In this, the second of three blog posts, we continue to examine the issues discussed in our recent webinar, “Software and Application Security Challenges and Opportunities in Banking.” In the webinar, Rhys Arkins, Mend’s VP of Product Management, was joined by James McLeod, Director of Community of the Fintech Open Source Foundation (FINOS); Kate Stewart, VP of Dependable Embedded Systems at the Linux Foundation; and Amol Shukla, Executive Director of Engineering at Morgan Stanley, to
This post offers details on the Control Web Panel Vulnerability, CVE-2022-44877, which is actively being exploited in the wild. If you are using Control Web Panel in any version below 0.9.8.1147, make sure to patch as soon as possible. While CVE-2022-44877, a critical vulnerability affecting Control Web Panel (a popular free, closed-source, web-hosting interface), has received an official patch on October 25th 2022, evidence of active exploitation of the vulnerability are starting to accumulate.
Adopting cloud technologies is one of the most common tech strategies followed by modern organizations. This may be due to various reasons depending on the nature of the business. But there are a few standard components that span across most domains, not least the fact that cloud vendors allow developers to easily create and take down resources on the cloud with minimal effort.
Organizations are facing a variety of software-related risks, and vulnerabilities introduced in the development process are just one of them. The sooner they can figure out where these risks exist and how to address them, the better they can mitigate them and bolster their overall cybersecurity profile. In a series of posts, we will take a look at some of the key software risks organizations are grappling with today. First up: vulnerability risk that emerges during software development.
The banking and fintech industries live and die on the reliability of the online services they offer. It’s vital that the sensitive data that the industry handles is robustly protected, and that the software and applications that it uses are secure. For effective software and application security, it’s critical that banking and fintech organizations rapidly detect, identify, and remediate software vulnerabilities.
I predict that 2023 will be the year of Passkeys. Passkeys are a new passwordless authentication method allowing users to create online accounts and sign in without entering a password. Passkeys have been years in the making and finally, industry fido alliance collaboration (fido2) and the adoption between Apple, Microsoft, and Google have now made it a reality. Passkeys leverage the WebAuthn API to let users log into various websites and applications.