The ReversingLabs Threat Research team regularly digs deep into open source — as well as proprietary and commercial software — to identify new threats and attacks. Join the discussion and hear about the team's recent findings.
RL Threat Researchers Lucija Valentić, Karlo Zanki and Petar Kirhmajer will join host Paul Roberts to discuss their research, including:
✓ The discovery of two extensions on Microsoft’s VS Code Marketplace that are designed to steal sensitive information - part of a pattern of VS Code threats
✓ SqzrFramework480 a suspicious NuGet package that appears to target developers working with technology made by a China-based firm that does industrial- and digital equipment manufacturing
✓ The discovery of a malicious wiper on the Python Package Index that appears to belong to a penetration testing/red team security firm - evidence of growing “noise” on open software repositories as threats and attacks - and attention to supply chain risks - grows.
✓ The case of xz-utils, the widely used open source compression library that was found to have been compromised by a malicious actor that had gained the trust of xz’s author and longtime maintainer.
- Watch Now!