Application Security Trends

Traditional security is well past its expiration date. Learn about the latest trends in AppSec in these posts, from DevOps to SAST and everything in between.

Crafty Hackers & Other AppSec Stories This Week

Jan 26, 2014 By Sarah Vonnegut | Breaches seem to be hitting every country across every industry these days. This week was no better. Not only did the biggest craft store in the U.S. disclose a breach affecting an unknown number of credit card users, but nearly 40% of South Koreans as well as 16 million Germans are dealing with the affects of major breaches in each of those countries. With the list of 2013’s worst and most overused passwords wrapping up the week’s news, let’s hope the rest of 2014 is a more secure year.

Read More »

Worst Passwords of 2013

Jan 24, 2014 By Sharon Solomon | The results are out. SplashData, a leading password management application provider, has released its annual list of 25 most common passwords found on the net. The list was compiled with the help of data files consisting of millions of stolen passwords, published by leading hackers on the net.

Read More »

ATMs Robbed With Malicious USB Drives

Jan 20, 2014 By Sharon Solomon | Lovers of the “Terminator” movie series surely remember how John Connor used his cool “binary code gadget” to hack into his local ATM machine. Technology has changed a lot since the early nineties, but hackers are still milking ATMs using malware-loaded USB drives. It’s estimated that millions of dollars have already been stolen in Europe alone. ATMs have always been an object of temptation for criminals and fraudsters. While it has become very difficult to physically vandalize and carry away these machines, tampering with their parameters is quite a simple task.

Read More »

Cloned Minecraft for Android Doing the Rounds

Jan 17, 2014 By Sharon Solomon | The underground Android application market is booming. More and more pirated games are available for direct download on the net. One such game, the cloned Minecraft PE, is causing extensive damage all across the globe. Users of the Trojanized version are advised to uninstall the game immediately. The temptation is irresistible for any hardcore gamer. When costly games are available at a discount or even for free, downloading via the black-market becomes a no-brainer for many. But what is often forgotten is that mobile security is seriously compromised. The aforementioned Trojanized version of Minecraft PE, which is still available in various Russian pirate app stores, is a huge security risk. Available for 2.50 Euros, this cloned version infiltrates the system and exploits the victims’ cell phones.

Read More »

DevOps & Security: Top 3 Myths Debunked

Jan 16, 2014 By Sarah Vonnegut | This post is based on our AppSec How-To Paper on Achieving Security in DevOps, which you can access here.
In DevOps, when you’re deploying hundreds, possibly thousands, of features and bug fixes a week, security cannot afford to be an afterthought. The beautiful thing about DevOps is that it’s a process that continues to get more streamlined, faster and more efficient – and your deployments will be that much better if they’re also fully secure before release time comes.

Read More »

Malware Alert: Flashback Trojan Still Alive And Kicking

Jan 16, 2014 By Sharon Solomon | Apple’s Mac OS is considered to be safer than other leading computing platforms. But this reputation was serious dented back in 2011 when the Flashback Trojan was exposed. More than 500,000 Mac users were affected by the malware within months. The bad news is that the Flashback is still active.

Read More »

SMBs: ‘Too Small To Be A Target’ Thinking Won’t Cut It Anymore

Jan 14, 2014 By Sarah Vonnegut | With big name brands like Target and Neiman Marcus getting hit left and right these days, it would be easy to make the assumption that hackers are mostly interested in hacking the big guys, especially with further breached retailers soon to be named. It simply is not the case. Small and medium sized businesses still pose plenty of advantages to hackers.

Read More »

Cryptolocker – Nasty Ransomware Wrecking Havoc Worldwide

Jan 13, 2014 By Sharon Solomon | If you own a PC running Windows, you are vulnerable to Cryptolocker. This Trojan entered the spotlight in late 2013 and is not showing any signs of slowing down. It’s very important to understand and be aware of this fast-spreading ransomware, which has already earned its operators lots of money. The dreaded Trojan initially spread only via emails. Users were sent malicious emails with downloadable files or misleading links. The exploited computer’s data files were then locked until a ransom was paid for the decryption. The news keeps getting worse. Cryptolocker is now capable of contaminating computers with removable USB drives and pirate software activators. Windows users should refrain from using unknown USB drives and must install only official software.

Read More »

This Week in AppSec News: January 6-12th, 2014

Jan 12, 2014 By Sarah Vonnegut | Between more big-name breaches, iOS mobile banking apps found insecure, Microsoft getting hacked by the SEA (again), and Yahoo’s HTTPS service being deemed ‘too little, too late’, the security industry hasn’t had the best beginning to 2014. Will the Personal Data Privacy and Security Act save the year? Senator Patrick Leahy thinks so. Here’s a look at the past week’s top AppSec stories:

Read More »

Target Breach Update: Up to One-Third of US Adults Now At Risk

Jan 11, 2014 By Sarah Vonnegut | The Target breach is nowhere near over. During their forensic investigation, Target has now found that at least 70 million customers, much higher than the original 40 million estimate, were affected. The new estimate may be a separate cache from the original number, and this data including a mix of mailing addresses, names, numbers and emails, so when all is said and done, personal info of up to 110 million customers, a third of American adults, could have been taken.

Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.