There’s no doubt that mobile devices have become an integral part of our lives. We use them to stay connected with friends and family, get directions, check the news, and more. They’re always with us, convenient, versatile (texts, messages, calls, Internet, etc), keep us connected and loads another top reasons….in short, making our life easier! This is where mobile device security comes in, which helps protect your device from potential threats.

As organizations go about their regular routine of finding and adding new technologies to help increase their overall success, each organization must keep in mind the security implications of each move, along with the fact that much of their current technology stack has to be maintained with a well-thought out and quickly implemented patching program.

The JFrog Security team recently competed in the Pwn2Own Miami 2022 hacking competition which focuses on Industrial Control Systems (ICS) security. One of our research targets for the competition was the Unified Automation C++-based OPC UA Server SDK. Other than the vulnerabilities we disclosed as part of the pwn2own competition, we managed to find and disclose eight additional vulnerabilities to the vendor. These vulnerabilities were fixed in the SDK in version 1.7.7.

Digital transformation has driven the rapid adoption of cloud-delivered services like SaaS/IaaS/PaaS in enterprises. This, in turn, has resulted in the migration of digital assets (aka data) from the confines of enterprise data centers to the cloud data centers that are not under the control of the enterprises. Additionally, the onset of the COVID-19 pandemic has resulted in remote work becoming the norm.

In 2013, a group of ethical hackers started penetration testing to make the Internet a safer place. After hacking companies such as Google, Facebook among others, they realized they could automate their findings to help companies monitor their attack surface and founded Detectify. Fast forward a few years and Detectify’s Crowdsource network boasts of 400+ elite ethical hackers.

Have you ever wanted to put a Save in 1Password button on your website? You can now add the integration to your website without anyone from 1Password building, approving, or getting involved with the process.

Over the last two years, we’ve observed how digital assets have revolutionized payment and banking services. The explosion of interest in digital currencies brings with it new challenges in governance, privacy, competition, cybersecurity, and social inclusion. While a cashless future is still far away, more than 80% of central banks are either considering the launch of a central bank digital currency (CBDC) or have already done so.

A Google remote procedure call (gRPC) is Google’s open source version of the remote procedure call (RPC) framework. It’s a communication protocol leveraging HTTP/2 and protocol buffer (protobuf) technologies. gRPC enables a remote client or server to communicate with another server by simply calling the receiving server’s function as if it were local. This makes communicating and transferring large data sets between client and server much easier in distributed systems.

The dark web is a part of the internet that provides anonymous and secure communication channels that are not able to be found by search engines. Numerous criminal activities are carried out on the dark web, such as the trafficking of stolen personal information, illegal sales of weapons and the trafficking of drugs.

Limited data retention resulting from financial or technological constraints makes it hard for security teams to see the complete history of an attack. This lack of full context about a threat — or a potential threat — eventually catches up with organizations, leading to longer dwell times and increased risk of a breach.