Research by ReversingLabs suggests that dependency confusion attacks on npm repositories have been used to compromise German firms - exposing an apparent red team exercise.
Read More about Update: NPM dependency confusion hacks target German firms
The Emotet malware is back just months after a highly publicized take-down. Dragan Damjanovic of KPMG and Dado Horvat, a Senior Threat Analyst at ReversingLabs, talk about how to keep your organization safe.
Read More about Emotet's back. Here's how to keep from getting hacked
The resurgence of the Conti ransomware group in the face of leaks and takedowns is worth paying attention to -and a signal of trouble ahead for enterprises
Read More about Conti pivots as ransomware as a service struggles
Ukrainian organizations have been targeted by hundreds of attacks in recent weeks, including two new examples of destructive wiper malware. We take a closer look at HermeticWiper and IsaacWiper.
Read More about Wiper malware targeting Ukraine: Evidence of planning, and haste
ReversingLabs data shows that attachments that use decades-old scripting languages like XLM and VBA are often malicious. Still, Microsoft’s move to harden Excel and other Office apps may not move the security needle.
Read More about Microsoft disables Excel, Office macros by default. Will it matter?
Almost two weeks after Russian authorities claimed to have dismantled the REvil ransomware group with a string of arrests, evidence for a reduction in the availability of REvil implants has yet to appear.
Read More about After Russian arrests, REvil ransomware implants persist
Read More about Here’s what happened with Log4Shell while you were out
We came into 2021 well aware of the risks ransomware posed. Even that didn’t prepare us for what was to come, as ransomware gangs and nation states launched attacks on critical infrastructure with cyber-physical consequences
Read More about A look back at 2021: The year ransomware took the gloves off
Ransomware may have grabbed most of the headlines, but history will remember 2021 as the year that governments and companies finally woke up to the lurking threat posed by vulnerable software supply chains
Read More about A look back at 2021: The year supply chain threats went mainstream
This blog discusses the process used to find another NPM package that steals saved Chrome browser passwords.
Read More about Groundhog day: NPM package caught stealing browser passwords
Recognizing risks introduced by statically linked third-party libraries
Read More about Third-party code comes with some baggage
They say there’s no such thing as bad press, but getting name recognition for a data breach never feels good. Enter Codecov.
Read More about It only takes one line of code to ruin your day
Relying on legacy functionalities comes with inherent security risks
Read More about Spotting malicious Excel4 macros
One of the core tenets of computer science is code reuse.
Read More about Code Reuse Across Packers and DLL Loaders