Posts by Sarah Vonnegut:

The-Week-in-AppSec-News-300x300

The Sochi Hacking Scare Take Down & The Rest of The Weeks Best

Feb 09, 2014 By Sarah Vonnegut |  
This week, NBC got called out for a slightly exaggerated report of hacking in Sochi (hint: they weren’t even in Sochi); SnapChat got hit with another vulnerability report; Target was hacked via their A/C and heat guys and more. Here’s a short n’ sweet version of the weeks’ news you may have missed.

</Read More>
syrian-electronic-army-facebook-300x168

Facebook Almost Hacked By The SEA: “Happy Birthday, Mark!”

Feb 06, 2014 By Sarah Vonnegut | The notorious hacker group Syrian Electronic Army (SEA) is stirring up trouble again, this time with Facebook. Overnight, the group claimed to pwn the Facebook.com domain, posting a screenshot of the WHOIS info on its Twitter. ‘Happy Birthday Mark,’ the tweet taunted, referring to Facebook’s recent 10th birthday. The registrant data indeed reflected that the email address had been changed to a Syrian Gmail account. 

</Read More>
Adobe-Flash-Player

Patch It Up Pronto! Critical Zero-Day Update For Adobe Flash

Feb 04, 2014 By Sarah Vonnegut | After discovering a previously unknown remote exploit, Adobe Systems, Inc. has released a critical security patch for Flash Player. They are urging all users to download the latest version as soon as possible.The security bulletin said that the updates are meant to address a critical security vulnerability that would allow a malicious attacker to remotely exploit the affected computer. Adobe said they are aware of reports stating that this exploit exists in the wild.

</Read More>
5858249526_2298a25375_b-300x225

The Harrowing Tale of the Hack of @N & the Week’s Other Big Security Stories

Feb 02, 2014 By Sarah Vonnegut | A full plate of social engineering, another serving of Syrian Electronic Army mischief and a dessert course of ChewBacca malware made the security menu this week. It was the week we learned about how far one will go to keep and to steal a monosyllable Twitter handle, what grudge the SEA holds against PayPal and more – take a few minutes and catch up with all you missed!

</Read More>
iStock_000021735664Small-300x208

Credit Card Breach Being Investigated By Hotel Management Co.

Feb 01, 2014 By Sarah Vonnegut | A company that manages some of the biggest name brand hotel franchises across the U.S., including Hilton, Westin, Marriott and Sheraton, has apparently been dealing with a potential data breach where thousands of guests’ credit card data was stolen over a period of at least nine months.

</Read More>
flickr-300x199

NSA Uses Angry Birds, Google Maps, & Other ‘Leaky’ Apps To Spy

Jan 28, 2014 By Sarah Vonnegut | We’re already well-informed of just how far-reaching the NSA’s data-tapping techniques are, but newly published leaks have taught us more methods to the NSA-madness. According to new documents furnished by Edward Snowden, the NSA and British-counterpart GCHQ have been tapping into commercial data troves collected by popular smartphone apps like Angry Birds and Google Maps as well as their third party advertisers. The information ranges from your gender to where you’re located to where you’re planning on going – and more.

</Read More>
michaels-300x199

Crafty Hackers & Other AppSec Stories This Week

Jan 26, 2014 By Sarah Vonnegut | Breaches seem to be hitting every country across every industry these days. This week was no better. Not only did the biggest craft store in the U.S. disclose a breach affecting an unknown number of credit card users, but nearly 40% of South Koreans as well as 16 million Germans are dealing with the affects of major breaches in each of those countries. With the list of 2013’s worst and most overused passwords wrapping up the week’s news, let’s hope the rest of 2014 is a more secure year.

</Read More>
iStock_000018034077Small-210x300

Google Turns Deaf Ear to Speech Recognition Exploit in Chrome

Jan 23, 2014 By Sarah Vonnegut | Each new technology seems to emerge together with exploitable baggage. Speech recognition, for example, is being used in rising technologies from Siri to smart homes and is evolving quickly. While speech recognition has the potential to make life much easier and quicker, like any technology it comes with flaws. In this case, a Chrome browser exploit involving Google’s speech recognition technology that was discovered and reported to Google and has yet to be fixed.

</Read More>
giovanni-vigna

Preparing the Cyber-Cops of Tomorrow: Interview with Giovanni Vigna

Jan 22, 2014 By Sarah Vonnegut | Each year, hundreds of hackers gather in computer labs around the world. Their goal? Like any other hackers, their goal is to manually exploit application and network level flaws in servers across the globe. If it sounds malicious, it’s just because it mimics real world vulnerability exploitations that happen every day. In fact, this specific activity is meant to be educational – and the hackers in question are actually students hacking from their universities.
This year, 123 teams from around the world simultaneously connected to UCSB’s servers from their respective countries for the iCTF ‘Capture the Flag’ competition. The theme was “Nuclear Cyberwar,” and each team was to patch and keep their own nuclear enrichment plant secure before trying to hack other teams’ system by seeking out and exploiting system flaws.
The competition was grown organically out of Vigna’s advanced computer security classes as well as his own experience with CTFs; in fact, his team, Shellfish, won the 2005 DefCon Capture the Flag. As a professor, Vigna would hold a vulnerability analysis contest at semesters’ end, where half the class would act as attacker and the other half defenders. It soon turned into a hacking contest and then became so popular that other professors took notice. The rest is hacking history. The competition has grown from 12 students in the U.S. to 1,300 participants from 40 different countries this year.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.