The banking and fintech industries live and die on the reliability of the online services they offer. It’s vital that the sensitive data that the industry handles is robustly protected, and that the software and applications that it uses are secure. For effective software and application security, it’s critical that banking and fintech organizations rapidly detect, identify, and remediate software vulnerabilities.

Kubernetes adoption has rocketed into ubiquity. At this point, 96 percent of organizations are either using Kubernetes for container orchestration or evaluating its use, according to the latest Cloud Native Computing Foundation annual survey. But this doesn’t mean that Kubernetes isn’t without security risks. The flexibility of container applications and their capability to carry discrete components that interact over the network present security challenges.

Our research team here at Mend has identified a new kind of malicious code that attackers can use to exploit genuine concerns about security and licenses. The code in the case below is used to prevent people from using unlicensed software, specifically by removing the code if it detects that the software is not licensed during the deployment stage. The code is tricky to understand and uses a web request to check if the software is being used legally.

At this point, it’s not too much to say that open source software runs the world. The GitHub Octoverse 2022 report shows that 90 percent of companies use open source, which appears in the vast majority of applications today.

The ongoing rise in open source vulnerabilities and software supply chain attacks poses a growing threat to businesses, which heavily rely on applications for success. Between 70 and 90 percent of organizations’ code base is open source, while vulnerabilities such as Log4j have significantly exposed organizations to cyberattacks.

The ongoing rise in open source vulnerabilities and software supply chain attacks poses a significant risk, and it will only increase. According to the Mend Open Source Risk Report, modern security best practices such as software composition analysis (SCA) are vital for stemming the rising tide of open source vulnerabilities in applications and software.

Attacks targeting the software supply chain are on the rise. Indeed, data from the Mend Open Source Risk Report shows a steady quarterly increase in the number of malicious packages published in 2022, with a significant jump in Q3, which jumped 79 percent from Q2. The European Cybersecurity Agency (ENISA) predicts that supply chain attacks will increase fourfold by 2022.

Application security is an essential part of the software development lifecycle, and getting it right should be a top priority in today’s ever-evolving and expanding digital ecosystem. Application security is the practice of protecting your applications from malicious attacks by detecting and fixing security weaknesses in your applications’ code.

Although it’s the holiday season, the festive spirit doesn’t extend to cyber attackers, who consider this a great opportunity to cause havoc. But the Mend research team doesn’t rest, and remains alert for threats and vulnerabilities. Our vigilant team has detected an attack on npm packages that utilized typosquatting to compromise nearly 300 NPM packages. Let’s take a look at the nature of the attack and what we did to protect our systems and our users.

Software applications are the weakest link when it comes to the security of the enterprise stack. In The State of Application Security, 2022, Forrester reports that the majority of external attacks occur either by exploiting a software vulnerability (35 percent) or through a web application (32 percent). Source: Forrester: The State of Application Security 2022