Blog | ReversingLabs | AppSec & Supply Chain Security (14)

June 7, 2023

What's the difference between app sec and supply chain security? It's all in the hack

Field CISO Matt Rose explains in this week's ReversingGlass episode the difference between application security hacks and software supply chain hacks.

June 6, 2023

PyPI hackers code sneaky new tactic. Researchers caught 'em red handed

Compiled-code behavior analysis beats old-skool app sec tools.

June 1, 2023

When byte code bites: Who checks the contents of compiled Python files?

ReversingLabs researchers identified a PyPI attack using compiled Python code to evade detection — possibly the first PYC file direct-execution attack.

June 1, 2023

The state of app sec with Chris Romeo: The year of the application is near

ConversingLabs caught up with Chris Romeo of Kerr Ventures at RSA Conference 2023 to talk about the state of application security. Watch (or listen) — and learn.

May 30, 2023

Can AI-based software supply chain risk be tamed by NeMo Guardrails?

Here's a look at this first example of tools to manage the risk from generative AI — and analysis of the scope of that risk to the software supply chain.

May 24, 2023

Software supply chain security reality check: Practitioners reveal growing concern

In a recent survey, 300 practitioners were asked about the state of supply chain security. Here are takeaways from a webinar discussion about the survey.

May 23, 2023

PyPI paused as automated attack overwhelms admins

Python Package Index was flooded with malicious typo-squatting packages. Weekend warriors quit defense and hit the pause button.

May 23, 2023

Red teaming a country: Lessons learned from hacking India's government

John Jackson and his Sakura Samurai crew took India up on an invitation to test the security of government websites and apps. Here are the lessons learned.

May 22, 2023

Software supply chain security: Too costly to fail — and about to get costlier

Software supply chains attack costs could exceed $80.6B by 2026, a 76% increase over 2023 losses of $45.8B, research firm finds. Here's a full rundown.

May 18, 2023

RATs found hiding in the npm attic

ReversingLabs researchers discovered two malicious packages that contained TurkoRat, an infostealer that lurked on npm for months before being detected.