Checkmarx Blog

ReDoS in Go

Go Programming Language (also known as Golang) is an open source programming language created by Google. Go is compiled, is statically typed as in C (with garbage collection), with limited structural typing, memory safety features and CSP-style concurrent features.   In this blog post, we will recap Go’s security posture facing Regular Expression Denial of

Read More »

Eavesdropping with Amazon Alexa

If you’re using an Amazon Echo, your life is undoubtedly made easier. Instead of searching on your phone the “old fashioned” way, you can simply ask Alexa what the weather is like, to play your favorite song, or to dim the lights. For the Echo, similar to the Google Home with voice assistant, listening is

Read More »

Decrypting JobCrypter

Ransomware has been a growing issue for some time now. It has evolved into a big business, moving millions of dollars yearly from victims’ pockets into those of attackers. The modus operandi of ransomware authors is to infect your machine through any vector (phishing, drive-by browser exploits, waterholing, etc.) and then proceed to encrypt your important files.

Read More »

How Secure is Your Online Banking App?

Banking has gone digital. Nearly every major bank offers both an online portal as well as a mobile app, and people seem to prefer it that way. A recent PwC survey found that 46% of consumers only use online banking, a massive jump from their previous survey in 2012, in which only 27% used online

Read More »

The History of JavaScript [INFOGRAPHIC]

JavaScript was created by Brendan Eich, a Netscape Communications Corporation programmer, in September 1995. It took Eich only 10 days to develop the scripting language which was then known as Mocha.  

Read More »

Are You on Tinder? Someone May Be Watching You Swipe

The Checkmarx Security Research Team found disturbing vulnerabilities in a highly popular dating application used by people across the globe – Tinder. The report features how a malicious attacker can take advantage of these vulnerabilities to cause serious privacy breaches to an unsuspecting user.

Read More »

The Top 5 Exfiltration Attacks on WebViews

This is part three of a three-part series. Click for part 1 and part 2.    WebViews are a huge advantage when it comes to portability. But at what cost?   By allowing Web content to interact with native functions, a window of attack possibilities is opened. Old versions of Android (until API 17) allowed Remote Code

Read More »

The Year of GDPR

Way back in 2012, the European Commission laid down initial plans for the European Union’s data protection reform. It took the relevant parties four years to reach an agreement on what would be involved and how it will be enforced. And now, here we are! As close as ever to the May deadline in the

Read More »

Jump to Category