Operations | Monitoring | ITSM | DevOps | Cloud

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to avert potential software supply chain security threats, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community. Most recently we disclosed 25 malicious packages in the npm repository that were picked up by our automated scanning tools.

In December, information security researchers discovered a serious vulnerability in the popular open-source logging library, Log4j. If exploited, this vulnerability, known as Log4Shell, could allow malicious attackers to execute code remotely on any targeted computer. Millions of computers use Log4j. According to one study, 93% of all cloud environments are affected by the vulnerability.

If there is one thing that the pandemic has given us apart from a “new normal,” it's the massive spike in ransomware attacks across the globe. Despite law enforcement agencies telling victims to avoid paying ransoms, the average amount of rin 2021 exceeded a whopping $102 million per month.

With the introduction of Cloud computing services, let it be the Family photo sharing feature on iPhone or documents on Google Drive, sharing and keeping up-to-date information became easier than ever before. All Cloud-based products require no direct resource management from the user and ultimately create one of the most popular ways to store data whether you’re a scholar writing an essay or a new business owner trying to build an online shop

Gartner introduced a new security architecture called Security Service Edge, or SSE, back in March 2021. Now finally, after a long wait, they’ve just published their first Magic Quadrant for SSE in February 2022. This begs the question, is SASE dead? To answer, we need to look at what is SSE vs SASE, and what are the challenges SSE addresses. For easy reference, Gartner created the following SSE definition.

Though you may be approaching SD-WAN with great anticipation, the old adage, ‘fail to prepare, prepare to fail’ has never been more relevant. Embarking on an SD-WAN project can be a complex process that requires a great deal of forward planning.

Many enterprises still struggle to get security right. To protect their business, it is critical they focus on security during the entire infrastructure and application lifecycle, including continuous integration (CI). Developers are becoming more autonomous as they transition to a DevOps way of working, with more people requiring access to production systems.

As the Everywhere Workplace continues to expand across the world, businesses demand the solutions they choose have the security, speed, reliability and the power to handle larger and ever-more complex data while remaining easy to manage, easy to deploy and easy to maintain. As the work-from-home movement continues to ripple across every industry, ensuring employees have the tools and connectivity they need anytime, anywhere is the key to success.

Who would have thought software could rattle the White House? But a vulnerability in Log4J, a popular open source software project, exposed critical digital infrastructure to remote code execution attacks. This prompted the US Government to engage big tech, infosec professionals, and open source organizations to come together to help secure open source software.

News over the last few years has been thick with reports of major data breaches on corporate network infrastructure. In the cases of the Panama Papers, the OPM leak, and the Hacking Team leak, the results were catastrophic leaks of extremely confidential information. In truth, a determined and well-resourced attacker can always find a way in.