air gapair gappingair-gapped systemsdata exfiltrationnear field communicationNFCNFC radioNFC rangeNFCdrip NFCdrip: Data Exfiltration Research in Near Field Communication Dec 14, 2018 by Pedro Umbelino Near-field communication (NFC) is a set of protocols that enables two electronic devices to establish communication by bringing them very close together. Usually the devices must be within less than 4cm. Contactless payment systems use NFC devices, including smartphones, and are similar to those used in credit cards and electronic ticket smartcards. Social networking and Read More › air gapair gappingair-gapped systemsdata exfiltrationnear field communicationNFCNFC radioNFC rangeNFCdrip
AndroidAndroid InApp BillingAPIapplication program interfaceFruit NinjaGoogleInApp billingJSONpurchase verification Get Freebies by Abusing the Android InApp Billing API Dec 11, 2018 by Guillaume Lopes Security researchers started talking about vulnerabilities in the Android InApp Billing API years ago, but we found it worthwhile to take another look to see how it has improved (or not) and verify the best way to build security into the application. The Android InApp Billing API is a powerful part of the Android framework that allows Read More › AndroidAndroid InApp BillingAPIapplication program interfaceFruit NinjaGoogleInApp billingJSONpurchase verification
Don’t Get Phished – 7 Tips to Avoid This Common Cyber Attack Dec 6, 2018 by Guy Cohen Phishing is the most common type of cyber-attack that impacts organizations both large and small. These attacks may take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information, or bank account details. Unfortunately, some of the more common ways we might Read More ›
Application Securityartificial intelligencecloudDevOpsDevSecOpsIoTmicroservicesmobilesoftware exposuresoftware security AppSec Is Dead, but Software Security Is Alive & Well Dec 4, 2018 by Matthew Rose Everyone agrees that an enterprise’s application ecosystem must be protected, especially when data breaches are reported with alarming frequency and the average total cost of a breach comes in at $3.62 million. However, defeating increasingly severe threats requires a holistic approach to security, one that places an emphasis on managing not only application vulnerabilities but all Read More › Application Securityartificial intelligencecloudDevOpsDevSecOpsIoTmicroservicesmobilesoftware exposuresoftware security
AndroidBLEAHdata exfiltrationInternet Of ThingsIoTmobile applicationSmart BulbsSniffingUbertoothWiresharkZengge Smart Bulb Offers Light, Color, Music, and… Data Exfiltration? Nov 21, 2018 by David Sopas Smart bulbs are widely known as a successful offering in home automation and IoT products, as they are internet-capable light bulbs that allow home users to customize the colors, schedule on and off times, and control them remotely. Some even play music and could improve your sleep. Any device that can wireless connect with phone Read More › AndroidBLEAHdata exfiltrationInternet Of ThingsIoTmobile applicationSmart BulbsSniffingUbertoothWiresharkZengge
AndroidCSRFCSSDenial of Serviceexposed databaseGarminGo 520GPS devicenavigation appsremediationsecurity researchsoftware exposureTomTomunencrypted HTTTPvulnerabilities Navigation Apps: Leading the Way? Or Following You? Nov 15, 2018 by David Sopas In the United States alone, 84% of adults are using navigation applications, according to a recent Gallup poll. Whether they’re downloading it in an app store or the navigation capability is already built into the car, these navigation tools are taking us to the grocery store, to our grandparents’ house, to job interviews, and everywhere Read More › AndroidCSRFCSSDenial of Serviceexposed databaseGarminGo 520GPS devicenavigation appsremediationsecurity researchsoftware exposureTomTomunencrypted HTTTPvulnerabilities
Check Point Software TechnologiesCyber Security workshopcybersecurityGlilot Capital Partnersstronger togetherThe Israel National Cyber Directorate Cyber Security Workshop: Stronger Together Nov 13, 2018 by Shahar Alon Last week at Checkmarx we hosted an official delegation from Thüringen, Germany for a Cyber Security workshop organized by Checkmarx, AHK Israel, and LEG Thüringen, the State Development Corporation, under the theme “Stronger Together.” The workshop was designed to serve as a knowledge exchange platform between all participating parties from Israel and Germany, at all Read More › Check Point Software TechnologiesCyber Security workshopcybersecurityGlilot Capital Partnersstronger togetherThe Israel National Cyber Directorate
application security toolsApplication security trainingappsec educationAppSec education programappsec-aware culturedeveloper trainingSecure Development Training Program How Can You Get More from Your AppSec Education Program? Nov 9, 2018 by Kurt Risley Forbes recently published an article titled “The Cybersecurity Talent Gap Is An Industry Crisis” – and without question, there’s a real lack of cybersecurity talent. Cybersecurity Ventures predicts about 3.5 million unfilled cybersecurity job openings by 2021! The need for cybersec talent is undeniable. According to Gemalto, data breaches compromised 4.5 billion records in just Read More › application security toolsApplication security trainingappsec educationAppSec education programappsec-aware culturedeveloper trainingSecure Development Training Program
application security toolsBest practicesDeveloper EducationDevOpskey threatsopen source security testingsoftware securitysoftware security program Managing Software Security: 10 Essential Best Practices [Infographic] Nov 7, 2018 by Haidee LeClair Is your software security program up to the challenges of a rapidly accelerating software delivery environment? Most aren’t – and it’s challenging to both identify the problems and determine the best ways to manage software security in a DevOps environment. Learn some of the essential best practices for managing software security now. Educate Your Team Read More › application security toolsBest practicesDeveloper EducationDevOpskey threatsopen source security testingsoftware securitysoftware security program
binary patchingcode tamperingCycriptdynamic memory modificationExtraneous FunctionalityFridaInsecure CommunicationInsecure Direct Object Referenceslocal resource modificationmethod hookingmethod swizzlingMobile bankingOWASP Mobile Security Testing GuideReverse Engineering iOS AppsSwift (More) Common Security Mistakes when Developing Swift Apps – Part II Nov 2, 2018 by Paulo Silva In my post last week I shared common security mistakes developers make when building Swift applications – covering insecure data storage, symmetric key algorithms, insecure communication and more. If you haven’t read it, please take a few minutes to review this information. It’s critical to understand these mistakes as well as the ones I’m sharing Read More › binary patchingcode tamperingCycriptdynamic memory modificationExtraneous FunctionalityFridaInsecure CommunicationInsecure Direct Object Referenceslocal resource modificationmethod hookingmethod swizzlingMobile bankingOWASP Mobile Security Testing GuideReverse Engineering iOS AppsSwift