Brian Moussalli
Malware Research Team LeaderBrian is a Malware Research Team Leader at JFrog Security, specializing in supply chain attacks and malicious packages, vulnerability analysis, threat intelligence research and automated threat detection. In addition to his current role, he has over 13 years of experience in cyber security, security research, reverse engineering and malware analysis.
The Latest From Brian Moussalli
-
CVE-2024-3094 XZ Backdoor: All you need to know
| 14 min readUpdate April 1st - Updated "What is the malicious payload of CVE-2024-3094?" due to newly released OSS tools Update April 7th - Updated "What is the malicious payload of CVE-2024-3094?" due to more published payload research On March 29th, it was reported that malicious code enabling unauthorized remote SSH access has been detected within…
Read More -
New .NET Malware “WhiteSnake” Targets Python Developers, Uses Tor for C&C Communication
| 17 min readThe JFrog Security Research team recently discovered a new malware payload in the PyPI repository, written in C#. This is uncommon since PyPI is primarily a repository for Python packages, and its codebase consists mostly of Python code, or natively compiled libraries used by Python programs. This finding raised our concerns about the potential for…
Read More -
Attackers are starting to target .NET developers with malicious-code NuGet packages
| 12 min readUpdate 2023-03-21 - We've talked with members of the NuGet team and they had already detected and removed the malicious packages in question. Malicious packages are often spread by the open source NPM and PyPI package repositories, with few other repositories affected. Specifically - there was no public evidence of severe malicious activity in the…
Read More -
CVE-2022-30522 – Denial of Service (DoS) Vulnerability in Apache httpd “mod_sed” filter
| 8 min readThis past March we posted an analysis of a vulnerability in the Apache HTTP Server mod_sed filter module, CVE-2022-23943, in which a Denial of Service (DoS) can be triggered due to a miscalculation of buffers’ sizes. While analyzing this Apache httpd vulnerability and its patch, we suspected that although the fix resolved the issue, it…
Read More -
Diving into CVE-2022-23943 – a new Apache memory corruption vulnerability
| 7 min readA few days ago it was reported that the new Apache version 2.4.53 contains fixes for several bugs which exposed the users of the well known HTTP server to attacks: CVE-2022-22719 relates to a bug in the mod_lua modules which may lead to Denial of Service after reading from a random memory Area, CVE-2022-22720 exposes…
Read More