Operation Cronos and the LockBit takedown: What we know

Operation Cronos and the LockBit takedown: What we know

The United Kingdom’s National Crime Agency (NCA), in collaboration with the U.S., Canada and eight other international partners shared a major update this past Tuesday regarding Operation Cronos, the international disruption campaign created to take down the LockBit ransomware group. The government action successfully compromised LockBit’s “entire criminal enterprise” by ... Read More
A definitive guide: Federal software supply chain security initiatives

A definitive guide: Federal software supply chain security initiatives

Software supply chain security is now top-of-mind for software producers and consumers alike, given the dramatic increase in malicious packages (as noted in RL's The State of Software Supply Chain Security 2024 report), and steady growth in software supply chain attacks. And the private sector isn’t alone in taking notice ... Read More
The State of Software Supply Chain Security 2024: Key takeaways

The State of Software Supply Chain Security 2024: Key takeaways

Software supply chain attacks are now mainstream events — a change in tactics by cyber-attackers that you can measure in headlines, which in recent years have delivered news about attacks on popular software tools including MOVEIt, 3CX, and CircleCI.  ... Read More
Software supply chain security risks addressed in new Gartner® report

Software supply chain security risks addressed in new Gartner® report

Concern about protecting software supply chains has grown significantly over the past few years. Costly software supply chain attacks, including SolarWinds, 3CX, and Log4Shell, garnered headlines internationally and focused the attention of governments and the private sector on software supply chain risk.  ... Read More
Lemons and liability: Is security on its way to defining the software market?

Lemons and liability: Is security on its way to defining the software market?

Back in 1970, American economist and Nobel Prize winner George Akerlof published an article in The Quarterly Journal of Economics titled “The Market for ‘Lemons’: Quality Uncertainty and the Market Mechanism.” In it, Akerlof explains the policy changes that occur in response to a lemons market, in which the producer ... Read More
Threat research roundup: Lessons learned from recent PyPI and npm supply chain attacks

Threat research roundup: Lessons learned from recent PyPI and npm supply chain attacks

Security teams are well aware of the growing problem of software supply chain attacks, but it’s essential that organizations stay abreast of the various threats posed to software supply chains. One of the pain points that organizations need to learn more about and defend against is malicious campaigns found on ... Read More
The Week in Security: WinRAR exploit targets traders, malicious npm packages go after game devs

The Week in Security: WinRAR exploit targets traders, malicious npm packages go after game devs

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond. This week: Hackers are exploiting a zero-day to target crypto and stock traders. Also: ReversingLabs researchers ... Read More