Checkmarx Blog

Faux Google SSL Certificates Issued By Finance Ministry in France

Google spoke out this week after security engineers discovered fake SSL certificates linked to a French government agency earlier this month. On December 3rd, security engineers found that a government agency in France was using unauthorized digital certificates on various Google domains, including Gmail, which allowed the agency to act as man-in-the-middle of private domains

Read More »

Hacker’s Paradise – New Virus Transfers Stolen Data Using Inaudible Sounds

Air-Gap Jumping Communication. Networkless hacking. Sci-fi movie themes are now turning into reality. German researchers Michael Hanspach and Michael Goetz have created what can potentially become the driving force behind the next-gen malware. Security experts be warned – offline computing is not going to be safe for long. 

Read More »

Cache of 2 Million Account Details For Facebook, Google, Yahoo Users Discovered

Some two million accounts on several of the most widely visited social media networks, email providers and websites were just discovered on a server with a bogus IP in the Netherlands. Hackers stole login usernames and passwords for Facebook, LinkedIn, Google, Twitter and various other popular sites.

Read More »

Free Wi-Fi Hotspots – A Risky Luxury

The wireless revolution has turned internet access into a basic necessity. Social media networking and entertainment on-the-go are in high demand. In this reality, Wi-Fi hotspots are seen as blessings, even when the signal is coming from an unknown source. But this is a huge security risk that people rarely take into consideration.

Read More »

CISO’s: Pre-Planning Your Application Security Program

Application Security is never a ‘one-and-done’ deal. It is ongoing, ever-evolving, and its’ centrality in organizations ever-growing. As technology’s scope and complexity increases, the emphasis on application security needs to grow as well; No matter which stage you are in the maturity model, application security is a constant in your approach.

Read More »

Istana Website Hacked; Singapore Cybercrime On The Rise

The list of hacked websites just keeps getting longer. The Istana website, official cyber-domain of Singapore’s Presidential Office, is the latest high-profile casualty. The Singaporean police have arrested two suspects, who have been charged under the Computer Misuse and Cybersecurity Act, punishable by up to five years in prison.

Read More »

This Week In Application Security News: Nov. 25 – Dec. 1

Winner of the ‘Worst Week’ award goes to James Howells, who this week realized he threw away a hard drive with 7,500 Bitcoins worth over $7.5 million in current BTC value. Read about his million dollar fumble, the still-unfolding Vodafone breach, new NSA snooping and more in this week’s edition of The Week in AppSec.

Read More »

Jump to Category