Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

JFrog

jfrog

CVE-2022-25845 - Analyzing the Fastjson "Auto Type Bypass" RCE vulnerability

Jun 14, 2022 By Uriya Yavnieli In JFrog

A few weeks ago, a new version for Fastjson was released (1.2.83) which contains a fix for a security vulnerability that allegedly allows an attacker to execute code on a remote machine. According to several publications, this vulnerability allows an attacker to bypass the “AutoTypeCheck” mechanism in Fastjson and achieve remote code execution. This Fastjson vulnerability only recently received a CVE identifier – CVE-2022-25845, and a high CVSS – 8.1.

Read Post
jfrog

Denial of Service Vulnerability in Envoy Proxy - CVE-2022-29225

Jun 9, 2022 By Ori Hollander In JFrog

The JFrog Security Research team is constantly looking for new and previously unknown software vulnerabilities in popular open-source projects to help improve their security posture. As part of this effort, we recently discovered a denial of service (DoS) vulnerability in Envoy Proxy, a widely used open-source edge and service proxy server, designed for cloud-native applications and high traffic websites.

Read Post

Software Supply Chain Security for Open Source Projects

Jun 2, 2022 By JFrog In JFrog
Attacks on the open-source value chain (OS supply chain) are becoming more sophisticated, and we, as software developers, are becoming the focus of these attacks. So what are the essential first steps, and what should you focus on? This raises the question of suitable methods and tools. At the same time, the company's strategic orientation must be considered in this security strategy. In the recent past, we have also learned that attacks are increasingly targeting individual infrastructure elements of software development, such as the classic CI/CD pipeline.
View Video

Software Supply Chain Security for Open Source Projects - it's time to prepare!

Jun 2, 2022 By JFrog In JFrog
Attacks on the open-source value chain (OS supply chain) are becoming more sophisticated, and we, as software developers, are becoming the focus of these attacks. So what are the essential first steps, and what should you focus on? This raises the question of suitable methods and tools. At the same time, the company's strategic orientation must be considered in this security strategy. In the recent past, we have also learned that attacks are increasingly targeting individual infrastructure elements of software development, such as the classic CI/CD pipeline.
View Video

Identifying and Avoiding Malicious Packages

May 31, 2022 By JFrog In JFrog
Securing your software supply chain is absolutely critical as attackers are getting more sophisticated in their ability to infect software at all stages of the development lifecycle. This webinar will be a technical showcase of the different types of malicious packages that are prevalent today in the PyPI (Python) and npm (Node.js) package repositories. All examples shown in the webinar will be based on real data and malicious packages that were identified and disclosed by the JFrog security research team.
View Video
jfrog

Pyrsia: Decentralized Package Network that Secures the Open Source Supply Chain

May 25, 2022 By Sudhindra Rao In JFrog

Supply chain security has received a lot of attention in recent years. And rightly so. Software vulnerability exploitation attacks have been a key tool in the hands of the hackers to hamper businesses, compromise sensitive data, and a cause of general sense of fear around open source software.

Read Post
jfrog

Pyrsia: Open Source Software that Helps Protect the Open Source Supply Chain

May 25, 2022 By Lori Lorusso and Stephen Chin In JFrog

Stephen Chin is no stranger to having big ideas and implementing them to help the developer community. In the last twenty years he’s been involved in building open source IDEs, bootstrapping rich client libraries, maintaining JVM languages, and cultivating relationships with developers that do the same.

Read Post
jfrog

JFrog Connect: Ready for What's Next for DevSecOps, Edge and IoT

May 25, 2022 By Amit Ezer In JFrog

Today at swampUP, our annual DevOps conference, JFrog CTO Yoav Landman unveiled the next step toward making the Liquid Software vision of continuous, secure updates a truly universal reality. We’ve introduced JFrog Connect, a new solution designed to help developers update, manage, monitor, and secure remote Linux & Internet of Things (IoT) devices at scale.

Read Post
jfrog

Secure your Software Supply Chain with Xray and Lightstep Incident Response

May 25, 2022 By Ali Sardar In JFrog

Securing your software supply chain requires proactively identifying compliance issues and security vulnerabilities early in your software development lifecycle. Additionally early detection must be coupled with an organized and agile method of response that brings together developers, operations and SRE teams to accelerate remediation workflows across the organization.

Read Post
Subscribe to JFrog

Copyright © 2024 OpsMatters™. All rights reserved.