Checkmarx Blog

iStock_000005754112Small

Top-Selling WiFi DSL Modems Routing Hackers Your Way

Apr 24, 2014 By Sharon Solomon | WiFi DSL routers have become a staple part of all professional computing setups. Unfortunately, wireless communication also introduces numerous vulnerabilities. A massive backdoor was found in popular NetGear, Linksys/Cisco and SerComm WiFi DSL modems back in December 2013. Security patches released by the companies have not solved the problem. More than 20 popular models sold worldwide have been found to possess the vulnerability. Once remotely in control of the router via a compromised port, the hacker can gain “root shell” access and send malicious commands to the device. Thousands of customers were expecting to mitigate the problem with the patch, but the desired result was not achieved. Owners of the vulnerable routers will have to adopt a pro-active approach to safeguard their networks since the backdoor still exists.
Read More »
iStock_000024004901Small-300x300

Web App Attacks: 7 Takeaways from the New Verizon DBIR

Apr 23, 2014 By Sarah Vonnegut | Hackers going after Web applications are getting smarter and faster by automating their malicious tools, and organizations are struggling to keep up. This was among the biggest revelations in Verizons’ 2014 Data Breach Investigations Report. The report analyzed over 63,000 security incidents over the past year, 1,367 of which resulted in a breach. It may come as a surprise to some that PoS intrusion attacks, the cause of the massive Target breach, and similar, subsequent incidents, was not the leading attack vector of the reports’ nine incident patterns. Alas, the award for the most exploited vulnerabilities went to Web applications, which hackers relentlessly went after this year – to the tune of 3,937 incidents and 490 confirmed breaches.
Read More »
HiRes1

Mind Your Fingers. Samsung Galaxy S5 Fingerprint Scanner Exploited

Apr 22, 2014 By Sharon Solomon | Fingerprint scanners are becoming the rage in the smartphone industry. Apple introduced its proprietary sensor in its flagship 5s device last year and Samsung has done it recently with its new Galaxy S5 model. But its not all good news. The Korean manufacturer’s latest security solution can be rendered useless with a simple home-made PCB mould.  
Read More »
5-Security-Stories-To-Read-Right-Now-300x300

5 Security Stories To Know Right Now

Apr 18, 2014 By Sarah Vonnegut | While the Heartbleed bug again dominated the news this week, a few other security stories deserve some love. Here are your top five of the week – get caught up for the weekend!
Michaels Credit Card Breach: 3 Million Customers At Risk
The arts and crafts chain Michaels Stores Inc. this week reported that they suffered two separate security breaches spanning eight months. The breach, which was first reported in January, exposed up to three million customers credit and debit card data. “The analysis conducted by the security firms and the Company shows that approximately 2.6 million cards may have been impacted, which represents about 7% of payment cards used at Michaels stores in the U.S. during the relevant time period,” the statement on their website says. That number is probably less than they were expecting, having come so close to the massive Target breach. In addition to the Michaels breach, customers of Aaron Brothers, owned by Michaels, was victim to a separate breach, in which around 400,000 customers are at risk.
Read More »
The-Honeypot-Sting-Hacking-the-Hackers-300x300

The Honeypot Sting: Hacking the Hackers

Apr 16, 2014 By Sarah Vonnegut | How can you tell who’s up to no good when it comes to your networks and computer systems? Simon Bell, a computer science student in his last year at the University of Sussex, has set out to help answer that question. He’s created an SSH (Secure Shell) honeypot written in C with the aim of researching the techniques of malicious attackers trying to infiltrate the network. Dubbed Secure Honey, Bell designed his honeypot as a final project, which he tracks and writes about on his site. Hacking the Hackers: Honeypots, for the uninitiated, are decoy systems or servers designed to track and log the activities of attackers trying to intrude your system (SANS has a great FAQ for further reading).  Instead of the attackers gaining data, the honeypot collects the actions and attempts at intrusion for further analysis. The would-be hackers get nothing – and will quickly move on to the next possibly vulnerable server after a few fruitless tries. “Something really drew me to the idea of luring hackers into a honeypot to watch how they operate and to discover what sort of techniques they may deploy to infiltrate a system,” he says. Anyone can keep up with what Secure Honey attackers are up to on Bell’s live stats page, where hacking attempts, the most commonly used passwords and more are tracked in real time.
Read More »
iStock_000022655471Small

Mobile Sunday: Sandroid Trojan; From Russia with Love

Apr 13, 2014 By Sharon Solomon | The smartphone revolution is enabling the harvesting of banking information and credit card numbers in new ways. There were almost 100,000 malicious modifications to mobile malware in 2013, with over 98% connected to the Android platform. Sandroid is the latest high-profile mobile Trojan, wreaking havoc amongst middle-east banking customers.  
Read More »
Heartbleed-4-300x300

Top 5 in Security: Your Weekly Update

Apr 11, 2014 By Sarah Vonnegut | The security industry took a massive hit this week with the Heartbleed bug, and while it took most of the focus, there’s some notable news that you may have missed. Here are your top 5 security stories of the week:
Read More »
iStock_000031271006XSmall

All You Wanted to Know About the Heartbleed Bug

Apr 10, 2014 By Sharon Solomon | The steep rise in E-commerce and online transactions has made application security a major priority. SSL and TLS protocols were the benchmarks of online safety until recently. Everything changed when Random Storm, a British security company, exposed the Heartbleed bug. This major vulnerability has simply dented the once reliable OpenSSL technology. Hundreds of websites have been at risk since the vulnerability was introduced back in 2011. The extent of damage is not yet known. Millions of passwords, usernames and credit card numbers could have been compromised due to this breach. All CISOs and Security executives are busy re-configuring their networks and changing passwords for sensitive accounts. The panic is justified as more than two-thirds of the servers today completely rely on the OpenSSL protocol as their security backbone.
Read More »
Full-Disclosure-300x300

So You Found A Security Bug – Now What?

Apr 09, 2014 By Sarah Vonnegut | Security vulnerabilities are discovered, reported and fixed every day.  But how can we more easily learn about them, and how can the white-hat hackers that find them keep their finds organized? “I prefer a world where I have all the information I need to assess and protect my own security,” Bruce Schneier wrote in an essay on Full Disclosure in 2007. It’s a need the industry is still working out.
Big issues are usually reported, a perfect example being the Heartbleed OpenSSL vulnerability, but the small flaws go unnoticed by most – and that’s a big problem. Security researcher and auditor Sergey Belov is trying to help mend the gap between securities bugs and the general public with his new site, BugsCollector.com.
Read More »
iStock_000018220191Small

No Kidding. 5-Year Old Hacks Dad’s Xbox

Apr 08, 2014 By Sharon Solomon | Hackers and fraudsters are reaching new levels of effectiveness in locating security glitches. Almost any device that can connect to the internet has been proven to be vulnerable. But this time it’s a 5-year old American kid who has exposed a glaring vulnerability in the popular Xbox Live online gaming platform.  
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.