RL;DR: New YARA rules, top developer security challenges

Welcome to the latest edition of RL;DR, a weekly newsletter that highlights the latest content from RL Blog, including threat research, thought leadership, best practices, product and solution updates – and more.

This week: RL threat analysts have released two new open-source YARA rules, new security insights from a survey of software development leaders, and how data science in cybersecurity can cut through the fog of war.?

Security Alert

RL adds two new YARA rules: MiyaRAT, Elpaco

ReversingLabs threat researchers have been developing and writing YARA rules fit for threat hunters, researchers, incident responders and security analysts for years. These open-source YARA rules are published to RL’s GitHub page for the community to use.

The two new YARA rules include:

• MiyaRAT: A backdoor malware attributed to the advanced persistent threat (APT) group TA397, which has conducted multiple attacks on defense organizations in the APAC and EMEA regions.?
• Elpaco: A variant of a ransomware known as Mimic, Elpaco abuses the free file discovery library named “Everything,” and targets numerous countries worldwide.?

Both of these new YARA rules are available on RL’s GitHub here. To learn more about YARA rules — and how to write them, read this blog post.?

Keep Learning with RL Blog

Key development security challenges: The AI's have it

From the AppSec testing gap to data privacy, AI is increasing security worries. Here are key takeaways from a new survey of software development leaders, featuring expert insights from Jason Beres , Akhil Mittal , Darren Guccione , Eric Schwake, CISSP , Iftach Ian Amit , Andrew Bolster , Melody Kaufmann , Feng Li , Professor Tim Bates, PhD , and Dhaval Shah . (Read More)

7 container security best practices

With the rise of attacks on the supply chain and threats from AI, securing containers requires a modern strategy. Here are key considerations, featuring expert insights from Dave Ferguson , Jasmine Noel , Anthony Tam , and Charlie Jones . (Read More)

How data science in cybersecurity can cut through the fog of war

Orchestrating the heavy lifting of data management and analytics is easier said than done. Here are four key pillars for improving security outcomes, featuring expert insights from Derek Fisher , Balázs Greksza , Shane Shook , and Or Saya . (Read More)

Get more insights and practical knowledge at RL Blog.?

Stay Informed: Top Events

Webinar | 6 Critical Risks in Your Software Supply Chain

Thursday, March 13 at 1pm ET

Gartner estimates the costs from software supply chain attacks will rise from $46 billion in 2023 to $138 billion by 2031. And while 66% of organizations are implementing or about to implement a software supply chain security initiative, they are not addressing key risks. In this webinar, we’ll explore those risks and how to identify them. (Save Your Seat)

Webinar | Securing JFrog Artifactory: Find Risky Software

Thursday, March 20 at 12pm ET

How can software producers trust software components, builds, and releases from multiple development pipelines? Join this webinar to see how the RL Spectra Assure integration with JFrog Artifactory ensures you are building with safe components and the builds being created are safe to ship. (Save Your Seat)

Stay in touch with RL on LinkedIn, X, Bluesky, YouTube and GitHub.?