Posts by Sharon Solomon:


7 Tips For Choosing The Right Tool To Secure Your Application

May 14, 2014 By Sharon Solomon | With more and more leading applications and websites are being hacked, internet users are thinking twice before sharing personal information online. With hacktivism, commercial espionage and criminal hackings on the rise, it has become extremely crucial to safeguard databases and make sure that adequate application-layer security is in place. Unfortunately, the responsibility for providing this security often falls on the narrow shoulders of the QA teams. Operating under tight deadlines, they already have their hands full and eventually fail to address the glaring security issues. Not all companies have the resources needed to enjoy the services of staff trained to tackle vulnerabilities. Even hiring skilled security professionals is not always “pocket-friendly”. But there is good news. Healthy coding practices and smart vulnerability tool selection can help boost your product’s “immunity” and minimize the need for post-production maintenance.

</Read More>

Mobile Sunday: Viber Encryption Troubles Putting Millions at Risk

May 04, 2014 By Sharon Solomon | The Viber instant messaging app has become a household name, with over 200 million downloads worldwide. This cross-platform software is also compatible with desktops and provides unique functionality. But researchers at the University of New Haven have now exposed the lack of data encryption in the popular mobile app, a serious security problem. This is the second IM vulnerability exposed by the UNH experts this month, with the previous one being found in the WhatsApp messenger. The Facebook-owned service was found to give away user location in an unencrypted and open form. Viber is now feeling the heat. Hackers can easily perform man-in-the-middle attacks to harvest sensitive user data. Its even possible to retrieve messages including photos, videos and location-related data from the Viber servers.

</Read More>

Chrome Eavesdropping Bug Exposed; Researcher Endorses SCA

May 01, 2014 By Sharon Solomon | Google Chrome has come a long way since its initial release back in 2008. Almost 60% of the users today prefer the Google-made browser. But even this fast and responsive browser has its vulnerabilities. Hackers can now eavesdrop on unsuspecting users and convert their voice to text without prior consent.  

</Read More>

Checkmarx Heartbleed Vaccination Now Available

Apr 29, 2014 By Sharon Solomon | Checkmarx has now released an update that scans your application source code for the Heartbleed-vulnerable library code.  The Heartbleed vulnerability had affected almost half a million secure web servers, certified by trusted authorities, by the time it was exposed. The bad news is that the problem still exists. More than 2% of the Alexa world top 1,000,000 websites are still susceptible to attack.

</Read More>

Mobile Sunday: GoogolPlex Hack Takes Siri To Risky Levels

Apr 27, 2014 By Sharon Solomon | Imagine unlocking your car by simply talking to your iPhone. Or would you rather chat with your washing machine or dish-washer while at work? All these actions can soon become possible thanks to an innovative Siri hack called GoogolPlex, which was developed and implemented by a group of American youngsters. GoogolPlex was recently demonstrated by a group of freshmen from the University of Pennsylvania – Ajay Patel, Alex Sands, Ben Hsu and Gagan Gupta. They managed to manipulate the Siri feature, which is preinstalled in all Apple devices running the latest iOS 7 software. While very convenient and functional, this unofficial hack can potentially enable cybercriminals to infiltrate people’s homes and cars to achieve harmful results. Apple has refused to comment on the revelations and no security patch has been released so far.

</Read More>

Top-Selling WiFi DSL Modems Routing Hackers Your Way

Apr 24, 2014 By Sharon Solomon | WiFi DSL routers have become a staple part of all professional computing setups. Unfortunately, wireless communication also introduces numerous vulnerabilities. A massive backdoor was found in popular NetGear, Linksys/Cisco and SerComm WiFi DSL modems back in December 2013. Security patches released by the companies have not solved the problem. More than 20 popular models sold worldwide have been found to possess the vulnerability. Once remotely in control of the router via a compromised port, the hacker can gain “root shell” access and send malicious commands to the device. Thousands of customers were expecting to mitigate the problem with the patch, but the desired result was not achieved. Owners of the vulnerable routers will have to adopt a pro-active approach to safeguard their networks since the backdoor still exists.

</Read More>

Mind Your Fingers. Samsung Galaxy S5 Fingerprint Scanner Exploited

Apr 22, 2014 By Sharon Solomon | Fingerprint scanners are becoming the rage in the smartphone industry. Apple introduced its proprietary sensor in its flagship 5s device last year and Samsung has done it recently with its new Galaxy S5 model. But its not all good news. The Korean manufacturer’s latest security solution can be rendered useless with a simple home-made PCB mould.  

</Read More>

Mobile Sunday: Sandroid Trojan; From Russia with Love

Apr 13, 2014 By Sharon Solomon | The smartphone revolution is enabling the harvesting of banking information and credit card numbers in new ways. There were almost 100,000 malicious modifications to mobile malware in 2013, with over 98% connected to the Android platform. Sandroid is the latest high-profile mobile Trojan, wreaking havoc amongst middle-east banking customers.  

</Read More>

All You Wanted to Know About the Heartbleed Bug

Apr 10, 2014 By Sharon Solomon | The steep rise in E-commerce and online transactions has made application security a major priority. SSL and TLS protocols were the benchmarks of online safety until recently. Everything changed when Random Storm, a British security company, exposed the Heartbleed bug. This major vulnerability has simply dented the once reliable OpenSSL technology. Hundreds of websites have been at risk since the vulnerability was introduced back in 2011. The extent of damage is not yet known. Millions of passwords, usernames and credit card numbers could have been compromised due to this breach. All CISOs and Security executives are busy re-configuring their networks and changing passwords for sensitive accounts. The panic is justified as more than two-thirds of the servers today completely rely on the OpenSSL protocol as their security backbone.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.