Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

JFrog

jfrog

CVE-2024-6197 Curl and Libcurl: Use-after-Free on the Stack

Dec 18, 2024 By Ben Gross In JFrog
On July 24th 2024, Curl maintainers announced a new stack buffer Use After Free (UAF) vulnerability – CVE-2024-6197. This type of vulnerability is very uncommon since UAF issues usually occur on the heap and not on the stack. While the vulnerability can be easily exploited for causing denial of service, in this blog we will show why we believe that it is almost impossible to exploit this vulnerability to achieve remote code execution in any real-world setup.
Read Post
jfrog

Machine Learning Bug Bonanza - Exploiting ML Clients and "Safe" Model Formats

Dec 4, 2024 By Shachar Menashe In JFrog
In our previous blog post in this series we showed how the immaturity of the Machine Learning (ML) field allowed our team to discover and disclose 22 unique software vulnerabilities in ML-related projects, and we analyzed some of these vulnerabilities that allowed attackers to exploit various ML services.
Read Post
jfrog

Everything you need to know about EvilProxy Attacks

Nov 26, 2024 By Orel Bitan In JFrog
An “Evil Proxy” is a malicious proxy server used by attackers to intercept and change the communication between a client and a legitimate server. It is also known as Phishing-as-a-Service (PhaaS), where the attackers attempt to deceive individuals into providing sensitive information such as usernames, passwords, and credit card numbers.
Read Post
jfrog

CVE-2024-10524 Wget Zero Day Vulnerability

Nov 18, 2024 By Goni Golan In JFrog
While researching CVE-2024-38428 in GNU’s Wget, our team found a new 0-day vulnerability. The vulnerability, later assigned CVE-2024-10524, may lead to various types of attacks – including phishing, SSRF, and MiTM. These attacks can have severe consequences such as resource restriction bypass and sensitive information exposure. Upon discovering this vulnerability, our team responsibly disclosed it to the Wget maintainers. A patch was released on November 11 and is included in Wget 1.25.0.
Read Post

Mastering Classified Systems Artifact Distribution to the Tactical Edge

Nov 7, 2024 By JFrog In JFrog
This JFrog webinar, hosted by our Public Sector partner Carahsoft, focused on automating the secure distribution of critical digital artifacts in air-gapped networks. For agencies, ensuring the integrity of these artifacts at the edge is paramount. Real-time access to mission-critical software for warfighters is essential, and timely software updates boost operational readiness and capabilities. Leveraging JFrog's latest tools, this approach significantly enhances operational capabilities for public sector agencies.
View Video
jfrog

Elevating DevSecOps: JFrog and GitHub's Unified Platform Experience Deepens

Oct 29, 2024 By Kristian Taernhed In JFrog
Developers are expected to write new and more complex code to create leading-edge features in new software releases at a relenting pace. To do this they are looking for help from AI assistants like GitHub Copilot to help write better code, faster. They want to write, debug, and secure their code simultaneously, driving the need for leading-edge products like Copilot Autofix.
Read Post
jfrog

Mitigating Image Integrity Violations: A Real-World Example in Runtime Environments

Oct 17, 2024 By Asaf Ezra In JFrog
In the never-ending quest to speed up software release cycles, ensuring the security and integrity of application artifacts has never been more critical. As applications are continuously built, tested, and deployed, every element of the software pipeline—from source code to container images—needs to be trusted and verifiable. A key aspect of maintaining this trust is image integrity protection and validation.
Read Post

CyberRisk Alliance: JFrog Field CISO Paul Davis on Securing Software in Today's Threat Landscape

Oct 7, 2024 By JFrog In JFrog
In this executive interview with CyberRisk Alliance, JFrog’s Field CISO, Paul Davis, discusses the growing challenges of securing development workflows and the evolving role of the CISO. With an increasing focus on information security, Paul shares insights on balancing development speed with the need for robust security in today’s software environments.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.