On July 24th 2024, Curl maintainers announced a new stack buffer Use After Free (UAF) vulnerability – CVE-2024-6197. This type of vulnerability is very uncommon since UAF issues usually occur on the heap and not on the stack. While the vulnerability can be easily exploited for causing denial of service, in this blog we will …
While researching CVE-2024-38428 in GNU’s Wget, our team found a new 0-day vulnerability. The vulnerability, later assigned CVE-2024-10524, may lead to various types of attacks – including phishing, SSRF, and MiTM. These attacks can have severe consequences such as resource restriction bypass and sensitive information exposure. Upon discovering this vulnerability, our team responsibly disclosed it …
Note: This blog post was previously published on DevOps.com Imagine if the world’s most pervasive programming language, used in the majority of organizations, services, websites and infrastructure today, was itself made to be malicious? Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container… due to the popularity of …
On Sunday, June 2nd 2024, a fix commit was pushed for a vulnerability in GNU’s popular Wget tool. Two weeks later, the vulnerability was assigned the ID CVE-2024-38428 and later was classified as a critical vulnerability – with a CVSS score of 9.1. In this blog, we take a dive deep into this threat by …
Note: This blog post was previously published on Hackeroon We surveyed 1,200+ technology professionals from around the globe, including 300+ VP and C-level executives, on their AI/ML usage and software supply chain security efforts. Upon analysis, a surprising gap emerged between what executives believe is happening and what developers and engineers report is happening. Here’s …
With the rapid adoption of AI-enabled services into production applications, it’s important that organizations are able to secure the AI/ML components coming into their software supply chain. The good news is that even if you don’t have a tool specifically for scanning models themselves, you can still apply the same DevSecOps best practices to securing …
An organization’s software supply chain includes all the elements involved in developing and distributing software, such as components, tools, processes, and dependencies. Each link in this important chain presents the potential for security threats. Recent research conducted by Gartner shows a major increase in attacks targeting code, tools, open-source components, and development processes, particularly in …
It’s a wrap! RSA 2024 brought together cybersecurity experts, industry leaders, and innovators to delve into critical topics defining the future of digital security. One of the key themes that garnered significant attention at RSA 2024 was software supply chain security. The Growing Importance of Software Supply Chain Security With 61% of U.S. businesses directly …
Removing friction between DevOps and Security teams can only lead to good things. By pulling in the same direction, DevOps can make sure developers continue to work with minimum interruption, while automation and background processes make security more effective and consistent than before. And, security teams have the visibility and understanding of the software development …
Despite organizations’ best efforts, security threats are on the rise, with malicious actors continuously evolving their tactics. Unfortunately, the situation is only intensifying as hackers from all walks of life leverage artificial intelligence (AI) and machine learning (ML) techniques. To combat these threats, security teams need to implement gates and controls throughout their entire software …
