Black Hat USA 2022 video walkthrough

In this Help Net Security video, we take you inside Black Hat USA 2022 at the Mandalay Bay Convention Center in Las Vegas. The video features the following vendors: Abnormal Security, Adaptive Shield, Airgap, Akamai, Anomali, Arctic Wolf Networks, Aris… Continue reading Black Hat USA 2022 video walkthrough

A 10-point plan to improve the security of open source software

The Linux Foundation and the Open Source Software Security Foundation, with input provided by executives from 37 companies and many U.S. government leaders, delivered a 10-point plan to broadly address open source and software supply chain security, by… Continue reading A 10-point plan to improve the security of open source software

Malicious Python packages employ advanced detection evasion techniques

JFrog researchers have discovered 11 malicious Python packages on PyPI, the official third-party package repository for Python, which have been collectively downloaded over 41,000 times. This is not the first time that malicious packages have been succ… Continue reading Malicious Python packages employ advanced detection evasion techniques

JFrog collaborates with Slack to raise awareness of important software development events

JFrog released a new Slack integration for JFrog Artifactory and JFrog Xray. The new JFrog app for Slack allows developers to raise awareness of important software development events – such as new security vulnerabilities or license compliance vi… Continue reading JFrog collaborates with Slack to raise awareness of important software development events

Dependency Combobulator: Open source toolkit to combat dependency confusion attacks

Apiiro released Dependency Combobulator, a modular and extensible open source toolkit to detect and prevent dependency confusion attacks. The toolkit, available on GitHub, allows organizations to safeguard against this newly uncovered type of risk, whi… Continue reading Dependency Combobulator: Open source toolkit to combat dependency confusion attacks

JFrog receives CNA certification to help security researchers verify and triage their vulnerabilities

JFrog announced it has been designated by the CVE Program as a CVE Numbering Authority (CNA). With this certification, JFrog joins an elite group of public and private sector organizations authorized to assign CVE identification numbers to newly discov… Continue reading JFrog receives CNA certification to help security researchers verify and triage their vulnerabilities

Vulnerable TCP/IP stack is used by almost 200 device vendors

Researchers have discovered 14 new vulnerabilities affecting the proprietary NicheStack (aka InterNiche) TCP/IP stack, used in OT devices such as the extremely popular Siemens S7 PLCs. “Other major OT device vendors, such as Emerson, Honeywell, M… Continue reading Vulnerable TCP/IP stack is used by almost 200 device vendors

DevOps platform JFrog acquires AI-based IoT and connected device security specialist Vdoo for $300M

JFrog, the company best known for a platform that helps developers continuously manage software delivery and updates, is making a deal to help it expand its presence and expertise in an area that has become increasingly connected to DevOps: security. The company is acquiring Vdoo, which has built an AI-based platform that can be used […] Continue reading DevOps platform JFrog acquires AI-based IoT and connected device security specialist Vdoo for $300M