by earlier supply chain hack, malware in Google Play

This week: One software supply chain attack caused another, making it a first for the industry. Also: Malware spreads via apps in the Google Play Store.
April 13, 2023

The Week in Security: 3CX attackers identified as North Korean, CISA pushes Secure by Design

The attackers behind the 3CX software supply chain attack have been identified as North Korean. Also: CISA aims to shift the cybersecurity burden to tech.
April 6, 2023

The Week in Security: Social engineering-attacks up with the rise of AI tools, Genesis Market seized

This week: Research connects the rise of AI tools and an increase in social engineering attacks. Also: A stolen credentials site is seized by the FBI.
March 30, 2023

The Week in Security: Twitter gets subpoena for source code leak, 3CX supply chain attack surfaces

This week: GitHub is issued a subpoena by Twitter over leaked source code. Also: 3CX software supply chain attack leaves millions at risk.
March 23, 2023

The Week in Security: NuGet hit by typosquatting, fake ChatGPT plug-in hijacks Facebook accounts

This week: NuGet is hit with a malicious typosquatting campaign. Also: A malicious ChatGPT Chrome extension is hijacking Facebook accounts.
March 16, 2023

The Week in Security: YoroTrooper steals credentials in Europe, AI-created videos spread malware

A Russian-speaking threat actor has breached several European organizations. Also: AI-created videos on YouTube are spreading infostealer malware.

SUBSCRIBE

Get the Best of the ReversingLabs newsletter delivered to your in-box weekly to stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.

ConversingLabs Cafe: Chris Romeo on the state of application security ConversingLabs Cafe: Chris Romeo on the state of application security
Conversations About Threat Hunting and Software Supply Chain Security
Behaviors & Diffs: Better Together for Software Supply Chain Security Behaviors & Diffs: Better Together for Software Supply Chain Security
Glassboard conversations with ReversingLabs Field CISO Matt Rose
Software Package Deconstruction: Deconstructing UPS Ship Manager Software Package Deconstruction: Deconstructing UPS Ship Manager
Analyzing Risks To Your Software Supply Chain