Checkmarx Blog

iStock_000019119199Small

Windows XP Dying Maliciously, Zero-Day Attacks Imminent

Mar 10, 2014 By Sharon Solomon | Microsoft has announced that all official Windows XP support will be terminated on April 8, 2014. But despite the fact that zero-day is just around the corner, millions of businesses and individuals are still using the legacy platform, making them extremely vulnerable to hacking and malware attacks. The Windows XP platform’s ecosystem is officially going to expire. Launched in 2001, Microsoft ended its mainstream support for the platform in April 2009. A 5-year support plan was then announced following the platform’s huge success.
Read More »
iStock_000035552198Small

Mobile Friday: WhatsApp Alternatives Not Really Safe

Mar 07, 2014 By Sharon Solomon | WhatsApp now belongs to Facebook and the acquisition has raised some serious concerns regarding the privacy of the app’s users. Facebook is not really commenting on the issue, causing more and more people to look at alternate solutions. Unfortunately, the alternatives are not really secure. Compatible with Android, iOS, Windows Mobile, Blackberry and even the outdated Symbian, WhatsApp has over 450 million active users. It’s estimated that more than a million people download the app and start using the chat client every day.
Read More »
puffchat-300x266

Pass on Puffchat, A Less Secure Snapchat

Mar 06, 2014 By Sarah Vonnegut | It’s telling enough when a private messenger is found to be leaking user information and the private messages it had promised to keep secure. But when a “secure” alternative to the private messenger has been found to be just as – if not more – risky, the jury is apparently still out on what a secure messaging app actually means.
And that’s where we are today, after the supposed ‘answer’ to hackable Snapchat, Puffchat, has also been found to be highly exploitable. The service, whose Twitter bio describes it as “the texting alternative to Snapchat – The evidence is gone forever,” contains several vulnerabilities, rendering it much less secure than it markets itself as and falsely representing itself.  
Read More »
Russia

Uroburos Spy Malware; From Russia With Love

Mar 05, 2014 By Sharon Solomon | The political tension in between Russia and the USA is mounting and the latest cyberweapon revelation is not going to help calm the relations. German security firm G-Data has exposed Uroburos, a sophisticated and complex rootkit that has been infiltrating US related targets for more than 3 years. Uroburos has also been analyzed and broken down by the aforementioned German research lab. The source code revealed comments written in Russian, which means that the Russian government is probably behind the espionage software.
Read More »
88437380-300x229

Loser Credentials: Stop The Insanity!

Mar 04, 2014 By Sarah Vonnegut | There’s a famous saying about how the definition of insanity is doing the same thing over and over and expecting different results. Nothing could be truer about the world’s relationship with passwords, and it’s a reality that should hit the security world even harder.
After all, as we recently learned, the Target hack affecting at least 110 million people began with a stolen username and password. Passwords have gotten lots of play in the news, especially in the security realm, but the bigger problem is in making passwords obsolete for hackers – especially for organizations with valuable data in store. A deeper level of authentication is now essential for a secure business.
Read More »
iStock_000007079321Small

Coming Soon: Chameleon, A WiFi Virus That Spreads Like Flu

Mar 03, 2014 By Sharon Solomon | The diversity in malware and virus attributes is huge. New techniques are being invented all the time. Just a few months ago Hacking with Inaudible Sounds was demonstrated. Now there is Chameleon, a contagious virus that skips in between Wireless Access Points. Researchers at the University of Liverpool in the UK conducted a unique research trying to infect Wireless Access Points. This revolutionary virus can potentially spread without the hacker’s intervention just like the common cold spreads between humans.
Read More »
yahoo-logo-300x70

Your Weekly Security Wrap-Up: Yahoo, Sears, YouTube & More

Mar 02, 2014 By Sarah Vonnegut | Yahoo’s in the news again with a new vulnerability (now fixed) and a starring role, unknown to them, in the Brit’s surveillance methods. With Sears possibly facing another breach and a cache of 360 million user credentials found for sale on the black market, there’s a lot to know about so take a few minutes and catch up on all you may have missed!
Read More »
iPhone

Mobile Friday: iOS Apps Riskier Than Android Ones

Feb 28, 2014 By Sharon Solomon | The mobile app markets are booming. More and more developers are shifting their focus towards smartphone and tablet software. Despite the common belief that Apple has the safest mobile platform, an in-depth research by Appthority has shown that iOS apps are more vulnerable than Android ones. Appthority is a leading application security analysis provider that recently compared the security levels in iOS and Android platforms. Security related app behaviors, such as location tracking and data sharing, were researched and analyzed.
Read More »
iStock_000017130427Small

Simple Ways to Boost E-commerce Website Security

Feb 26, 2014 By Sharon Solomon | The security standards of today’s E-commerce websites are surprisingly low considering the amount of business they conduct. With more and more consumers doing their shopping online, hackings have reached epidemic proportions. InfoSec officials face a tough task, but cybercrime can be countered. Besides educating consumers to practice safe browsing habits and avoid unknown WiFi networks, there are a few steps that must be taken by all CISO’s and InfoSec executives. The biggest problem today is the lack of secure software and plugins in websites.
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.