Application Security Trends

Traditional security is well past its expiration date. Learn about the latest trends in AppSec in these posts, from DevOps to SAST and everything in between.
iStock_000021392169Small

The Worrying Security State of CMS Platforms

Mar 17, 2014 By Sharon Solomon | The use of Content Management Systems (CMS) is on the rise. Over 20% of the top 10,000 websites today rely on CMS platforms, namely WordPress, Drupal and Joomla. But the quick setup and customizable functionality come at a price. Security issues are being exposed and exploited by cybercriminals.
Checkmarx’s Research Lab studied the vulnerabilities in WordPress plugins and the findings were not quite encouraging. 20% of the 50 most popular WordPress plugins used today were found to be vulnerable to web attacks.

Read More »
iStock_000018742597Small

Mobile Friday: Backdoor Exposed in Samsung Smartphones

Mar 14, 2014 By Sharon Solomon | Smartphones are getting smarter and the risks involved in using them are also getting bigger. More and more security issues are popping up in today’s mobile phones. The latest high-profile vulnerability has been exposed in a wide range of mainstream Samsung devices, sold in millions all around the world.
Replicant has published a proof-of-concept software that can access files on numerous Samsung devices thanks to a backdoor in their proprietary software. The researchers have also shown how the vulnerability can be patched and fixed.

Read More »
iStock_000031268648Small

Cridex Banking Trojan Still Alive and Kicking

Mar 12, 2014 By Sharon Solomon | The Cridex Banking Trojan is wreaking havoc in Europe, especially in Germany. Hackers are implementing the traditional phishing methodology to trick victims into compromising their banking information. The Cridex malware has now officially overtaken the ZeuS Trojan and its clones thanks to the recent activity spike. Six different URL schemes are being used to cover-up the spam campaigns. The malicious mails are masked with graphics and text from German commercial giants such as Telekom (almost half of the infected URLs), Volksbank, Vodafone and also NTTCable.

Read More »
iStock_000019119199Small

Windows XP Dying Maliciously, Zero-Day Attacks Imminent

Mar 10, 2014 By Sharon Solomon | Microsoft has announced that all official Windows XP support will be terminated on April 8, 2014. But despite the fact that zero-day is just around the corner, millions of businesses and individuals are still using the legacy platform, making them extremely vulnerable to hacking and malware attacks. The Windows XP platform’s ecosystem is officially going to expire. Launched in 2001, Microsoft ended its mainstream support for the platform in April 2009. A 5-year support plan was then announced following the platform’s huge success.

Read More »
puffchat-300x266

Pass on Puffchat, A Less Secure Snapchat

Mar 06, 2014 By Sarah Vonnegut | It’s telling enough when a private messenger is found to be leaking user information and the private messages it had promised to keep secure. But when a “secure” alternative to the private messenger has been found to be just as – if not more – risky, the jury is apparently still out on what a secure messaging app actually means.
And that’s where we are today, after the supposed ‘answer’ to hackable Snapchat, Puffchat, has also been found to be highly exploitable. The service, whose Twitter bio describes it as “the texting alternative to Snapchat – The evidence is gone forever,” contains several vulnerabilities, rendering it much less secure than it markets itself as and falsely representing itself.  

Read More »
Russia

Uroburos Spy Malware; From Russia With Love

Mar 05, 2014 By Sharon Solomon | The political tension in between Russia and the USA is mounting and the latest cyberweapon revelation is not going to help calm the relations. German security firm G-Data has exposed Uroburos, a sophisticated and complex rootkit that has been infiltrating US related targets for more than 3 years. Uroburos has also been analyzed and broken down by the aforementioned German research lab. The source code revealed comments written in Russian, which means that the Russian government is probably behind the espionage software.

Read More »
yahoo-logo-300x70

Your Weekly Security Wrap-Up: Yahoo, Sears, YouTube & More

Mar 02, 2014 By Sarah Vonnegut | Yahoo’s in the news again with a new vulnerability (now fixed) and a starring role, unknown to them, in the Brit’s surveillance methods. With Sears possibly facing another breach and a cache of 360 million user credentials found for sale on the black market, there’s a lot to know about so take a few minutes and catch up on all you may have missed!

Read More »
iStock_000028848854Small-226x300

Crypto Flaws For All & The Weeks Other Security News

Feb 23, 2014 By Sarah Vonnegut | SSL encryption was the name of the security game this week, with major vulnerabilities –now fixed – facing both iOS and WhatsApp users and Neiman Marcus released a new analysis of their recent breach – and apparently someone was NOT paying attention. Catch up on all last week’s stories before RSA USA takes over your life!

Read More »
iStock_000019354781XSmall

Kickstarter Website Compromised; InfoSec Executives On Alert

Feb 19, 2014 By Sharon Solomon | The hacks just keep on coming. Kickstarter, arguably the world’s largest crowdfunded website, has joined the list of high-profile casualties. The site suffered a serious data breach that has probably led to the leakage of personal information and data, including encrypted passwords that can easily be cracked. Kickstarter had no idea that their database was compromised until they were alerted by law enforcement officials. The website technical team then patched up the security glitch and asked all users to replace their old passwords with secure ones. It was announced that no credit card data was compromised, but there is no guarantee that the hackers won’t be able to harvest even this data. While still not announced officially, SQL Injections were probably implemented in the intrusion.

Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.

SUBSCRIBE