Cybernews/ Mend: It’s No Longer a Matter of ‘If’, but ‘When’ an Organization Will Be Targeted by Threat Actors
Daniel Elkabes, lead security researcher at Mend sat down with CyberNews to discuss security best practices for addressing threats.
Read about application security, DevSecOps, license compliance, and software supply chain security.
Daniel Elkabes, lead security researcher at Mend sat down with CyberNews to discuss security best practices for addressing threats.
Mend security has uncovered malicious packages using hex encoding and delayed execution
Risks from application vulnerabilities have multiplied as more applications get developed. To address this issue, Static Application Security Testing (SAST) identifies security vulnerabilities in the custom code written by application developers. Simultaneously, Software Composition Analysis (SCA) safeguards the open-source components that comprise between 60% and 80% of the codebase in modern applications. Join Susan St.Clair,...
Volunteer delegation and charitable donations made to assist and aid those fleeing the crisis in the Ukraine
Learn 3 best practices for effective remediation of the Spring4Shell zero-day vulnerability.
From the factory floor to online shopping, the benefits of automation are clear: larger quantities of products and services can be produced much faster. But automation can also be used for malicious purposes, as illustrated by the ongoing software supply chain attack targeting the NPM package repository. By automating the process of creating and publishing...
CVE-2022-22965, a zero-day RCE vulnerability known as Spring4Shell, has been found in the popular Spring framework for Java apps.
Learn how to set a benchmark of false positives with SAST tools. Know how to measure the success of SAST tools. Understand how Mend SAST Helps.
Discover the top Static Application Security Testing (SAST) solutions, their key features, and what makes a great SAST tool.
How prepared was your firm to handle the Log4j vulnerability that was announced in December 2021? The best firms were prepared and loaded for bear, and they completely mitigated and remediated their risk within hours of the announcement. What can you learn from their approach and how can you prepare for the next inevitable widespread...
Learn the effects of SAST false positives. Know their common causes. Understand how to address them without sacrificing software quality and security.
Learn how the most popular JavaScript package manager, npm, is being used by malicious actors to launch attacks, run botnets and steal credentials and cryptocurrency. Attend this webinar to: Gain insight into the 1,300 malicious npm packages found by WhiteSource Diffend Learn how threat actors are using npms to launch attacks—and how to stop them...
Understand the types of Ruby supply chain attacks. Learn the best practices for preventing supply chain security risks in your Ruby projects.
Historically, if organizations wanted to automate and enforce application security testing, the best place to do that was within CI/CD pipelines. As time went on, we realized that while pipeline scanning has its place in securing applications, it doesn’t scale as more and more plugins are needed and with that, the task of managing them...
Learn how to implement a software supply chain risk management strategy in your enterprise. Discover risk management best practices, benefits, and more.
Both SAST and SCA tools address software vulnerabilities, while SCA covers open source code and SAST covers proprietary. Here are 7 main differences between these two.
Mend Static Application Security Testing (SAST) technology is the first to automatically remediate security vulnerabilities as well as identify them. CEO Rami Sass explains why and how Mend launched this SAST solution, and the value it brings.
Mend Supply Chain Defender detected and reported more than 1,300 malicious npm packages in 2021, and its researchers have developed this list of facts that are vital to understanding npm package security
Mend Supply Chain Defender detects the new release of a package called @maui-mf/app-auth that used a vector of attack similar to the server side request forgery (SSRF) attack against Capital One in 2019
Key information about a severe flaw (CVE-2021-44142) in the popular freeware, Samba, which enables remote attackers the ability to execute arbitrary code with the highest privileges on affected installations. Discover how it works and how Mend thwarts it.
Join us to learn about typical time frames for NPM vulnerability detection and how to find the quickest and least painful path to remediation.
What you should know about an improper implementation of the pkexec tool in polkit, an out-of-bounds memory access that can be leveraged by a local attacker to escalate their privileges to the system root. Discover how the exploit works and how Mend thwarts it.
An overview of open source licensing trends in 2021 and predictions for what we can expect in open source in 2022
There is a misconception that DevSecOps slows things down and that Agile results in bad software. Here is how they can co-exist with one another.
The announcement of Log4j vulnerability sent security and development teams into a tailspin — not once, but multiple times. Throughout it all, WhiteSource has been providing tools for discovery and automated remediation, and working closely with our customers. Join our experts to learn what has been going on, such as: What percentage of organizations were...
Mend Chief Scientist's top tips to thwart the risks from Log4j and reinforce your cybersecurity.
What you need to know about the Log4j vulnerability CVE-2021-44832, and how to remediate it.
Automated Log4j Remediation Rules Now Available for Mend Renovate and Remediate.
The Log4Shell vulnerability can also impact ruby and other non-java applications. Here’s what you need to know.
As Kubernetes adoption grows, its attack surface expands with it, allowing bad actors to find and exploit vulnerabilities in the cloud-native stack. In addition, the complexity of Kubernetes and the lack of proper security controls make the attacks targeting Kubernetes clusters and containers hosted in them a real risk for organizations. With the threat landscape...
When the zero-day vulnerability in Log4j was reported, most organizations immediately sprung into action. But anyone who’s dealt with a vulnerability this critical and ubiquitous in an enterprise organization knows it’s not an easy task. Even with the right tools and policies, mitigating this type of threat is always a challenge. In this webinar, our...
What you need to know about Log4j Vulnerability CVE-2021-45105, and how to remediate it.
What you need to know about Log4j Vulnerability CVE-2021-45046, and how to remediate it.
Research shows that open source supply chain attacks are now the #2 most common attack vector. The breach of SolarWinds showed just how devastating a software supply chain attack can be. Protecting the software supply chain is a complex challenge that includes code signing, identity and access management, policy and software composition analysis (SCA).
How to remediate the newly published critical vulnerability in Apache’s widely popular Log4j Java library, CVE-2021-44228.
When you ask developers their thoughts on security, they’ll likely tell you security is slowing them down and getting in the way of their ‘actual’ job. But it doesn’t have to be that way; with the right tools and processes in place, the friction between developers and security teams can be reduced, if not eliminated...