Typosquatting campaign delivers r77 rootkit via npm
ReversingLabs discovered that one “s” was all that separated a legit npm package from a malicious twin that delivered the r77 rootkit — and was downloaded more than 700 times.
Typosquatting campaign delivers r77 rootkit via npm
ReversingLabs A1000 Threat Analysis and Hunting Solution Update Drives SecOps Forward
Version 8.3 of RL's A1000 Malware Analysis Platform delivers better visuals, search, and an improved cloud sandbox. Here are all of the updates.
NIST supply chain security guidance for CI/CD environments: What you need to know
NIST's new guidelines are welcome, but some organizations may find it challenging to put them into practice.
NIST supply chain security guidance for CI/CD environments: What you need to know
NIST's new guidelines are welcome, but some organizations may find it challenging to put them into practice.
BlackCat (ALPHV): What we know about the MGM hack
Ransomware-as-a-service gang ALPHV (a.k.a. BlackCat) carried out a sophisticated attack on the hotel and casino company MGM. Here’s what the ReversingLabs threat team understands.
With growing threats to Apple devices, Kandji ramps up
Kandji Director of Threat Intelligence Devin Byrd talks about the growing enterprise threats to macOS and iOS endpoints.
EPSS vs. CVSS: Exploit prediction could move the needle on software risk
Will the Exploit Prediction Scoring System improve application security now — and software supply chain security in the future? Here's what you need to know.
The art of security chaos engineering
What if dev and app sec teams showed the same ingenuity, nimbleness and ruthless efficiency as cybercriminals? Fastly's Kelly Shortridge explains why that's essential to resilience.
IoT and the supply chain: The road to securing devices
In this episode of ConversingLabs, recorded on the sidelines of Black Hat in Las Vegas, NetRise CEO Thomas Pace talks about supply chain threats to the Internet of Things (IoT).
SANS DevSecOps report: 5 key takeaways
"Shift left" is giving way to up-front software risk assessments, and companies are increasingly tapping external support for third-party compliance. Learn more from application security peers.
20 application security pros you should follow
These leading app sec experts provide a steady flow of security knowledge to keep you up to speed.
Lemons and liability: How security warranties could tame the software market
In this ConversingLabs, Daniel Woods shares insights from his research on software warranties and discusses how shifting liability to producers could define the market.
Threat research roundup: Lessons learned from recent PyPI and npm supply chain attacks
RL threat researchers have discovered multiple malicious campaigns on open source repositories. Join the webinar to discuss key takeaways for app sec teams.
VMConnect supply chain attack continues, evidence points to North Korea
ReversingLabs researchers discovered more packages that are part of the previously identified VMConnect campaign, as well as evidence linking the campaign to North Korea's Lazarus Group.
10 Hacker Summer Camp speakers to follow year-round
Knowledge sharing with cybersecurity experts doesn't have to stop after Hacker Summer Camp wraps up. Follow these top speakers throughout the year.