Blog | ReversingLabs | Paul Roberts (4)

January 26, 2023

The Week in Security: After breach, 'unusual activity' detected in GoTo and LastPass dev environments

This week: GoTo says its 2022 breach was worse than reported, also affecting LastPass. Also: A hacktivist finds FBI No Fly list on an unsecured server.

January 11, 2023

After hack, CircleCI tells devs to update secrets now

In this latest attack on software development environments, the CircleCI platform may have exposed secrets used by millions of software developers.

January 11, 2023

Danger: Researchers exploit gaps in connected vehicle software supply chain

Researchers compromised source code and development infrastructure for Mercedes-Benz and SiriusXM Connected Vehicle Services, raising security concerns.

December 7, 2022

New supply chain mandates: Uncle Sam wants you (to secure your software)!

Here are the key elements of Executive Order 14028, and software supply chain security guidance from the Enduring Security Framework working group.

October 31, 2022

National Cyber Director: Higher bar for software supply chain security is key to cyber resilience

National Cyber Director Chris Inglis said the government is setting a new bar for supply chain security as the focus shifts from response to resilience.

October 20, 2022

SBOMs are coming for medical devices. Prof. Kevin Fu explains what to expect

The medical device sector is under pressure to improve software supply chain security, and software bills of materials (SBOMs) are front and center. ReversingLabs talks with Dr. Kevin Fu of the Archimedes Center at University of Michigan about what to expect.

September 26, 2022

Gaps in the NVD increase U.S. cyber threat

Discrepancies in national vulnerability database reports show the U.S. lags behind China, possibly exposing U.S. firms to cyber attacks, Sophos finds.

September 23, 2022

The pandemic turned out to be a boon for public-private cybersecurity cooperation

The shift to remote work punched holes in government networks. But it also fostered a transformation in public-private cooperation, one NSA official noted at LabsCon.

September 8, 2022

ConversingLabs: Unpacking the Follina exploit

In this ConversingLabs podcast, Paul Roberts interviews ReversingLabs researcher Joseph Edwards about his analysis of Follina, a newly discovered exploit.

September 7, 2022

Enduring Security Framework's software supply chain guidelines: A roadmap for the post-SolarWinds world

The new guidance codifies lessons from the SolarWinds hack, including for securing third-party code and development pipelines. Here are four key takeaways.

August 22, 2022

To secure your CI/CD pipelines, round up the usual suspects

Exploring the “how” of CI/CD compromises, researchers show many of the culprits will be familiar to security teams.

August 12, 2022

Researchers demo flaws in GitHub Copilot AI generated code and warn of AI bias

GitHub updated guidance on using its Copilot AI-powered code bot after researchers showed at Black Hat that it often generates vulnerable code.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

The Week in Security: After breach, 'unusual activity' detected in GoTo and LastPass dev environments

After hack, CircleCI tells devs to update secrets now

Danger: Researchers exploit gaps in connected vehicle software supply chain

New supply chain mandates: Uncle Sam wants you (to secure your software)!

National Cyber Director: Higher bar for software supply chain security is key to cyber resilience

SBOMs are coming for medical devices. Prof. Kevin Fu explains what to expect

Gaps in the NVD increase U.S. cyber threat

The pandemic turned out to be a boon for public-private cybersecurity cooperation

ConversingLabs: Unpacking the Follina exploit

Enduring Security Framework's software supply chain guidelines: A roadmap for the post-SolarWinds world

To secure your CI/CD pipelines, round up the usual suspects

Researchers demo flaws in GitHub Copilot AI generated code and warn of AI bias

Topics

Special Reports

The State of Software Supply Chain Security

Upcoming Webinars

ConversingLabs

Topics

Follow us

Subscribe

Special Reports