Collaborate Disseminate
In this Help Net Security video, we take you inside Black Hat USA 2022 at the Mandalay Bay Convention Center in Las Vegas. The video features the following vendors: Abnormal Security, Adaptive Shield, Airgap, Akamai, Anomali, Arctic Wolf Networks, Aris… Continue reading Black Hat USA 2022 video walkthrough
The Linux Foundation and the Open Source Software Security Foundation, with input provided by executives from 37 companies and many U.S. government leaders, delivered a 10-point plan to broadly address open source and software supply chain security, by… Continue reading A 10-point plan to improve the security of open source software
JFrog researchers have discovered 11 malicious Python packages on PyPI, the official third-party package repository for Python, which have been collectively downloaded over 41,000 times. This is not the first time that malicious packages have been succ… Continue reading Malicious Python packages employ advanced detection evasion techniques
JFrog released a new Slack integration for JFrog Artifactory and JFrog Xray. The new JFrog app for Slack allows developers to raise awareness of important software development events – such as new security vulnerabilities or license compliance vi… Continue reading JFrog collaborates with Slack to raise awareness of important software development events
Apiiro released Dependency Combobulator, a modular and extensible open source toolkit to detect and prevent dependency confusion attacks. The toolkit, available on GitHub, allows organizations to safeguard against this newly uncovered type of risk, whi… Continue reading Dependency Combobulator: Open source toolkit to combat dependency confusion attacks
JFrog announced it has been designated by the CVE Program as a CVE Numbering Authority (CNA). With this certification, JFrog joins an elite group of public and private sector organizations authorized to assign CVE identification numbers to newly discov… Continue reading JFrog receives CNA certification to help security researchers verify and triage their vulnerabilities
Researchers have discovered 14 new vulnerabilities affecting the proprietary NicheStack (aka InterNiche) TCP/IP stack, used in OT devices such as the extremely popular Siemens S7 PLCs. “Other major OT device vendors, such as Emerson, Honeywell, M… Continue reading Vulnerable TCP/IP stack is used by almost 200 device vendors
JFrog announced that it has entered into a definitive agreement to acquire Vdoo Connected Trust in a cash and stock-based deal valued at approximately $300 million. JFrog has accelerated its efforts to provide security offering to support DevOps users … Continue reading JFrog to acquire Vdoo to expand its end-to-end DevOps platform offering
JFrog, the company best known for a platform that helps developers continuously manage software delivery and updates, is making a deal to help it expand its presence and expertise in an area that has become increasingly connected to DevOps: security. The company is acquiring Vdoo, which has built an AI-based platform that can be used […] Continue reading DevOps platform JFrog acquires AI-based IoT and connected device security specialist Vdoo for $300M
JFrog announced Private Distribution Network at its annual DevOps user conference swampUP. A new innovative capability of JFrog Distribution, part of the JFrog DevOps Platform, Private Distribution Network enables enterprises to easily set up and manag… Continue reading JFrog Private Distribution Network accelerates large-scale application delivery