Collaborate Disseminate
Sophos released a research that details code similarities in the general purpose Dridex botnet and the little-known ransomware, Entropy. The similarities are in the software packer used to conceal the ransomware code, in the malware subroutines designe… Continue reading Attackers used Dridex to deliver Entropy ransomware, code resemblance uncovered
ActiveState announced the results of its survey, providing insights into the security challenges of the software industry’s open source supply chain, which includes the security of open source components, as well as the security and integrity of … Continue reading Software supply chain security still a pain point
The White House has recently issued alerts noting that many manufacturers suffer from disrupted supply chains, and rebuilding supply chains is a major priority. Some analysts are suggesting that many months, and perhaps years are likely to transpire be… Continue reading Supply chain shortages create a cybersecurity nightmare
One of the biggest changes to the cybersecurity landscape is that developers are now often expected to implement security directly into the applications they’re building as part of the automated development lifecycle, rather than relying on security or… Continue reading Low code applications are essential for cybersecurity development in applications
Code review remains the biggest influence on improving code quality with unit testing a distant second, a SmartBear survey reveals. With development teams getting larger and remaining remote, a tool-based code review process offers the best advantage, … Continue reading Code review: How satisfied are development teams?
Open source has transformed the software world, tremendously reducing the cost of introducing new technology by enabling broad reuse across products and industries. However, organizations pulling their code from open source will often find themselves i… Continue reading Open-source code: How to stay secure while moving fast
Open source has transformed the software world, tremendously reducing the cost of introducing new technology by enabling broad reuse across products and industries. However, organizations pulling their code from open source will often find themselves i… Continue reading Open-source code: How to stay secure while moving fast
Software supply chain attacks grew by more than 300% in 2021 compared to 2020, according to a study by Argon Security. According to the study, researchers discovered attackers focused most heavily on open source vulnerabilities and poisoning, code inte… Continue reading Software supply chain attacks jumped over 300% in 2021
ESET researchers took an in-depth look into the abuse of vulnerable kernel drivers. Vulnerabilities in signed drivers are mostly utilized by game cheat developers to circumvent anti-cheat mechanisms, but they have also been observed being used by sever… Continue reading Delivering vulnerable signed kernel drivers remains popular among attackers
I published the following diary on isc.sans.edu: “Code Reuse In the Malware Landscape“: Code re-use is classic behavior for many developers and this looks legit: Why reinvent the wheel if you can find some pieces of code that do what you are trying to achieve? If you publish a nice
The post [SANS ISC] Code Reuse In the Malware Landscape appeared first on /dev/random.
Continue reading [SANS ISC] Code Reuse In the Malware Landscape