-
EAGERBEE Malware Detection: New Backdoor Variant Targets Internet Service Providers and State Bodies in the Middle East
Hot on the heels of the re-emergence of a more advanced NonEuclid RAT variant in the cyber threat arena, a novel malware iteration known as the Eagerbee backdoor poses an increasing threat to organizations in the Middle East, primarily targeting Internet Service Providers (ISPs) and state agencies. The enhanced EAGERBEE backdoor variant can deploy payloads,…
-
Message Queues vs. Streaming Systems: Key Differences and Use Cases
In the world of data processing and messaging systems, terms like “queue” and “streaming” often come up. While they may sound similar, they serve distinct purposes and can significantly impact how systems handle data. Let’s break down their differences in a straightforward way. What Are Message Queues? Imagine a coffee shop where customers place orders…
-
What is Event Streaming in Apache Kafka?
Event streaming is a powerful data processing paradigm where events—small, immutable pieces of data—are continuously produced, captured, and processed in real time. Apache Kafka, an open-source distributed event streaming platform, has become the go-to solution for implementing event streaming in modern systems. Understanding Events and Streams An event is a record of an occurrence, such as a…
-
NonEuclid RAT Detection: Malware Enables Adversaries to Gain Unauthorized Remote Access and Control Over a Targeted System
The modern-day cyber threat landscape is marked by the rise in malware variants that give attackers the green light to gain complete remote control over targeted systems, such as a nefarious Remcos RAT spread via a phishing attack vector. At the turn of January 2025, defenders unveiled an emerging stealthy malware dubbed NonEuclid RAT, which…
-
Preparing for Post-Quantum Cryptography: Key Takeaways from SAFECode’s Working Group
As we mentioned in a previous blog, SAFECode’s post-quantum cryptography (PQC) working group has reached a milestone. NIST has standardized its first wave of post-quantum encryption algorithms, and our working group has identified key activities that will enable our members to manage the transition to quantum-resistant cryptography and adapt to the emergence of new algorithms…
-
Celebrating Dedication and Innovation: Highlights from SAFECode Day 2024
Over 50 SAFECode members and industry leaders came together for a dynamic SAFECode Day 2024! The event featured exciting project updates, lively discussions, and an inspiring keynote from Anne Neuberger, Deputy Assistant to the President, who emphasized the crucial role of cybersecurity in today’s digital landscape. It was great to hear our members share their…
-
The PQC Algorithm FIPS are Published – Now What?
By Brian Rosenberg, RTX Corporation and Judith Furlong, Dell Technologies with Matthew Lyon, Dell Technologies; Steve Lipner, SAFECode Introduction We made it – this far! The U.S National Institute of Standards and Technology (NIST) recently published the Federal Information Processing Standards (FIPS) for three post-quantum cryptography (PQC) algorithms, marking the end of the beginning of…
-
New SAFECode Member Council to Ensure Greater Industry Collaboration on Software Security
Oracle’s John Heimann and Siemens Energy’s Manuel Ifland Elected to Lead the Member Council WAKEFIELD, Mass. – March 6, 2024 – SAFECode has announced a new Member Council to direct its industry-led efforts to advance software security practices. Chaired by John Heimann, Vice President of Security Program Management at Oracle, and Vice Chaired by Manuel…
-
Threat Modeling at Scale
According to the Threat Modeling Manifesto, Threat Modeling is an activity “for analyzing representations of a system to highlight concerns about security and privacy and if applicable, safety characteristics”. Threat modeling is a crucial activity of the secure development lifecycle (SDL) for identifying and mitigating weaknesses and potential security vulnerabilities. Threat modeling is most effective…
-
Secure by Design? The U.S. Government and Requirements for Secure Development
The last two months have seen the release of three new U.S. Government documents related to software security: The National Cybersecurity Strategy released in early March covers the landscape of cybersecurity concerns and introduces the concept of shifting the liability for insecure software products and services from consumers to suppliers. In mid-April, The Cybersecurity and…