To detect all kinds of software supply chain attacks, software-producing and consuming organizations need to have access to a collection of mature malware intelligence, in addition to complex binary analysis and reproducible builds.
Read More about Network Computing: How low can you go? The barrier to successful supply chain attacks is dropping
President Biden’s call for the mainstreaming of Software Bill of Materials (SBOMs) is a major step forward.
Read More about The Last Watchdog: Black Hat Fireside Chat: Why grasping the context of code is a recipe for keeping software secure
GenAI is very much in the mix as a potent X-factor in cybersecurity.
Read More about The Last Watchdog: MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency
Supply chain security is rapidly emerging as a material risk for enterprise software buyers.
Read More about SecurityInfoWatch: Can you trust commercial software? Tackling third-party software risk
Guest Tomislav Pericin, Founder and Chief Software Architect of ReversingLabs, joins to discuss their "Free Resource to Conduct Risk Assessments on Open-Source Software."
Read More about CyberWire Daily Podcast: SSM on-prem flaw is a 10/10 disaster
Nearly 60 new malicious packages have been uploaded to the NuGet package manager to deploy the SeroXen RAT in a supply chain attack that has been underway since last August, The Hacker News reports.
Read More about SC Magazine: Ongoing NuGet supply chain attack involves dozens new malicious packages
Tomislav Pericin, chief software architect for ReversingLabs, explains how a website the company set up, which keeps track of how secure open source software packages are, will improve application security.
Read More about TechStrong TV: Open-Source Software Tracking with ReversingLabs’ Tomislav Pericin
An SC Media analysis of current challenges, threats and solutions — that of course include AI — paints a hopeful but challenging picture for the state of AppSec.
Read More about SC Magazine: The State of AppSec in 2024: Expanded use, expanded attack surface
Malware-laced libraries add a new dimension to defending the software supply chain.
Read More about CSO: Third-party software supply chain threats continue to plague CISOs
The majority opinion is that a cybersecurity professional body is long overdue and would benefit cybersecurity and cybersecurity practitioners.
Read More about SecurityWeek: Should cybersecurity leadership finally be professionalized?
ReversingLabs’ Director of Product Management Charlie Jones explains how the attack surface within today’s software supply chains has grown exponentially.
Read More about A Final Exam for Software Supply Chain Protection
The Common Vulnerabilities and Exposures (CVE) List and the consequent National Vulnerability Database (NVD) can no longer be considered a single central source of vulnerability truth.
Read More about SecurityWeek: VulnerabilitiesCVE and NVD – A Weak and Fractured Source of Vulnerability Truth
Threat hunters have identified a suspicious package in the NuGet package manager that's likely designed to target developers working with tools made by a Chinese firm that specializes in industrial- and digital equipment manufacturing.
Read More about The Hacker News: Sketchy NuGet Package Likely Linked to Industrial Espionage Targets Developers-1400x732.webp&w=3840&q=75)
A suspicious NuGet package likely targets developers working with technology from Chinese firm Bozhon.
Read More about SecurityWeek: Suspicious NuGet Package Harvesting Information From Industrial Systems
The software supply chain attack campaign has been codenamed BIPClip by ReversingLabs. The packages were collectively downloaded 7,451 times prior to them being removed from PyPI.
Read More about The Hacker News - Watch Out: These PyPI Python Packages Can Drain Your Crypto Wallets