Attackers have added aggressive social engineering to their arsenal, along with a novel Windows-manipulating persistence mechanism that demands developer vigilance.
Learn More about Dark Reading: Evolving npm package campaign targets Roblox devs, for years
Your organization runs on commercial software far more than it does open source.
Learn More about Cyber Ranch: What Is In Your Commercial Software? with Sasa Zdjelar
To detect all kinds of software supply chain attacks, software-producing and consuming organizations need to have access to a collection of mature malware intelligence, in addition to complex binary analysis and reproducible builds.
Learn More about Network Computing: How low can you go? The barrier to successful supply chain attacks is dropping
President Biden’s call for the mainstreaming of Software Bill of Materials (SBOMs) is a major step forward.
Learn More about The Last Watchdog: Black Hat Fireside Chat: Why grasping the context of code is a recipe for keeping software secure
GenAI is very much in the mix as a potent X-factor in cybersecurity.
Learn More about The Last Watchdog: MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency
Supply chain security is rapidly emerging as a material risk for enterprise software buyers.
Learn More about SecurityInfoWatch: Can you trust commercial software? Tackling third-party software risk
Guest Tomislav Pericin, Founder and Chief Software Architect of ReversingLabs, joins to discuss their "Free Resource to Conduct Risk Assessments on Open-Source Software."
Learn More about CyberWire Daily Podcast: SSM on-prem flaw is a 10/10 disaster
Nearly 60 new malicious packages have been uploaded to the NuGet package manager to deploy the SeroXen RAT in a supply chain attack that has been underway since last August, The Hacker News reports.
Learn More about SC Magazine: Ongoing NuGet supply chain attack involves dozens new malicious packages
Tomislav Pericin, chief software architect for ReversingLabs, explains how a website the company set up, which keeps track of how secure open source software packages are, will improve application security.
Learn More about TechStrong TV: Open-Source Software Tracking with ReversingLabs’ Tomislav Pericin
An SC Media analysis of current challenges, threats and solutions — that of course include AI — paints a hopeful but challenging picture for the state of AppSec.
Learn More about SC Magazine: The State of AppSec in 2024: Expanded use, expanded attack surface
Malware-laced libraries add a new dimension to defending the software supply chain.
Learn More about CSO: Third-party software supply chain threats continue to plague CISOs
ReversingLabs’ Director of Product Management Charlie Jones explains how the attack surface within today’s software supply chains has grown exponentially.
Learn More about A Final Exam for Software Supply Chain Protection
The Common Vulnerabilities and Exposures (CVE) List and the consequent National Vulnerability Database (NVD) can no longer be considered a single central source of vulnerability truth.
Learn More about SecurityWeek: VulnerabilitiesCVE and NVD – A Weak and Fractured Source of Vulnerability Truth
Threat hunters have identified a suspicious package in the NuGet package manager that's likely designed to target developers working with tools made by a Chinese firm that specializes in industrial- and digital equipment manufacturing.
Learn More about The Hacker News: Sketchy NuGet Package Likely Linked to Industrial Espionage Targets Developers-1400x732.webp&w=3840&q=75)
A suspicious NuGet package likely targets developers working with technology from Chinese firm Bozhon.
Learn More about SecurityWeek: Suspicious NuGet Package Harvesting Information From Industrial Systems