Blog | ReversingLabs (36)

September 23, 2022

Threat analysis: Malicious npm package mimics Material Tailwind CSS tool

ReversingLabs has discovered a malicious npm package disguised as the software tool Material Tailwind. Here's an in-depth look at our discovery — and threat analysis. (Updated with MachO executable information.)

September 22, 2022

The Week in Security: Is Lapsus$ back in action?

This week: The famous hacking group Lapsus$ appears to be back in action. Also: Russian cyber spies are targeting Ukraine by posing as internet providers.

September 22, 2022

Rust finds its mojo: Move forward to memory-safe code

It’s confirmed: The Linux kernel will have Rust support soon. Linus Torvalds and Mark Russinovich say the time is now if you want to memory-safe code.

September 19, 2022

WH memo calls for supply chain security, closer to mandating SBOMs

The new memorandum calls on firms selling software to the federal government to attest to its conformity with NIST security standards. Here's what you need to know.

September 16, 2022

Iran-backed APT actors utilize CVEs to carry out cyber attacks on critical infrastructure

An advisory co-authored by the U.S., U.K., Canada and Australia warns of an Iran-backed APT group utilizing known vulnerabilities to carry out attacks.

September 15, 2022

The Week in Cybersecurity: U.S. mandates federal agencies use secure third-party software tools

This week: A new OMB memo mandates federal use of secure third-party software tools. Plus: Twitter whistleblower Zatko details lacking security practices.

September 15, 2022

Why Twitter security sucks: Half of staff has PII access

Twitter’s former head of security, Peiter “Mudge” Zatko (pictured), has some damning things to say about the service’s DevOps security — or lack of it.

September 14, 2022

OpenSSF's npm best practices: A solid first step for supply chain security — but trust issues remain

Here's what you need to know about the new OpenSSF npm security best practices.

September 8, 2022

The Week in Cybersecurity: Vice Society ransomware group targets back-to-school

This week: Vice Society ransomware group targets America’s education sector, the U.S. government’s new position on software supply chain security, and more.

September 8, 2022

ConversingLabs: Unpacking the Follina exploit

In this ConversingLabs podcast, Paul Roberts interviews ReversingLabs researcher Joseph Edwards about his analysis of Follina, a newly discovered exploit.

September 7, 2022

Enduring Security Framework's software supply chain guidelines: A roadmap for the post-SolarWinds world

The new guidance codifies lessons from the SolarWinds hack, including for securing third-party code and development pipelines. Here are four key takeaways.

September 6, 2022

The SBOM is evolving: 4 key trends boosting software supply chain security

Software bills of materials will never be a panacea for software supply chain security. Here are key trends that will deliver some welcome evolution, however.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

Threat analysis: Malicious npm package mimics Material Tailwind CSS tool

The Week in Security: Is Lapsus$ back in action?

Rust finds its mojo: Move forward to memory-safe code

WH memo calls for supply chain security, closer to mandating SBOMs

Iran-backed APT actors utilize CVEs to carry out cyber attacks on critical infrastructure

The Week in Cybersecurity: U.S. mandates federal agencies use secure third-party software tools

Why Twitter security sucks: Half of staff has PII access

OpenSSF's npm best practices: A solid first step for supply chain security — but trust issues remain

The Week in Cybersecurity: Vice Society ransomware group targets back-to-school

ConversingLabs: Unpacking the Follina exploit

Enduring Security Framework's software supply chain guidelines: A roadmap for the post-SolarWinds world

The SBOM is evolving: 4 key trends boosting software supply chain security

Topics

Special Reports

The State of Software Supply Chain Security 2024

Upcoming Webinars

ConversingLabs

Topics

Follow us

Subscribe

Special Reports