JFrogプレスルーム

The security holes, discovered by researchers from ​​Forescout Research Labs and JFrog Security Research, can be exploited by an attacker for remote code execution, denial-of-service (DoS) attacks, information leaks, TCP spoofing, and DNS cache poisoning. 

Security researchers from security teams at Forescout and JFrog have disclosed today 14 vulnerabilities that impact a popular TCP/IP library named NicheStack commonly used in industrial equipment and Operational Technology (OT) devices manufactured by more than 200 vendors.

Malicious libraries capable of lifting credit card numbers and opening backdoors on infected machines have been found in PyPI according to the JFrog security research team.

Security researchers blame the repository’s lack of moderation.

The discovery is the latest in a long line of attacks in recent years that abuse the receptivity of open source repositories, which millions of software developers rely on daily. 

As many as eight Python packages that were downloaded more than 30,000 times have been removed from the PyPI portal for containing malicious code. 

The acquisition delivers end-to-end continuous security from development to device in a unified DevOps platform

JFrog today announced that it will report financial results for the second quarter of fiscal year 2021 on Thursday, August 5, 2021.

DevOps platform provider JFrog is touting its new Private Distribution Network (PDN) as an “industry first,” because it allows DevOps teams to accelerate application updates.