Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

JFrog

Risk Mitigation Strategies for Tcp/IP Vulnerabilities in OT

Sep 4, 2021 By JFrog In JFrog
JFrog in collaboration with Forescout Research Labs recently released the fourth study from Project Memoria - the industry’s most comprehensive study of TCP/IP vulnerabilities. INFRA:HALT covers 14 vulnerabilities affecting the popular closed source TCP/IP stack NicheStack. These vulnerabilities can cause Denial of Service or Remote Code Execution, allowing attackers to take targeted OT and ICS devices offline or take control of them.
View Video
jfrog

It's Time to Get Hip to the SBOM

Aug 24, 2021 By Bill Manning In JFrog

The DevOps, IT security and IT governance communities will remember 2021 as the year when the Software Bill of Materials , or SBOM, graduated from a “nice to have” to a “must have.” Around for years, the SBOM has now become a critical DevSecOps piece, which everyone must thoroughly understand and incorporate into their SDLC (Software Development Lifecycle).

Read Post
jfrog

A Year of Supply Chain Attacks: How to Protect Your SDLC

Aug 20, 2021 By Juan Perez In JFrog

One of the most worrisome trends in cybersecurity today is the skyrocketing incidence of supply chain attacks, such as the ones that hit SolarWinds last year and Kaseya more recently. Because they focus on compromising software development and delivery, supply chain attacks have forced developers and DevOps teams to scramble for solutions. Unfortunately, supply chain attacks are particularly challenging to prevent, detect and remediate, and, because of their stealthy nature, are often devastating.

Read Post
jfrog

How to protect your secrets with Spectral and JFrog Pipelines

Aug 17, 2021 By Batel Zohar In JFrog

Thousands of secrets leak daily on public git repositories, including over two million corporate secrets in 2020 alone. This can happen to anyone! For example, in January 2021, an Amazon cloud engineer accidentally committed almost a gigabyte worth of sensitive data that included their own personal documents, as well as passwords and cryptographic keys to various AWS environments on his personal GitHub repository.

Read Post
jfrog

INFRA:HALT 14 New Security Vulnerabilities Found in NicheStack

Aug 4, 2021 By Asaf Karas, Shachar Menashe and Denys Vozniuk In JFrog

NicheStack is a TCP/IP network stack commonly used in millions of Operational Technology (OT) devices around the world, including in critical infrastructure such as manufacturing plants, power generation/transmission/distribution, water treatment, and more. JFrog’s security research team (formerly Vdoo), together with Forescout Research Labs, recently discovered 14 new security vulnerabilities affecting the NicheStack TCP/IP stack.

Read Post
jfrog

Bring Xray Out of the Box with Dependency and Binary Scanning

Jul 30, 2021 By Paul Garden In JFrog

Shifting left security means you, the developer, catching and fixing vulnerabilities and license violations early in the SDLC. That’s why Xray scans binaries pushed to Artifactory by your builds, and alerts you when there are issues with your dependencies. But catching them earlier, even before checking in code, can be important for developers shifting left.

Read Post
jfrog

JFrog detects malicious PyPI packages stealing credit cards and injecting code

Jul 29, 2021 By Andrey Polkovnichenko, Omer Kaspi and Shachar Menashe In JFrog

Software package repositories are becoming a popular target for supply chain attacks. Recently, there has been news about malware attacks on popular repositories like npm, PyPI, and RubyGems. Developers are blindly trusting repositories and installing packages from these sources, assuming they are secure.

Read Post

Vdoo & JFrog - Enhanced Security From Code To The Edge

Jul 22, 2021 By JFrog In JFrog
Join this webinar to learn more about JFrog’s announced acquisition of Vdoo! Together JFrog and Vdoo are the creators of a hybrid product security platform that automates multidimensional security tasks throughout the entire build and release cycle - and how JFrog and Vdoo plan to integrate their technologies to further the secure Liquid Software vision. Imagine if you had access to streamlined, consolidated and comprehensive security data in one platform that helped developers and security teams identify and fix their most critical issues rapidly.
View Video

Deep-dive into Open Policy Agent + Conftest + GateKeeper - Shimon Tolts & Noaa Barki

Jul 21, 2021 By JFrog In JFrog
Yalla! DevOps 2021 -- The first, in-person DevOps conference of the year! Driven by the DevOps community. All about the DevOps community. Deep-dive into Open Policy Agent + Conftest + GateKeeper: Kubernetes Policy in action In this session, we will do a deep-dive session into: Open Policy Agent, Conftest, and GateKeeper. We will show real-life use cases of how to use those technologies in production in order to configure and enforce a centralized policy for Kubernetes Shimon and Noaa will present both sides of the dev stack, DevOps and Developers.
View Video

JFrog And Red Hat DevSecOps Security Series

Jul 6, 2021 By JFrog In JFrog
Accurately detecting and mitigating security vulnerabilities is critical for any enterprise. JFrog’s ongoing collaboration with Red Hat provides the DevOps community with enterprise-grade DevSecOps capabilities, enabling you to deliver high-quality, and more secure software, anywhere. As part of the Red Hat DevSecOps Security Series, Join us on July 1st for JFrog & Red Hat’s perspective on application analysis and how JFrog’s recently achieved Vulnerability Scanner Certification helps identify vulnerabilities in applications, images and configurations early in your lifecycle.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.