Blog | ReversingLabs | Carolynn van Arsdale (5)

April 24, 2023

What traditional app sec tools miss: The monsters in your software supply chain

Matt Rose will present at RSAC 2023 on the mismatch between traditional app sec tools like SCA and modern supply chain threats. Here are key highlights.

April 20, 2023

The Week in Security: 3CX attack caused by earlier supply chain hack, malware in Google Play

This week: One software supply chain attack caused another, making it a first for the industry. Also: Malware spreads via apps in the Google Play Store.

April 19, 2023

Secrets security: The why, the how – and what to do about it

Secrets are increasingly exposed in code, creating a field-day for malicious actors. Here are key takeaways from our Secrets Exposed special report.

April 19, 2023

What’s hot at RSA Conference 2023: 8 must-see software supply chain security talks

Software supply chain security is taking center-stage at RSAC 2023. Here are the talks you don't want to miss.

April 13, 2023

The Week in Security: 3CX attackers identified as North Korean, CISA pushes Secure by Design

The attackers behind the 3CX software supply chain attack have been identified as North Korean. Also: CISA aims to shift the cybersecurity burden to tech.

April 10, 2023

What went wrong with the 3CX software supply chain attack — and how it could have been prevented

Expert breaks down the 3CX software supply chain incident, and explains how app sec tools are evolving to detect and prevent such attacks.

April 6, 2023

The Week in Security: Social engineering-attacks up with the rise of AI tools, Genesis Market seized

This week: Research connects the rise of AI tools and an increase in social engineering attacks. Also: A stolen credentials site is seized by the FBI.

March 30, 2023

The Week in Security: Twitter gets subpoena for source code leak, 3CX supply chain attack surfaces

This week: GitHub is issued a subpoena by Twitter over leaked source code. Also: 3CX software supply chain attack leaves millions at risk.

March 23, 2023

The Week in Security: NuGet hit by typosquatting, fake ChatGPT plug-in hijacks Facebook accounts

This week: NuGet is hit with a malicious typosquatting campaign. Also: A malicious ChatGPT Chrome extension is hijacking Facebook accounts.

March 16, 2023

The Week in Security: YoroTrooper steals credentials in Europe, AI-created videos spread malware

A Russian-speaking threat actor has breached several European organizations. Also: AI-created videos on YouTube are spreading infostealer malware.

March 9, 2023

The Week in Security: Lazarus attacks same South Korean entity twice, use of hard-coded secrets is up

North Korean-linked hacking group Lazarus attacked the same South Korean financial entity twice in 2022. Also: The number of hard-coded secrets is way up.

March 2, 2023

The Week in Security: LastPass shares disturbing breach details, CISA calls for software maker liability

New details expose that the recent hack on LastPass was worse than previously thought. Also: CISA has called for for software makers who develop insecure software to be held liable.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

What traditional app sec tools miss: The monsters in your software supply chain

The Week in Security: 3CX attack caused by earlier supply chain hack, malware in Google Play

Secrets security: The why, the how – and what to do about it

What’s hot at RSA Conference 2023: 8 must-see software supply chain security talks

The Week in Security: 3CX attackers identified as North Korean, CISA pushes Secure by Design

What went wrong with the 3CX software supply chain attack — and how it could have been prevented

The Week in Security: Social engineering-attacks up with the rise of AI tools, Genesis Market seized

The Week in Security: Twitter gets subpoena for source code leak, 3CX supply chain attack surfaces

The Week in Security: NuGet hit by typosquatting, fake ChatGPT plug-in hijacks Facebook accounts

The Week in Security: YoroTrooper steals credentials in Europe, AI-created videos spread malware

The Week in Security: Lazarus attacks same South Korean entity twice, use of hard-coded secrets is up

The Week in Security: LastPass shares disturbing breach details, CISA calls for software maker liability

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Topics

Follow us

Subscribe

Special Reports