Blog | ReversingLabs | AppSec & Supply Chain Security (17)

April 19, 2023

Secrets Exposed: The why, the how – and what to do about – secrets security

Secrets are increasingly exposed in code, creating a field-day for malicious actors. Here are key takeaways from our Secrets Exposed special report.

April 19, 2023

What’s hot at RSA Conference 2023: 8 must-see software supply chain security talks

Software supply chain security is taking center-stage at RSAC 2023. Here are the talks you don't want to miss.

April 13, 2023

The Week in Security: 3CX attackers identified as North Korean, CISA pushes Secure by Design

The attackers behind the 3CX software supply chain attack have been identified as North Korean. Also: CISA aims to shift the cybersecurity burden to tech.

April 11, 2023

Why 'shift left' is now a dirty term in some security circles

Here's why some security practitioners question the term "shift left" — and what they think application security teams should focus on instead.

April 10, 2023

What went wrong with the 3CX software supply chain attack — and how it could have been prevented

Expert breaks down the 3CX software supply chain incident, and explains how app sec tools are evolving to detect and prevent such attacks.

April 5, 2023

CISA Cybersecurity Performance Goals update: Key changes and additions

CISA has better aligned the CPGs with NIST's Cybersecurity Framework, and added software supply chain goals. Here's what to know — and key insights.

April 4, 2023

The 3CX breach was targeted — but the plan was broader

The compromise was limited to their app. But there's a bigger lesson: Supply chain security complacency comes with a cost.

April 4, 2023

Docker's BuildKit adds attestation: How it works and key limitations

Here's what you need to know about BuildKit, how to leverage its SBOM capabilities — and its limitations for comprehensive supply chain security.

March 30, 2023

Red flags flew over software supply chain-compromised 3CX update

The VOIP software vendor missed signs that its client software had been tampered with before it pushed the update to customers.

March 28, 2023

How bulk pull requests help scale open source bug fixes

Common flaws are duplicated all across the software supply chain. Here's how security researchers want to automate fixes.

March 27, 2023

VS Code hack shows how supply chain attacks can extend to other software development tools

The new Visual Studio Code IDE hack highlights the risk of spreading beyond the Extensions Marketplace. Here's how the threat can proliferate to npm.

March 23, 2023

The Week in Security: NuGet hit by typosquatting, fake ChatGPT plug-in hijacks Facebook accounts

This week: NuGet is hit with a malicious typosquatting campaign. Also: A malicious ChatGPT Chrome extension is hijacking Facebook accounts.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

AppSec & Supply Chain Security (17)

Secrets Exposed: The why, the how – and what to do about – secrets security

What’s hot at RSA Conference 2023: 8 must-see software supply chain security talks

The Week in Security: 3CX attackers identified as North Korean, CISA pushes Secure by Design

Why 'shift left' is now a dirty term in some security circles

What went wrong with the 3CX software supply chain attack — and how it could have been prevented

CISA Cybersecurity Performance Goals update: Key changes and additions

The 3CX breach was targeted — but the plan was broader

Docker's BuildKit adds attestation: How it works and key limitations

Red flags flew over software supply chain-compromised 3CX update

How bulk pull requests help scale open source bug fixes

VS Code hack shows how supply chain attacks can extend to other software development tools

The Week in Security: NuGet hit by typosquatting, fake ChatGPT plug-in hijacks Facebook accounts

Topics

Special Reports

The State of Software Supply Chain Security

Upcoming Webinars

ConversingLabs

AppSec & Supply Chain Security (17)

Topics

Follow us

Subscribe

Special Reports