Blog Home

Python Malware Imitates Signed PyPI Traffic in Novel Exfiltration Technique
November 18, 2021

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to report vulnerable and malicious packages to repository maintainers. Earlier this year we disclosed several malicious packages targeting developers’ private data that were downloaded approximately 30K times. Today, we will share details about 11 new malware packages that …

Read More

Unboxing BusyBox – 14 new vulnerabilities uncovered by Claroty and JFrog
November 09, 2021

Background Embedded devices with limited memory and storage resources are likely to leverage a tool such as BusyBox, which is marketed as the Swiss Army Knife of embedded Linux. BusyBox is a software suite of many useful Unix utilities, known as applets, that are packaged as a single executable file. Within BusyBox you can find …

Read More
YAML Security Vulnerability

23andMe’s Yamale Python code injection, and properly sanitizing eval()
October 05, 2021

Background JFrog security research team (formerly Vdoo) has recently disclosed a code injection issue in Yamale, a popular schema validator for YAML that’s used by over 200 repositories. The issue has been assigned to CVE-2021-38305. The injection issue An attacker that can control the contents of the schema file that’s supplied to Yamale (-s/–schema command …

Read More

INFRA:HALT 14 New Security Vulnerabilities Found in NicheStack
August 04, 2021

NicheStack is a TCP/IP network stack commonly used in millions of Operational Technology (OT) devices around the world, including in critical infrastructure such as manufacturing plants, power generation/transmission/distribution, water treatment, and more. JFrog’s security research team (formerly Vdoo), together with Forescout Research Labs, recently discovered 14 new security vulnerabilities affecting the NicheStack TCP/IP stack. These …

Read More
JFrog PyPI

JFrog Detects Malicious PyPI Packages Stealing Credit Cards and Injecting Code
July 29, 2021

Software package repositories are becoming a popular target for supply chain attacks. Recently, there has been news about malware attacks on popular repositories like npm, PyPI, and RubyGems. Developers are blindly trusting repositories and installing packages from these sources, assuming they are secure. Sometimes malware packages are allowed to be uploaded to the package repository, …

Read More

Revisiting Realtek – A New Set of Critical Wi-Fi Vulnerabilities Discovered by Automated Zero-Day Analysis
June 02, 2021

On February 3rd 2021, we responsibly disclosed six critical issues in the Realtek RTL8195A Wi-Fi module, a popular Wi-Fi card found in numerous connected devices such as home and industrial appliances. Following that successful detection and disclosure, we expanded our analysis to additional modules. This new analysis resulted in two new critical vulnerabilities discovered by …

Read More
Python Package Index (PyPi)

Python wheel-jacking in supply chain attacks
February 16, 2021

Recently, a novel supply chain attack was published by security researcher Alex Birsan, detailing how dependency confusion (or “namesquatting“) in package managers can be misused in order to execute malicious code on production and development systems. Background – dependency confusion & Birsan’s attack In short, most package managers such as pip and npm do not …

Read More

Enterprise DevOps: 5 Keys to Success with DevOps at Scale
February 10, 2021

After getting a taste of DevOps’ benefits, enterprises naturally seek to widen its adoption. However, the tooling and processes that work for small-scale use cases often fall short when teams try to scale DevOps efforts. You must support all your different teams, toolsets, applications, processes, workflows, release cycles and pipelines — both legacy and cloud …

Read More

Major Vulnerabilities Discovered and Patched in Realtek RTL8195A Wi-Fi Module
February 03, 2021

In a recent supply chain security assessment, the JFrog security research team (formerly Vdoo) analyzed multiple networking devices for security vulnerabilities and exposures. During the analysis we discovered and responsibly disclosed six major vulnerabilities in Realtek’s RTL8195A Wi-Fi module that these devices were based on. An attacker that exploits the discovered vulnerabilities can gain remote …

Read More
Vulnerability Discovered in RAUC Embedded Firmware Update Framework

CVE-2020-25860 – Significant Vulnerability Discovered in RAUC Embedded Firmware Update Framework
December 21, 2020

JFrog’s security research team (formerly Vdoo) are constantly researching leading embedded devices and their supply chain. As part of this research, we discovered CVE-2020-25860, a potentially critical vulnerability with CVSSv3 8.8 score in a Robust Auto-Update Controller (RAUC), an open-source framework for firmware updates. JFrog has responsibly disclosed this vulnerability and have worked closely with …

Read More

Popular Tags