Blog | ReversingLabs (28)

June 29, 2023

The Week in Security: Third-party compromise lands pilot data from American, Southwest airlines

This week: The hack of systems used by a third-party recruiting vendor exposed pilot recruit data from both American Airlines and Southwest Airlines. Also: a Trojanized Super Mario installer is targeting gamer data.

June 27, 2023

Hackers breached UPS data for SMS phish spree

It’s a dog-eat-dog world ... Bug allows bad actor to manipulate URLs and extract data. Note to devs: Avoid consecutive object references and add entropy.

June 26, 2023

5 reasons why cyber attackers love software developers

Hackers are having a field day targeting developers with supply chain attacks, which open doors to other compromises. Here's why — and what to do about it.

June 22, 2023

The Week in Security: BlackCat threatens to leak Reddit data, attackers target npm packages (again)

This week: BlackCat hackers threaten to leak Reddit’s data. Also: Hijacked S3 buckets are being used in attacks on npm packages.

June 21, 2023

MITRE’s System of Trust: A discussion about standardizing software supply chain risk

Robert Martin of MITRE and Cassie Crossley of Schneider Electric discuss how MITRE’s System of Trust helps operationalize software supply chain security.

June 21, 2023

Passkeys standard: Time to add it to your dev plans?

Forward-thinking DevOps shops are doing it already. Isn’t it time your team got on board?

June 20, 2023

OWASP Top 10 for LLM Applications: Can AI risk be tamed?

OWASP is expanding its Top 10 series with a list of Large Language Model (LLM) vulnerabilities. Here's what application security teams need to know.

June 20, 2023

How to Investigate Security Incidents with Threat Intelligence in Microsoft Sentinel

Here's a guide to using a threat intelligence module in Microsoft Sentinel, with a demonstration of its application in a typical SOC investigation scenario.

June 16, 2023

From the Labs: YARA Rule for Detecting HermeticRansom

The ReversingLabs YARA detection rule for HermeticRansom can help you find this ransomware in your environment.

June 15, 2023

CISA SBOM-a-rama tackles challenges: 5 key takeaways

The challenges — and also the promise — of software bills of materials were on display Wednesday as CISA hosted SBOM-a-rama. Here are five key takeaways.

June 15, 2023

The Week in Security: Ukraine APT attacks tied to Russia, critical eye placed on AI-generated software

This week: Microsoft finds APT group attacking Ukraine is in cahoots with the Russian government. Also: A critical look at AI-generated software.

June 14, 2023

How to trust open source software: A conversation with OpenSSF's Naveen Srinivasan

In this ConversingLabs Cafe interview, Naveen Srinivasan, a maintainer of the OpenSSF Security Scorecard, talks about evaluating software dependency risk.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Industry

Partners

Alliances

Resources

Company

Events

Press

The Week in Security: Third-party compromise lands pilot data from American, Southwest airlines

Hackers breached UPS data for SMS phish spree

5 reasons why cyber attackers love software developers

The Week in Security: BlackCat threatens to leak Reddit data, attackers target npm packages (again)

MITRE’s System of Trust: A discussion about standardizing software supply chain risk

Passkeys standard: Time to add it to your dev plans?

OWASP Top 10 for LLM Applications: Can AI risk be tamed?

How to Investigate Security Incidents with Threat Intelligence in Microsoft Sentinel

From the Labs: YARA Rule for Detecting HermeticRansom

CISA SBOM-a-rama tackles challenges: 5 key takeaways

The Week in Security: Ukraine APT attacks tied to Russia, critical eye placed on AI-generated software

How to trust open source software: A conversation with OpenSSF's Naveen Srinivasan

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Topics

Follow us

Subscribe

Special Reports