Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

JFrog

jfrog

Top JFrog Security Research Discoveries of 2024

Jan 30, 2025 By The JFrog Security Research Team In JFrog
In our previous round-up of security research for 2023, we mentioned our surprise at the large volume of 29,000 vulnerabilities that were reported two years ago. But that didn’t prepare us for the astounding 40% increase, reported by Cyber Press, resulting in over 40,000 CVEs that were published over the past year in 2024.
Read Post
jfrog

Now Available: Evidence Collection with JFrog

Jan 21, 2025 By Sean Pratt In JFrog
There is an increasing need for traceability and attestation of the actions taken as software moves across the SDLC. Emerging regulations and policies around secure software development are rapidly evolving, and it’s important to stay ahead of the changing landscape. Some organizations have taken a proactive approach with home-grown solutions or manual processes, but despite best efforts, these solutions often lack scale and eventually falter over time.
Read Post
jfrog

JFrog Cloud Native Innovation - Availability, Security Performance and Efficiency at Scale

Jan 9, 2025 By Batel Zohar In JFrog
JFrog uses open source tools such as Kubernetes, Kubernetes Event-driven Autoscaling (KEDA), and Prometheus to develop its cloud development infrastructure and ensure tight integration with the three leading cloud providers AWS, GCP, and Azure. Let’s explore how JFrog cloud deployments leverage our cloud-native architecture to provide enhanced security and management capabilities for DevOps while ensuring high availability and a transparent user experience for developers.
Read Post

Securing the Future: DevSecOps in Action

Jan 9, 2025 By JFrog In JFrog
How can you ensure your software supply chain is resilient and ready for the challenges of tomorrow? In this exclusive session, we delved into the practical lessons of 2024 and showcased how JFrog is leading the charge in securing DevOps pipelines. In this engaging conversation between industry experts, we uncovered real-world insights, explored actionable strategies, and demonstrated innovations that safeguard your software delivery lifecycle.
View Video
jfrog

CVE-2024-6197 Curl and Libcurl: Use-after-Free on the Stack

Dec 18, 2024 By Ben Gross In JFrog
On July 24th 2024, Curl maintainers announced a new stack buffer Use After Free (UAF) vulnerability – CVE-2024-6197. This type of vulnerability is very uncommon since UAF issues usually occur on the heap and not on the stack. While the vulnerability can be easily exploited for causing denial of service, in this blog we will show why we believe that it is almost impossible to exploit this vulnerability to achieve remote code execution in any real-world setup.
Read Post
jfrog

Machine Learning Bug Bonanza - Exploiting ML Clients and "Safe" Model Formats

Dec 4, 2024 By Shachar Menashe In JFrog
In our previous blog post in this series we showed how the immaturity of the Machine Learning (ML) field allowed our team to discover and disclose 22 unique software vulnerabilities in ML-related projects, and we analyzed some of these vulnerabilities that allowed attackers to exploit various ML services.
Read Post
jfrog

Everything you need to know about EvilProxy Attacks

Nov 26, 2024 By Orel Bitan In JFrog
An “Evil Proxy” is a malicious proxy server used by attackers to intercept and change the communication between a client and a legitimate server. It is also known as Phishing-as-a-Service (PhaaS), where the attackers attempt to deceive individuals into providing sensitive information such as usernames, passwords, and credit card numbers.
Read Post
jfrog

CVE-2024-10524 Wget Zero Day Vulnerability

Nov 18, 2024 By Goni Golan In JFrog
While researching CVE-2024-38428 in GNU’s Wget, our team found a new 0-day vulnerability. The vulnerability, later assigned CVE-2024-10524, may lead to various types of attacks – including phishing, SSRF, and MiTM. These attacks can have severe consequences such as resource restriction bypass and sensitive information exposure. Upon discovering this vulnerability, our team responsibly disclosed it to the Wget maintainers. A patch was released on November 11 and is included in Wget 1.25.0.
Read Post

Mastering Classified Systems Artifact Distribution to the Tactical Edge

Nov 7, 2024 By JFrog In JFrog
This JFrog webinar, hosted by our Public Sector partner Carahsoft, focused on automating the secure distribution of critical digital artifacts in air-gapped networks. For agencies, ensuring the integrity of these artifacts at the edge is paramount. Real-time access to mission-critical software for warfighters is essential, and timely software updates boost operational readiness and capabilities. Leveraging JFrog's latest tools, this approach significantly enhances operational capabilities for public sector agencies.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.