Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

January 2022

jfrog

Mind Your Dependencies: Defending against malicious npm packages

Jan 25, 2022 By Ilya Khivrich In JFrog

Modern software projects are mostly composed of open source code. The question of who really controls this code, and is responsible for detecting and fixing software supply chain security issues, became a significant source of concern after the discovery of the Log4Shell vulnerability.

Read Post

Continuously Securing Software Supply Chain

Jan 19, 2022 By JFrog In JFrog
Catch this session to see a breakdown of the recent news related to software supply chain security and what you can do to meet new requirements and protect your software from such attacks. With new software supply chain attacks reaching the spotlight at an accelerating pace, security research uncovering novel attack methods and new mandates and guidelines starting to come into effect — it can be hard to stay on top of the latest developments and their implications.
View Video
jfrog

The JNDI Strikes Back - Unauthenticated RCE in H2 Database Console

Jan 6, 2022 By Andrey Polkovnychenko, Shachar Menashe In JFrog

Very recently, the JFrog security research team has disclosed an issue in the H2 database console which was issued a critical CVE – CVE-2021-42392. This issue has the same root cause as the infamous Log4Shell vulnerability in Apache Log4j (JNDI remote class loading). H2 is a very popular open-source Java SQL database offering a lightweight in-memory solution that doesn’t require data to be stored on disk.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.