What’s HOT in Application Security Vol #30

Sep 30, 2012 By asaphs

Hackers breach major Canadian based control system technology supplier

Hackers have within the last few days managed to hack a major Calgary based technology company, Telvent Canada, known to be major suppliers of control systems for electrical grids, public water systems, public transport functions and most of Canada’s oil and pipelines. Insiders say the hacking was substantial enough to warrant the intervention of the Canadian spy service, the RCMP and the federal government’s special cyber response agency.

An even greater threat is the potential of hackers remote control over major utilities that could potentially be extremely damaging to public services. This is a growing fear of many governments and governmental institutions.

As of yet it is not clear as to where this latest cyber-attack may have come from. The company did reveal that the corporate network breach did affect ‘some customer files’. The company however, is keeping quiet about the importance of the stolen data and whether it was significant enough to cause another potentially very damaging attack.

For more information please go to:


Arab hackers attack western sites over anti-Islamic American film

An anti-Islamic film American film called ‘Innocence of Muslims’ has wrought outrage in the Middle East due to the films heavy insults on the Islamic prophet Mohammad. The hacking group who call themselves the Arab Electronic Army have already attacked several western sites and claimed that they would continue targeting more.
In an email sent to the Al Arabiya News Channel, the group claimed that the so called ‘campaign to defend Allah’s prophet’ had participants from Saudi Arabia, Morocco and Syria.

Cyber-attacks from the Middle East have recently become much more prevalent. According to Reuters, this year alone Iranian hackers have reportedly attacked important American financial institutions such as, Bank of America, JPMrgan Chasse & Co. and Citigroup. Most of the attacks were denial of service attacks that are believed to be in retaliation for western sanctions against the pariah state.

For more information please go to:


Web applications, still third most common attack vector

Hacking as a whole is on the increase, with web applications being the third most popular attack vector. Hackers aren’t always your typical cyber criminals, looking to make easy, illegal money. Often hackers are political activists, amateurs, organized crime groups or even government agencies.

The migration to complex technology, the growing adoption of web 2.0 functionality and powerful features of HTML5 has actually enabled the hackers in exploiting holes in web application security. The consequences of these breaches are well documented and go way beyond the compromised data. Many high profile attacks have caused millions of dollars in loses.

Recently, it transpired that a civilian was able to gain access to the Bank Of France internal data by using the password ‘123456’, which shows exactly how seriously even the largest corporations see this risk.  However, generally speaking it is the complexity of the attack itself, combined with the type of data which determines exactly how much damage a hacker can do.

It can be seen, however, that an organization with zero vulnerabilities, is an organization that has taken care during development, but even this is not enough, the code must then be examined after compilation, to test for vulnerabilities which may not have been known at the time of development. Using this method, ensures a safer web application, and less embarrassment on the part of the organization. However, if your internal password is ‘123456’ and you’re one of the largest financial institutions in Europe- perhaps it’s better for you to learn from the school of hard knocks!

For more information please go to:

The following two tabs change content below.

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.