A Conversation with Chris Inglis and Anne Neuberger

National Cyber Director: Higher bar for software supply chain security is key to cyber resilience

Chris Inglis said the government is setting a new bar for supply chain security as the national cybersecurity focus shifts from incident response to cyber resilience ... Read More

Gaps in the NVD increase U.S. cyber threat

| | LabsCon, Threat Research
Discrepancies in reports to the national vulnerability databases (NVD) show the U.S. lags behind China, exposing U.S. firms to cyber attacks ... Read More
ConversingLabs - Bryson Bort of Scythe.io talks Colonial Pipeline: Lessons Learned

The pandemic turned out to be a boon for public-private cybersecurity cooperation

| | LabsCon, security operations
The shift to remote work punched holes in government networks. But it also fostered a transformation in public-private cooperation, one NSA official noted at LABScon.  ... Read More

ConversingLabs: Unpacking the Follina exploit

| | Threat Research
In our latest episode of the ConversingLabs podcast, host Paul Roberts interviews ReversingLabs researcher Joseph Edwards about his analysis of Follina, a newly discovered exploit with a pretty name, but nasty intentions.  ... Read More

U.S. Gov’s new software supply chain security guidelines: A roadmap is born

The new guidance codifies lessons from the SolarWinds hack, including for securing third-party code and development pipelines. Here are four key takeaways ... Read More

To secure your CI/CD pipelines, round up the usual suspects

A presentation at the Black Hat Briefings in Las Vegas dug into the “how” of CI/CD compromises. As it turns out, many of the culprits will be familiar to security teams ... Read More

Researchers demo AI bias, explain why ‘Copilot should remain a co-pilot’ for dev teams

| | Black Hat 2022
GitHub updated guidance on using its Copilot AI-powered code bot after researchers demonstrated at Black Hat that it often generates vulnerable code ... Read More

Software supply chain security takes center stage at Black Hat 2022

Black Hat is best known for hardware and traditional software exploits, but this year it showcases more software supply chain security issues—marking the shift in the threat landscape ... Read More

The Week in Cybersecurity: SolarWinds attackers tap Google Drive, malware spreads via Play Store apps

Welcome to the latest edition of The Week in Cybersecurity, which brings you the latest headlines from both the world and our team about the most pressing topics in cybersecurity. This week: Cozy Bear APT group is using Dropbox and Google drive to cover up attacks, malware is spreading via ... Read More