How abuse.ch evolved into an essential threat hunting platform

GwisinLocker ransomware targets South Korean industrial and pharma firms

...

Threat analysis: Follina exploit fuels 'live-off-the-land' attacks

An analysis of three in-the-wild payloads delivered using the recently discovered Follina exploit shows how attackers can use it to achieve persistent access in victim environments and turbo-charge efforts to ‘live off the land’ and avoid detection by security monitoring tools.

CISA: Log4j threat will linger for years—so be prepared

A survey of the post-Log4j landscape found few successful hacks linked to it. The bad news? Log4Shell will linger for years — so you need to prepare.

The Week in Cybersecurity: Chips hit by 'Retbleed', journalists the chosen target of APTs

A new attack known as ‘Retbleed’ impacts microprocessors, journalists are becoming desirable targets for cybercriminals, and more.

Update: IconBurst npm software supply chain attack grabs data from apps and websites

ReversingLabs researchers have uncovered a widespread campaign to install malicious npm modules that are harvesting sensitive data from forms embedded in mobile apps and websites.

Smash-and-grab: AstraLocker 2.0 pushes ransomware direct from Office docs

ReversingLabs recently discovered instances of the AstraLocker 2.0 malware distributed directly from Microsoft Word files used in phishing attacks.

Go below the surface on tampering: The trouble with software integrity validation

The growing number of software supply chain attacks is putting pressure on validation of software integrity and authenticity.

It’s not a secret if you publish it on PyPI

Python packages can contain sensitive information. Here's how software development teams can keep secrets secret

Coinminer and npm: What you see is not always what you get

Package repository content can be different from source code repository content. Here's what your software team needs to know.

From the Labs: YARA Rule for Detecting Malware Wipers

ReversingLabs’ team of threat analysts have released new YARA detection rules for malware wipers discovered targeting Ukraine. We break them down for you here.

Update: NPM dependency confusion hacks target German firms

Research by ReversingLabs suggests that dependency confusion attacks on npm repositories have been used to compromise German firms - exposing an apparent red team exercise.

Emotet's back. Here's how to keep from getting hacked

The Emotet malware is back just months after a highly publicized take-down. Dragan Damjanovic of KPMG and Dado Horvat, a Senior Threat Analyst at ReversingLabs, talk about how to keep your organization safe.

Conti pivots as ransomware as a service struggles

The resurgence of the Conti ransomware group in the face of leaks and takedowns is worth paying attention to -and a signal of trouble ahead for enterprises

Wiper malware targeting Ukraine: Evidence of planning, and haste

Ukrainian organizations have been targeted by hundreds of attacks in recent weeks, including two new examples of destructive wiper malware. We take a closer look at HermeticWiper and IsaacWiper.