Checkmarx Blog

flickr-300x199

NSA Uses Angry Birds, Google Maps, & Other ‘Leaky’ Apps To Spy

Jan 28, 2014 By Sarah Vonnegut | We’re already well-informed of just how far-reaching the NSA’s data-tapping techniques are, but newly published leaks have taught us more methods to the NSA-madness. According to new documents furnished by Edward Snowden, the NSA and British-counterpart GCHQ have been tapping into commercial data troves collected by popular smartphone apps like Angry Birds and Google Maps as well as their third party advertisers. The information ranges from your gender to where you’re located to where you’re planning on going – and more.
Read More »
iStock_000027071780Small

Botnet Alert: Your Refrigerator May Be Infected

Jan 27, 2014 By Sharon Solomon | The “smart” home appliances we all are letting into our lives are getting “smarter”. This isn’t a movie plot, nor is it a scientific experiment. Security provider Proofpoint estimates that over 750,000 phishing and spam emails have already been sent out by infected fridges, televisions and other appliances.
Read More »
michaels-300x199

Crafty Hackers & Other AppSec Stories This Week

Jan 26, 2014 By Sarah Vonnegut | Breaches seem to be hitting every country across every industry these days. This week was no better. Not only did the biggest craft store in the U.S. disclose a breach affecting an unknown number of credit card users, but nearly 40% of South Koreans as well as 16 million Germans are dealing with the affects of major breaches in each of those countries. With the list of 2013’s worst and most overused passwords wrapping up the week’s news, let’s hope the rest of 2014 is a more secure year.
Read More »
iStock_000031271006XSmall

Worst Passwords of 2013

Jan 24, 2014 By Sharon Solomon | The results are out. SplashData, a leading password management application provider, has released its annual list of 25 most common passwords found on the net. The list was compiled with the help of data files consisting of millions of stolen passwords, published by leading hackers on the net.
Read More »
iStock_000018034077Small-210x300

Google Turns Deaf Ear to Speech Recognition Exploit in Chrome

Jan 23, 2014 By Sarah Vonnegut | Each new technology seems to emerge together with exploitable baggage. Speech recognition, for example, is being used in rising technologies from Siri to smart homes and is evolving quickly. While speech recognition has the potential to make life much easier and quicker, like any technology it comes with flaws. In this case, a Chrome browser exploit involving Google’s speech recognition technology that was discovered and reported to Google and has yet to be fixed.
Read More »
giovanni-vigna

Preparing the Cyber-Cops of Tomorrow: Interview with Giovanni Vigna

Jan 22, 2014 By Sarah Vonnegut | Each year, hundreds of hackers gather in computer labs around the world. Their goal? Like any other hackers, their goal is to manually exploit application and network level flaws in servers across the globe. If it sounds malicious, it’s just because it mimics real world vulnerability exploitations that happen every day. In fact, this specific activity is meant to be educational – and the hackers in question are actually students hacking from their universities.
This year, 123 teams from around the world simultaneously connected to UCSB’s servers from their respective countries for the iCTF ‘Capture the Flag’ competition. The theme was “Nuclear Cyberwar,” and each team was to patch and keep their own nuclear enrichment plant secure before trying to hack other teams’ system by seeking out and exploiting system flaws.
The competition was grown organically out of Vigna’s advanced computer security classes as well as his own experience with CTFs; in fact, his team, Shellfish, won the 2005 DefCon Capture the Flag. As a professor, Vigna would hold a vulnerability analysis contest at semesters’ end, where half the class would act as attacker and the other half defenders. It soon turned into a hacking contest and then became so popular that other professors took notice. The rest is hacking history. The competition has grown from 12 students in the U.S. to 1,300 participants from 40 different countries this year.
Read More »
Starbucks

Starbucks iOS App Vulnerability Exposed

Jan 22, 2014 By Sharon Solomon | App security has become a sensitive topic as more and more private information is being shared by users. Even minor vulnerabilities can be exploited and used to harvest sensitive data for criminal or commercial purposes. The latest high-profile loophole was exposed in the Starbucks iOS app.  The vulnerability was found by Daniel E. Wood, a security expert who researches and shares information on the net. His blog post explained the problem with the Starbucks iOS app, which saved user data elements in an insecure way. Thousands of Starbucks customers who use the app to send eGifts or make payments were taken aback with the revelations. The global coffee giant didn’t waste any time and delivered a safer version of the app within days.
Read More »
iStock_000012980185XSmall

ATMs Robbed With Malicious USB Drives

Jan 20, 2014 By Sharon Solomon | Lovers of the “Terminator” movie series surely remember how John Connor used his cool “binary code gadget” to hack into his local ATM machine. Technology has changed a lot since the early nineties, but hackers are still milking ATMs using malware-loaded USB drives. It’s estimated that millions of dollars have already been stolen in Europe alone. ATMs have always been an object of temptation for criminals and fraudsters. While it has become very difficult to physically vandalize and carry away these machines, tampering with their parameters is quite a simple task.
Read More »
Fridge-Hack-1-300x300

The Hacking of the Fridge & Other AppSec Stories This Week

Jan 19, 2014 By Sarah Vonnegut | This week saw some interesting developments in the AppSec department. For starters, in what’s been already been widely reported to be the year of the ‘Internet of Things’, the first botnet that included internet-connected refrigerators and TV’s was discovered. We also found out that the malware stealing data off of Target’s POS systems was designed by a ‘nearly 17-year-old’ in Russia – and it isn’t especially complicated. Here’s a deeper look at the top stories of the week:
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.