Jonathan Sar Shalom
Director of Threat ResearchJonathan is the Director of Threat Research at JFrog Security. Jonathan’s background includes more than 13 years in cyber security, with experience in security research, reverse engineering, and malware analysis. He currently leads the Threat Research team in JFrog Security, specializing in vulnerabilities analysis, threat intelligence research, and automated threats detection.
The Latest From Jonathan Sar Shalom
-
CVE-2024-3094 XZ Backdoor: All you need to know
| 14 min readUpdate April 1st - Updated "What is the malicious payload of CVE-2024-3094?" due to newly released OSS tools Update April 7th - Updated "What is the malicious payload of CVE-2024-3094?" due to more published payload research On March 29th, it was reported that malicious code enabling unauthorized remote SSH access has been detected within…
Read More -
Detecting Malicious Packages and How They Obfuscate Their Malicious Code
| 14 min readWow! We made it to the last post in our Malicious Packages series. While parting is such sweet sorrow, we hope blogs one, two, and three provide insights into the havoc malicious packages cause throughout your DevOps and DevSecOps pipelines. In the prior posts: We explained what software supply chain attacks are and learned the…
Read More -
Turns out 78% of reported common CVEs on top DockerHub images are not really exploitable
| 15 min readResearch motivations Similarly to our previous research on “Secrets Detection,” during the development and testing of JFrog Xray’s new “Contextual Analysis” feature, we wanted to test our detection in a large-scale real-world use case, both for eliminating bugs and testing the real-world viability of our current solution. However, unlike the surprising results we got in our…
Read More -
Common Payloads Attackers Plant in Malicious Software Packages
| 9 min readIn this third post in our series on Malicious Software Packages, we’ll focus on the aftermath of a successful attack and how the attacker executes payloads to serve their needs through various real-life scenarios. Before we start, let’s review a few highlights from the second post you might've missed: There are common types of infection methods…
Read More -
Five Examples of Infection Methods Attackers Use to Spread Malicious Packages
| 13 min readWelcome to the second post in our series on Malicious Software Packages. This post focuses on the infection methods attackers use to spread malicious packages, and how the JFrog Security research team unveiled them. If you missed the first blog, here are some key takeaways: Third-party software packages contain vulnerabilities or malicious code delivered through…
Read More -
Malicious Packages Are a Rising Threat in Software Supply Chain Attacks
| 7 min readWelcome to the first post in the malicious software packages series for the DevOps and DevSecOps community. This technical series will focus on various malicious packages and their effects on the software supply chain. We’ll dive deeper into malicious packages in each post, including Defining software supply chain attacks and learning the critical role that malicious…
Read More -
The Impact of CVE-2022-0185 Linux Kernel Vulnerability on Popular Kubernetes Engines
| 7 min readLast week, a critical vulnerability identified as CVE-2022-0185 was disclosed, affecting Linux kernel versions 5.1 to 5.16.1. The security vulnerability is an integer underflow in the Filesystem Context module that allows a local attacker to run arbitrary code in the context of the kernel, thus leading to privilege escalation, container environment escape, or denial of…
Read More
