December 2023

SSH protocol flaw - Terrapin Attack CVE-2023-48795: All you need to know

Dec 25, 2023 By Yair Mizrahi In JFrog

The SSH Terrapin attack (CVE-2023-48795) has recently caught attention, targeting the SSH protocol security by truncating cryptographic information. The inherent flaw in the SSH protocol itself affects a wide range of SSH client and server implementations. Following our initial research communication, this post will detail its fundamentals and impact.

Read Post

JFrog

Read more about SSH protocol flaw - Terrapin Attack CVE-2023-48795: All you need to know

Empowering Kubernetes Security: JFrog's Seamless Integration with AWS AssumeRole

Dec 15, 2023 By Yonatan Arbel In JFrog

In the fast-paced environment of cloud-native apps, security and seamless connections are a priority. Many DevOps and SecOps professionals use Kubernetes native features to handle their container security, keeping a tight grip on access and secrets to improve security posture. The integration between AWS AssumeRole and JFrog Access in Amazon Elastic Kubernetes Services (EKS), enhances enterprise security by automating secrets management.

Read Post

JFrog

Read more about Empowering Kubernetes Security: JFrog's Seamless Integration with AWS AssumeRole

N-Day Hijack: Analyzing the lifespan of package hijacking attacks

Dec 14, 2023 By Yair Mizrahi In JFrog

Software package hijacking has become a prominent concern for individuals, businesses, and the cybersecurity community at large. We’ve seen this new threat trend rise over the past couple of years, with the potential to severely impact the software supply chain by attackers exploiting software packages to execute malicious code. This blog post details a case study conducted by our security research team, in an effort to trace the typical time before a package hijack is detected.

Read Post

JFrog

Read more about N-Day Hijack: Analyzing the lifespan of package hijacking attacks

Navigating AI's New Horizons: Empowering AI Model Development, Security and Compliance

Dec 14, 2023 By Huz Dalal In JFrog

The rapid rise of artificial intelligence, more specifically, generative AI systems such as OpenAI’s ChatGPT, has simultaneously spurred intense development and concern over the past year. On the 30th of October, President Joe Biden signed an Executive Order that urges new federal standards for AI development, safety, security, and trustworthiness that also address many other facets of AI risk.

Read Post

JFrog

Read more about Navigating AI's New Horizons: Empowering AI Model Development, Security and Compliance

Best Practices from DevSecOps Experts

Dec 11, 2023 By JFrog In JFrog

We share JFrog's view on our own SSC security and share some best practices we use within our own organization.

View Video

JFrog

Read more about Best Practices from DevSecOps Experts

Developer Wish List for CSO / CISO

Dec 11, 2023 By JFrog In JFrog

Moran answers the question, "If you were a Developer today, what do you think you'd want to hear from your CISO and CSO?".

View Video

JFrog

Read more about Developer Wish List for CSO / CISO

Common assumption they make

Dec 11, 2023 By JFrog In JFrog

Common assumptions Developers tend to make around security today, that could be untrue. We unpack some of these assumptions and different way to view it that helps them adopt a security mindset and make their lives easier.

View Video

JFrog

Read more about Common assumption they make

The Developer Relationship to Security

Dec 7, 2023 By JFrog In JFrog

Moran dives into what her view is on Developers and the relationship they have with security today. As security gets more complex, the Developer's job today isn't easy and they are asked to do a lot more than they are used to.

View Video