Checkmarx Blog

iStock_000016399323XSmall

Cloned Minecraft for Android Doing the Rounds

Jan 17, 2014 By Sharon Solomon | The underground Android application market is booming. More and more pirated games are available for direct download on the net. One such game, the cloned Minecraft PE, is causing extensive damage all across the globe. Users of the Trojanized version are advised to uninstall the game immediately. The temptation is irresistible for any hardcore gamer. When costly games are available at a discount or even for free, downloading via the black-market becomes a no-brainer for many. But what is often forgotten is that mobile security is seriously compromised. The aforementioned Trojanized version of Minecraft PE, which is still available in various Russian pirate app stores, is a huge security risk. Available for 2.50 Euros, this cloned version infiltrates the system and exploits the victims’ cell phones.
Read More »
iStock_000015841805Small-200x300

DevOps & Security: Top 3 Myths Debunked

Jan 16, 2014 By Sarah Vonnegut | This post is based on our AppSec How-To Paper on Achieving Security in DevOps, which you can access here.
In DevOps, when you’re deploying hundreds, possibly thousands, of features and bug fixes a week, security cannot afford to be an afterthought. The beautiful thing about DevOps is that it’s a process that continues to get more streamlined, faster and more efficient – and your deployments will be that much better if they’re also fully secure before release time comes.
Read More »
iStock_000019605693XSmall1

Malware Alert: Flashback Trojan Still Alive And Kicking

Jan 16, 2014 By Sharon Solomon | Apple’s Mac OS is considered to be safer than other leading computing platforms. But this reputation was serious dented back in 2011 when the Flashback Trojan was exposed. More than 500,000 Mac users were affected by the malware within months. The bad news is that the Flashback is still active.
Read More »
iStock_000006062959Small-200x300

SMBs: ‘Too Small To Be A Target’ Thinking Won’t Cut It Anymore

Jan 14, 2014 By Sarah Vonnegut | With big name brands like Target and Neiman Marcus getting hit left and right these days, it would be easy to make the assumption that hackers are mostly interested in hacking the big guys, especially with further breached retailers soon to be named. It simply is not the case. Small and medium sized businesses still pose plenty of advantages to hackers.
Read More »
iStock_000019354781XSmall

Cryptolocker – Nasty Ransomware Wrecking Havoc Worldwide

Jan 13, 2014 By Sharon Solomon | If you own a PC running Windows, you are vulnerable to Cryptolocker. This Trojan entered the spotlight in late 2013 and is not showing any signs of slowing down. It’s very important to understand and be aware of this fast-spreading ransomware, which has already earned its operators lots of money. The dreaded Trojan initially spread only via emails. Users were sent malicious emails with downloadable files or misleading links. The exploited computer’s data files were then locked until a ransom was paid for the decryption. The news keeps getting worse. Cryptolocker is now capable of contaminating computers with removable USB drives and pirate software activators. Windows users should refrain from using unknown USB drives and must install only official software.
Read More »
iStock_000019829938Small-300x199

This Week in AppSec News: January 6-12th, 2014

Jan 12, 2014 By Sarah Vonnegut | Between more big-name breaches, iOS mobile banking apps found insecure, Microsoft getting hacked by the SEA (again), and Yahoo’s HTTPS service being deemed ‘too little, too late’, the security industry hasn’t had the best beginning to 2014. Will the Personal Data Privacy and Security Act save the year? Senator Patrick Leahy thinks so. Here’s a look at the past week’s top AppSec stories:
Read More »
A-Black-Friday-Breach-Nightmare-2-300x300

Target Breach Update: Up to One-Third of US Adults Now At Risk

Jan 11, 2014 By Sarah Vonnegut | The Target breach is nowhere near over. During their forensic investigation, Target has now found that at least 70 million customers, much higher than the original 40 million estimate, were affected. The new estimate may be a separate cache from the original number, and this data including a mix of mailing addresses, names, numbers and emails, so when all is said and done, personal info of up to 110 million customers, a third of American adults, could have been taken.
Read More »
iStock_000010705183XSmall

Top 5 Symptoms Of Hacked Computers

Jan 08, 2014 By Sharon Solomon | Cybercrime has reached epidemic proportions. More and more computers are being exploited with intrusive malware and sophisticated hacking techniques. It’s very crucial to detect intrusions to minimize data loss and avoid privacy theft. 
Read More »
TALK-5-300x300

6 Stories To Know This Week: Weekly AppSec Digest

Jan 07, 2014 By Sarah Vonnegut | This past week in AppSec we’ve seen more of the same with some new twists: Snapchat, perhaps unsurprisingly, got hacked after neglecting vital vulnerabilities, Cryptolocker has spawned a new demon, the Syrian Electronic Army went after Skype and the NSA is (also unsurprisingly) trying to build a quantum computer that could decrypt anything.
Take a few minutes to catch up on all you may have missed with those New Years hangovers!
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.