Log4j
Software supply chain security is broader than SolarWinds and Log4J
Here's a comprehensive look at some of the lesser-known, but no less serious, types of software supply chain attacks.
Iran-backed hackers breached a US federal agency that failed to patch year-old bug
The U.S. government’s cybersecurity agency says hackers backed by the Iranian government compromised a federal agency that failed to patch against Log4Shell, a vulnerability fixed almost a year
North Korea’s Lazarus hackers are exploiting Log4j flaw to hack US energy companies
Security researchers have linked a new cyber espionage campaign targeting U.S., Canadian and Japanese energy providers to the North Korean state-sponsored Lazarus hacking group. Threat intelligence co
Protestware on the rise: Why developers are sabotaging their own code
Ax Sharma Contributor Share on Twitter Ax Sharma is a security researcher and reporter. His areas of interest include open source software security, malware analysis, data breaches and scam investigat
Study: 30% of Log4Shell instances remain unpatched
Considering recent APT41 attacks, organizations that continue to leave the Log4Shell flaw unaddressed are hitting the snooze button when it comes to the wake-up calls from attackers.
China-backed APT41 compromised ‘at least’ six US state governments
The prolific China APT41 hacking group, known for carrying out espionage in parallel with financially motivated operations, has compromised multiple U.S. state government networks, according to cybers
4 basic elements required for running production OSS smoothly
Companies need to put many elements in place to use OSS in production smoothly. Here’s how to get started.
Bug bounty giant HackerOne lands $49M, thanks to cloud adoption boon
Bug bounty and penetration testing startup HackerOne has raised a $49 million Series E following a year of massive cloud adoption fueled by work-from-home orders. The company — which mediates betwee
A CISO’s playbook for responding to zero-day exploits
We keep calling every new zero-day exploit a “wake up call,” but all we have been doing is collectively hitting the snooze button.