Checkmarx Blog

iStock_000019668000Small

Mobile Friday: Ten Commandments of Android Safety

Mar 21, 2014 By Sharon Solomon | The Android mobile platform has come a long way since its introduction in 2008. Almost 80% of smartphones activated last year (2013) were powered by the “green robot”. But the customizable interface and other open source advantages come at a price. Android is ridden with vulnerabilities.
Android’s biggest convenience is also its biggest security issue. These smartphones are activated with one centralized Google ID, which controls all major functions such as emails, app management and calendar syncing. The risk is high. Besides this inherited problem, the open-source nature of the market-leading OS is prone to cybercrime. Pirated ROMs and unauthorized apps that can be downloaded from underground markets put the unsuspecting users in danger.
Read More »
10422904405_c47bc54829_k-300x168

BYOD 2.0: Securing the Internet of Things in Your Organization

Mar 20, 2014 By Sarah Vonnegut | In the latest Internet of Things news this week, researchers from Cal Poly successfully designed an app for Google Glass that could take a picture every ten seconds with the display off, “uploading the images to a remote server without giving the wearer any sign that his or her vision is being practically live-streamed to a stranger,” Andy Greenberg writes. It’s scary enough to imagine that someone could be walking around, living their day-to-day lives as someone records their every action at a distance.
Read More »
iStock_000034723050Small

Bitcoin Crashing Due To Steep Rise in Cybercrime

Mar 19, 2014 By Sharon Solomon | The Bitcoin bandwagon has stalled. The value of the Cryptocurrency skyrocketed in 2013, but a downward trend is being witnessed this year. Investors and traders wishing to see Bitcoins in the mainstream e-commerce scene will probably have to wait a little longer.
Besides the glaring lack of regulation and worrying price volatility, cybercriminal activity has put a huge dent in the digital currency’s credentials. The hacking techniques are not new, nor are the vulnerabilities found in the Bitcoin exchanges.
More and more Bitcoin exchanges are being exploited with the help of malware and common phishing techniques. Coinbase and Flexcoin are just two of many Bitcoin platforms that have fallen prey to hackers and fraudsters.
Read More »
iStock_000025138182Small-300x199

3 Key Benefits of Automating Your Source Code Review

Mar 18, 2014 By Sarah Vonnegut | Automation has taken the business world by storm. We automate everything, from marketing to manufacturing and everything in between, and it often pays off: greater ROIs, higher productivity, less overworked employees. In application security, the same can be true. As web applications have become the essence of business in almost every industry, the risks have increased. While we will always need code reviewers, pen testers and security teams for areas requiring human intelligence, for the business side or otherwise, automating your source code analysis is a step towards higher security. Let’s look at the top 3 reasons why you should be automating your code review process.
Read More »
iStock_000021392169Small

The Worrying Security State of CMS Platforms

Mar 17, 2014 By Sharon Solomon | The use of Content Management Systems (CMS) is on the rise. Over 20% of the top 10,000 websites today rely on CMS platforms, namely WordPress, Drupal and Joomla. But the quick setup and customizable functionality come at a price. Security issues are being exposed and exploited by cybercriminals.
Checkmarx’s Research Lab studied the vulnerabilities in WordPress plugins and the findings were not quite encouraging. 20% of the 50 most popular WordPress plugins used today were found to be vulnerable to web attacks.
Read More »
iStock_000023444420XSmall-300x199

The Week in Security: PWN2OWN, Double DDoSes, Malaysian Plane Crash Scams & Target’s Missed Alarms

Mar 16, 2014 By Sarah Vonnegut | This week in security was busy with a little bit of everything – breaches, hacking contests, cyber scams, hacktivism and more. Here’s the lowdown on all the biggest security stories of the week: 
Read More »
iStock_000018742597Small

Mobile Friday: Backdoor Exposed in Samsung Smartphones

Mar 14, 2014 By Sharon Solomon | Smartphones are getting smarter and the risks involved in using them are also getting bigger. More and more security issues are popping up in today’s mobile phones. The latest high-profile vulnerability has been exposed in a wide range of mainstream Samsung devices, sold in millions all around the world.
Replicant has published a proof-of-concept software that can access files on numerous Samsung devices thanks to a backdoor in their proprietary software. The researchers have also shown how the vulnerability can be patched and fixed.
Read More »
Whatsapp-01

Gaping Security Flaw in WhatsApp on Android Let Other Apps Steal Your Messages

Mar 13, 2014 By Sarah Vonnegut | If you’re using WhatsApp on an Android – even after yesterday’s update – your chats are prone to being downloaded by others, a security consultant has discovered.  Bas Bosschert, CTO and consultant at Double Think, along with his brother, discovered this exploit after wondering if it would be possible to upload and read someone’s WhatsApp chats from another app. With a proof of concept on his blog, he proved it was easily possible.
Read More »
iStock_000031268648Small

Cridex Banking Trojan Still Alive and Kicking

Mar 12, 2014 By Sharon Solomon | The Cridex Banking Trojan is wreaking havoc in Europe, especially in Germany. Hackers are implementing the traditional phishing methodology to trick victims into compromising their banking information. The Cridex malware has now officially overtaken the ZeuS Trojan and its clones thanks to the recent activity spike. Six different URL schemes are being used to cover-up the spam campaigns. The malicious mails are masked with graphics and text from German commercial giants such as Telekom (almost half of the infected URLs), Volksbank, Vodafone and also NTTCable.
Read More »
iStock_000016235442Small-300x199

Keeping Up With The Hackers, Part 2: ‘It Takes a Hacker to Catch One’

Mar 11, 2014 By Sarah Vonnegut | In our original Keeping Up With The Hackers post, AppSec expert Dave Ferguson graced our blog with a fantastic post speaking on the tools he uses to stay up-to-date with his hacking skills. For this post, we spoke with Malik Mesellem, another security expert with over 15 years of experience and a love of securing web apps. 
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.