Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

JFrog

Curating Open source Libraries on JFrog Platform, part II.

May 3, 2023 By JFrog In JFrog
Software supply chain security has been the most widely discussed topic for anyone who is writing applications utilizing the majority of open-source or third-party libraries. This webinar will showcase JFrog Platform's abilities to curate and compose workflows to help isolate libraries that have vulnerabilities and promote libraries to repositories that can be safely used. This webinar will also demonstrate self-service curation workflows.
View Video
jfrog

New .NET Malware "WhiteSnake" Targets Python Developers, Uses Tor for C&C Communication

Apr 24, 2023 By Andrey Polkovnychenko In JFrog

The JFrog Security Research team recently discovered a new malware payload in the PyPI repository, written in C#. This is uncommon since PyPI is primarily a repository for Python packages, and its codebase consists mostly of Python code, or natively compiled libraries used by Python programs. This finding raised our concerns about the potential for cross-language malware attacks.

Read Post
jfrog

Software Supply Chain Security at RSA Conference 2023

Apr 24, 2023 By Huz Dalal In JFrog

The risk of supply chain attacks increases as more companies rely on third-party vendors and suppliers for critical services and products. Supply chain attacks have become increasingly prominent in recent years. In 2022, for instance, supply chain attacks surpassed the number of malware-based attacks by 40%.

Read Post

Secrets Detection JFrog Security Workshop

Apr 20, 2023 By JFrog In JFrog
In today's software development world, developers rely on numerous secrets, including API keys, credentials, and passwords to facilitate seamless interaction between application components as they code. Failing to remove these secrets can have disastrous consequences for businesses, making it essential to find and fix them before release.
View Video
jfrog

Analyzing Impala Stealer - Payload of the first NuGet attack campaign

Apr 10, 2023 By Ori Hollander In JFrog

In this blog post, we’ll provide a detailed analysis of a malicious payload we’ve dubbed “Impala Stealer”, a custom crypto stealer which was used as the payload for the NuGet malicious packages campaign we’ve exposed in our previous post. The sophisticated campaign targeted.NET developers via NuGet malicious packages, and the JFrog Security team was able to detect and report it as part of our regular activity of exposing supply chain attacks.

Read Post
jfrog

Save time fixing security vulnerabilities much earlier in your SDLC

Mar 22, 2023 By Paul Garden In JFrog

Are you or your development team tired of using application security tools that generate countless results, making it difficult to identify which vulnerabilities pose actual risks? Do you struggle with inefficient or incorrect prioritization due to a lack of context? What adds insult to injury is that traditional CVSS scoring methods ignore critical details like software configurations and security mechanisms.

Read Post

2023 Security Prediction & Trends for DevOps: Smarter Protection with Data & Intelligence

Mar 21, 2023 By JFrog In JFrog
Earlier this year, JFrog’s Security Research Team performed in-depth analysis of the top 10 most prevalent vulnerabilities in 2022 and found the severity rating of most CVEs were surprisingly OVERRATED. In this on-demand webinar session, you will learn: Here we’ll discuss how organizations can make better decisions, get better processes and use better tools for their DevOps security initiatives in 2023.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.