Hacker News: Lazarus Group uses fake coding tests to spread malware
Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments.
Hacker News: Lazarus Group uses fake coding tests to spread malware
Bleeping Computer: Fake password manager coding test used to hack Python developers
Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware.
Dark Reading: Evolving npm package campaign targets Roblox devs, for years
Attackers have added aggressive social engineering to their arsenal, along with a novel Windows-manipulating persistence mechanism that demands developer vigilance.
Cyber Ranch: What Is In Your Commercial Software? with Sasa Zdjelar
Your organization runs on commercial software far more than it does open source.
Network Computing: How low can you go? The barrier to successful supply chain attacks is dropping
To detect all kinds of software supply chain attacks, software-producing and consuming organizations need to have access to a collection of mature malware intelligence, in addition to complex binary analysis and reproducible builds.
The Last Watchdog: Black Hat Fireside Chat: Why grasping the context of code is a recipe for keeping software secure
President Biden’s call for the mainstreaming of Software Bill of Materials (SBOMs) is a major step forward.
The Last Watchdog: MY TAKE: Black Hat USA 2024’s big takeaway – GenAI factors into the quest for digital resiliency
GenAI is very much in the mix as a potent X-factor in cybersecurity.
SecurityInfoWatch: Can you trust commercial software? Tackling third-party software risk
Supply chain security is rapidly emerging as a material risk for enterprise software buyers.
CyberWire Daily Podcast: SSM on-prem flaw is a 10/10 disaster
Guest Tomislav Pericin, Founder and Chief Software Architect of ReversingLabs, joins to discuss their "Free Resource to Conduct Risk Assessments on Open-Source Software."
SC Magazine: Ongoing NuGet supply chain attack involves dozens new malicious packages
Nearly 60 new malicious packages have been uploaded to the NuGet package manager to deploy the SeroXen RAT in a supply chain attack that has been underway since last August, The Hacker News reports.
TechStrong TV: Open-Source Software Tracking with ReversingLabs’ Tomislav Pericin
Tomislav Pericin, chief software architect for ReversingLabs, explains how a website the company set up, which keeps track of how secure open source software packages are, will improve application security.
SC Magazine: The State of AppSec in 2024: Expanded use, expanded attack surface
An SC Media analysis of current challenges, threats and solutions — that of course include AI — paints a hopeful but challenging picture for the state of AppSec.
CSO: Third-party software supply chain threats continue to plague CISOs
Malware-laced libraries add a new dimension to defending the software supply chain.
A Final Exam for Software Supply Chain Protection
ReversingLabs’ Director of Product Management Charlie Jones explains how the attack surface within today’s software supply chains has grown exponentially.
SecurityWeek: VulnerabilitiesCVE and NVD – A Weak and Fractured Source of Vulnerability Truth
The Common Vulnerabilities and Exposures (CVE) List and the consequent National Vulnerability Database (NVD) can no longer be considered a single central source of vulnerability truth.