Posts by Sarah Vonnegut:

iStock_000031576982Small-300x219

This Week in AppSec: December 23–29, 2013

Dec 29, 2013 By Sarah Vonnegut | Christmas week did not exactly bring out the best in some this year – especially when it came to breaches and vulnerabilities. Between Target’s mess of 40M customer records breached, Snapchat’s security fail, Samsung’s vulnerability and Dogecoin’s first hack on Christmas Day, the last full week of 2013 was not Application Security’s best. Let’s take a look, shall we?

</Read More>
dogecoin

The Grinch Who Stole Christmas – And 30 Million Dogecoins

Dec 26, 2013 By Sarah Vonnegut | Hundreds of owners of the cryptocurrency Dogecoin awoke on Christmas to a not-so-cheery discovery: their digital wallets had been cleared out. Someone has stolen at least 30 million Dogecoin from Dogewallet.com, one of the largest sites being used to hold Dogecoins. The discovery came after Dogecoin forum users began posting complaints that their funds were disappearing without their authorization. The attack apparently targeted the site themselves, the hacker modifying the sites’ receiving page to ensure transactions came straight to the thief’s’ account. The site has since been shut down and the site’s owners are now investigating the digital robbery.

</Read More>
alan-turing

4 Innovations Alan Turing Contributed To Computer Science (And The World In General)

Dec 24, 2013 By Sarah Vonnegut | “Can machines think?”
Or “can machines do what we (as thinking entities) can do?” Eerie questions to ponder, especially in these tech-forward days with drones that hack other drones mid-air, robots that move like animals, and whatever new thing Apple comes out with. But it’s a question that was first posed to the world 77 years ago, before the first computer was even designed – and way before Siri could ask how she could help us.

</Read More>
iStock_000020855515Small-300x225

This Week In Application Security: December 16-22, 2013

Dec 22, 2013 By Sarah Vonnegut | If we’re measuring it in cyber-drama, it’s certainly a holiday season to remember!  The past week saw what is potentially the most damaging data breach of 2013 with over 40 million Target customers at risk of credit fraud. On top of that, a major media site got hit for the third time in the same number of years, Israeli-security firm RSA had an NSA kind of week, and a report exposed a newly discovered type of side channel attack using just your computer sound to decrypt sensitive data.

</Read More>
A-Black-Friday-Breach-Nightmare-300x300

Black Friday Breach Nightmare: At Least 45 Million Target Customers Affected

Dec 19, 2013 By Sarah Vonnegut | Target’s famous bullseye logo attracted some malicious arrows over the holiday shopping season as the national retail chain was the target of a major data breach that may be much more serious than first thought as details emerge.
The data breach will potentially affect hundreds of thousands, perhaps millions, of Target customers that shopped in-store at any of the American retail giant’s 1,800+ locations in the U.S. and Canada between Black Friday and December 15th. Brian Krebs, who first reported on the story on his blog, spoke with several sources that corroborated the same story: Target is currently working with the Secret Service to determine the perpetrators, cause, and outcome of an incident in which the data stored on customer’s magnetic card stripe was stolen.

</Read More>
iStock_000014233931Small-200x300

Dept. of Energy Breach: What Went Wrong & Key Takeaways

Dec 17, 2013 By Sarah Vonnegut | The Department of Energy (DOE) has released more details about the July 2013 DOE Employee Data Repository (DOEInfo) incident in which the Personal Identifiable Information (PII) of at least 100,000 past and current federal employees – but possibly as high as 150,000 – was exposed.   According to the 28-page review conducted by Gregory H. Friedman, the DOE’s inspector general, leaked details included full names, social security numbers, birth dates and places, security questions and answers, education and even details of employee disabilities.

</Read More>
iStock_000012867450Small-300x224

Application Security News – December 9 – 15, 2013

Dec 15, 2013 By Sarah Vonnegut | In this week’s AppSec digest, NSA agents spy on World of Warcraft Orcs, Facebook acts like a Nosy Nancy, Gmail auto-downloads all your advertise – I mean images, and CryptoLocker copycats emerge. Get informed about the latest news in security and start your week out fresh.

</Read More>
iStock_000017210019Small-203x300

5 Recommendations From Top CISO’s For A More Secure Future

Dec 12, 2013 By Sarah Vonnegut | 19 of the top CISO’s and security executives from around the world came together to give their advice on what security teams should be focusing on in the New Year. This week, the Security for Business Innovation Council (SBIC) released an in-depth report expounding on the suggestions. The major industry thought leaders included FedEx CISO and VP of Information Security Denise D. Wood, Coca Cola’s CISO Renee Guttmann, and Intel Chief Security and Privacy Officer Malcolm Harkins, among other security big shots. 

</Read More>
Google-Logo-300x106

Faux Google SSL Certificates Issued By Finance Ministry in France

Dec 10, 2013 By Sarah Vonnegut | Google spoke out this week after security engineers discovered fake SSL certificates linked to a French government agency earlier this month. On December 3rd, security engineers found that a government agency in France was using unauthorized digital certificates on various Google domains, including Gmail, which allowed the agency to act as man-in-the-middle of private domains and sites they did not own.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.