According to a McClatchy-Tribune report this month “Chinese attempts to collect U.S. technological and economic information will continue at a high level and will represent a growing and persistent threat to U.S. economic security.” The FBI, Department of Homeland Security and the Justice Department’s national security division have raised concerns in granting an international service license to China Mobile, making it easier for China to spy on the U.S. or steal intellectual property from U.S. companies.
Cyber-security must gain consciousness amongst the public; a survey found that the nation’s Internet Security awareness had fallen 35 points since last year. That means Americans went from being “seriously concerned” about cyber threats to “moderately concerned.” unfortunately this deterioration appears at a time when malware targeting mobile devices used to access the Web are soaring.
Over the past year there has been a large increase in downloading applications from Apples App Store, which allow users to easily send and receive money. Gartner predicts that by 2014 there will be more than 70 billion mobile application downloads each year.
Understanding this, we would expect concurrant growth in security concern or at least for it to be a top priority. Surprisingly results of a small survey that was held amongst 200 developers showed that security was placed on the bottom of their priority list after, functions and features as specified or envisioned, performance, usability, uptime and maintainability.
The developers of Ruby on Rails, successfully identified a big vulnerability which was facilitating their attackers to execute SQL commands on the database server. An SQL Injection attack can prompt the database to cough up sensitive information or allow the hacker to read unauthorized information.
The vulnerability exists in a few of their versions and was only exposed when using nested query parameters.
A further weakness with query generation was also found.
For more information please go to:
According to the Verizon 2012 Data Breach Investigations Report, more than 1 billion records have been compromised due to breaches and only eight percent of breaches were discovered internally. The recommended method of preventing vulnerabilities is by integrating a secure coding tool into the software development life cycle (SDLC) process. Many organizations that focus on improving security software such as OWASP, agree that static and dynamic application testing is the most effective process, preventing over 90 percent of the problems.
PC- World is taking responsibility for whatever it was that went wrong this past Thursday evening and early Friday morning preventing users access to their Facebook accounts. Users were asked to reenter their credentials a number of times, packets were being lost at Facebook locations all around the globe and checkpoints were unavailable in San Francisco and Moscow. During the service disruptions an unknown host message was posted to YourAnonNews Twitter account which read- “Oh yeaha| RIP Facebook a new sound of tango down bi….s”.
Despite the increased vigilance in cyber-attacks, breaches continue to be relatively common in particularly amongst universities. An undergraduate student is responsible for a breaking into a university database and revealing the information of over 650,000 students, parents and employees. The system that was built over a three-year period at a cost of $29.9 million is based on Oracle’s PeopleSoft Enterprise Campus Solution platform. This system is currently being used by more than 800 universities in 20 different countries. Earlier this year personal records of approximately 350,000 students, at the University, were exposed and accessible over the Internet because of a system misconfiguration.
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.