5/11/23: SLSA, Russian Snake Malware, Kekw & more!

Here are this week's highlights:

New report shows an increased focus on software supply chain security

According to the global report released by ReversingLabs , 88% said software supply chain security is an enterprise-wide risk, but only 60% said their software supply chain defenses were up to the task.

SLSA 1.0 delivers build provenance

“In 1.0, the SLSA working group narrowed the scope of the requirements and put forth in the release the requirements that most of the broader industry worked together on and gained consensus on.”

National Security Agency & allies uncover Russian snake malware network

Found in 50+ countries, cyber-criminals reportedly used Snake to retrieve and remove confidential documents related to international relations and diplomatic communications.

Amazon Web Services (AWS) open sources SnapChange and Cedar

In part to address concerns around software supply chain security, AWS is open-sourcing a new fuzzing tool called SnapChange and a recently launched authorization policy language and SDK called Cedar.

"Kekw" malware in Python packages

Kekw malware can steal sensitive information from infected systems and perform clipper activities that can hijack cryptocurrency transactions.

Subscribe for weekly security highlights!