FOCUS MODE
EXTRACT IOC
Cyber Security News

Top JFrog Security Research Discoveries of 2024

iocOne
Top JFrog Security Research Discoveries of 2024
In 2024, an alarming increase in reported vulnerabilities rose by 40%, exceeding 40,000 CVEs, prompting the JFrog Security Research team’s critical assessments of threats to application security. The team has highlighted significant vulnerabilities in MLOps platforms, Docker Hub repositories, and open-source libraries, exposing users to possible malware and exploitation. Affected: MLOps platforms, Docker Hub, Python Software Foundation, Hugging Face, PyPI, X.Org libX11, XZ Utils

Keypoints :

  • 40% increase in reported vulnerabilities, reaching over 40,000 CVEs in 2024.
  • The JFrog Security Research team emphasizes the importance of protecting software code, including machine learning models.
  • Inherent and implementation vulnerabilities in MLOps platforms were identified.
  • Discovery of ~4.6 million imageless repositories in Docker Hub posing potential phishing threats.
  • Leaked GitHub access token discovered in a public Docker container, risking broad access to repositories.
  • Vanna.AI library found to allow remote code execution through crafted prompts.
  • Malicious model uploaded to Hugging Face providing attackers with backdoor access to systems.
  • “Revival Hijack” attack method identified that can exploit 22K PyPI packages.
  • Two vulnerabilities in X.Org libX11 could lead to denial-of-service and remote code execution.
  • Unauthorized remote SSH access detected in XZ Utils, a trusted package, showcasing supply chain threats.

MITRE Techniques :

  • Execution (T1203) – Remote code execution possible through vulnerabilities in machine learning libraries and other software.
  • Credential Dumping (T1003) – Access tokens leaked via public repositories may lead to credential exposure.
  • Phishing (T1566) – Imageless Docker Hub repositories aim to deceive users into visiting malicious sites.
  • Supply Chain Compromise (T1195) – Attacks targeting the integrity of software packages like XZ Utils.
  • Remote Access (T1210) – Unauthorized SSH access enabled by malicious code in trusted software.

Full Story: https://jfrog.com/blog/top-jfrog-security-research-discoveries-of-2024/

Tags: UNIX, DISCOVERY, PAYLOAD, LINUX, EXPLOIT, CREDENTIAL, BACKDOOR, VULNERABILITY