Researchers at ReversingLabs said they discovered two npm open source packages that contained malicious code linked to open source malware known as TurkoRat.
supply chain
Report: Digital Supply Chain Breaches Impact 98% of Organizations
Results from a survey of 2,000 enterprises found an increasing supply chain risk, with 98% of respondents reported having been “negatively impacted” by a breach in their supply chain
Supply Chain Hackers LofyGang Behind Hundreds of Malicious Packages
Researchers at Checkmarx say that a cybercriminal group, LofyGang, has targeted the open-source supply chain with hundreds of malicious packages to steal credit card information, stream accounts, and promote hacking tools.
Episode 232: Log4j Won’t Go Away (And What To Do About It.)
In this episode of the podcast (#232), Tomislav Peričin of the firm ReversingLabs joins us to talk about Log4Shell, the vulnerability in the ubiquitous Log4j Apache library. Tomislav tells us why issues related to Log4j won’t be going away anytime soon and how organizations must adapt to deal with the risk it poses.
Spotlight: How Secrets Sprawl Undermines Software Supply Chain Security
Mackenzie Jackson, the Developer Advocate at GitGuardian joins Paul to discuss how “secrets sprawl” on sites like GitHub threatens software supply chains.
