Checkmarx Blog

ios-keylogging-244x300

Second Major iOS Security Flaw Found, No Update Yet

Feb 25, 2014 By Sarah Vonnegut | Apple is having quite a rough week. While security world is still reeling from this past week’s vulnerability discovery and fix, researchers have identified yet another security flaw in Apple’s iOS that attackers could exploit to remotely monitor a user.
With this newly discovered vulnerability, hackers are able to log a user’s keystrokes, including touch inputs and button uses, using a ‘host’ app. The exploit targets a flaw in iOS’s multitasking capabilities to capture user inputs and send them to a remote server. The attacker could then use the data to recreate every action and character the user inputs.
Read More »
iStock_000028848854Small-226x300

Crypto Flaws For All & The Weeks Other Security News

Feb 23, 2014 By Sarah Vonnegut | SSL encryption was the name of the security game this week, with major vulnerabilities –now fixed – facing both iOS and WhatsApp users and Neiman Marcus released a new analysis of their recent breach – and apparently someone was NOT paying attention. Catch up on all last week’s stories before RSA USA takes over your life!
Read More »
iStock_000019354781XSmall

Kickstarter Website Compromised; InfoSec Executives On Alert

Feb 19, 2014 By Sharon Solomon | The hacks just keep on coming. Kickstarter, arguably the world’s largest crowdfunded website, has joined the list of high-profile casualties. The site suffered a serious data breach that has probably led to the leakage of personal information and data, including encrypted passwords that can easily be cracked. Kickstarter had no idea that their database was compromised until they were alerted by law enforcement officials. The website technical team then patched up the security glitch and asked all users to replace their old passwords with secure ones. It was announced that no credit card data was compromised, but there is no guarantee that the hackers won’t be able to harvest even this data. While still not announced officially, SQL Injections were probably implemented in the intrusion.
Read More »
iStock_000025750773Small-300x198

Simplifying Password Security Through Sound: Google’s New Tech ‘Toy’

Feb 18, 2014 By Sarah Vonnegut | Passwords have taken on a bad name lately. In countless security breaches and incidents, they’ve been too easy to crack, too difficult to remember, not encrypted enough, the right way, or at all. We each login to so many different sites on a daily basis, with each one supposed to have its own unique password so that even people with photographic memories would have trouble remembering them all.
Read More »
iStock_000014139389Small

Forbes Hacked By SEA; WordPress Vulnerabilities Exploited

Feb 17, 2014 By Sharon Solomon | As the Syrian Civil War rages on, cybercrime activity emerging from the troubled state is reaching monstrous proportions. Syrian president Bashar al-Assad may be losing hold on his people, but his loyal hacker-team is continuing to wreak havoc worldwide and exploit numerous high-profile websites and social media accounts. Forbes is the latest victim of the infamous Arab hacking group. The American business magazine’s website was recently vandalized, with the hackers posting hate-text on the home page. This was achieved by gaining access to the website’s WordPress panel.
Read More »
iStock_000013338789Small-300x199

Crowdfunding Kickstarter Gets Hacked & Other Security Stories This Week

Feb 16, 2014 By Sarah Vonnegut | This week, Kickstarter suffered its’ first major breach with minor consequences, Target’s back in the ring with new reports indicating missed warnings from analysts about the payment systems, the Syrian Electronic Army strikes again, this time hitting Forbes, Internet Explorer suffered critical zero-day exploits and more. Before the next week full of security scares rolls in, take a moment to catch up on the stories you may have missed last week. 
Read More »
Flappy-Bird

Mobile Friday: Flappy Bird Still Maliciously Flapping

Feb 14, 2014 By Sharon Solomon | The simplistic and straightforward Flappy Bird defied all odds and became one of the most popular games of early 2014. The sudden discontinuation of the app has disappointed millions of fans. But where there is disappointment, there is cybercrime potential. The single-player game conquered the mobile gamer’s hearts with its simple “Super Mario” type of gameplay, which has always proved to be compelling. Despite earning over $50,000 a day in in-game advertising revenue, the game was discontinued.
Read More »
iStock_000022339654Small-300x199

Keeping Up With The Hackers: Where To Practice Your Web Hacking Skills

Feb 13, 2014 By Sarah Vonnegut | This guest post is by application security professional Dave Ferguson. Keep up with Dave’s posts on his blog!
There’s a shortage of application security experts.  Hackers seem to continually have the upper hand over those trying to defend applications against threats.  One reason is that software has become so prevalent; This trend will only continue (we’ll need even more software if we’re going to enable The Internet of Things).  The bottom line is that we’re writing code faster than we can secure it.
Read More »
iStock_000003116093Small

BYOD Data Security Becoming Top Priority

Feb 12, 2014 By Sharon Solomon | Today’s booming technology and internet revolution has caused a new problem for CISOs and InfoSec Managers. Bring Your Own Device (BYOD) is the growing phenomenon of employees bringing personal smartphones (BYOP) and laptops/tablets (BYOPC) to work, causing a wide array of communication and security issues. Most IT companies have embraced the latest technological trend, believing that this eventually improves worker productivity. But the security aspect is hugely neglected and can lead to major security breaches and compromise valuable data.
Read More »

RSA USA Preview: ‘It’s A Jungle Out There: The Security State of the CMS Platform’

Feb 11, 2014 By Sarah Vonnegut |
Checkmarx Founder & CTO Maty Siman will be leading a session at the conference this year on the security of the most popular content management systems and how to protect yourself against attacks:
It’s a Jungle Out There: The Security State of CMS Platforms
February 26th | 10:40 AM | Room 3012
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.