Checkmarx Blog

blog-media-player-vuln

What You Need To Know: Security Vulnerabilities Found in Major Media Players

May 29, 2017 By Arden Rubens | Major security vulnerabilities have been found in several popular media players – including Kodi, PopcornTime, Streamio, and VLC – have been uncovered in new research released by Check Point. Around 200 million users could potentially be at risk.  
Read More »
blog-dbir-2017

Takeaways from the Verizon 2017 Data Breach Investigation Report

May 15, 2017 By Arden Rubens | The annual Verizon Data Breach Investigations Report (DBIR) was released earlier this month to much anticipation, hitting a big milestone with its tenth-anniversary edition. And once again, it’s proving to be one of the most referenced data breach reports in the cyberworld and a must-read for industry leaders and security professionals across the globe.     For this year’s DBIR, data was collected from nearly 2,000 confirmed breaches and 42,000 security incidents from 20 different industries, spanning across 84 countries. Verizon security experts analyzed the submitted data and put together an extensive look at today’s cyber-universe.  
Read More »
blog-wannacry-ransomware

WannaCry? Ransomware Is Everywhere

May 12, 2017 By Arden Rubens | A malicious software called ‘WanaCryptor’ hit the NHS this past Friday. The ransomware caused hospitals across England and Scotland to cancel operations, delay routine practices and divert ambulances, while patient records were made unavailable as infected computers were on lockdown until ransom was paid.   Other high profile targets included FedEx, Germany’s national railway, Telefónica along with many of Spain’s largest companies, and private and personal computers across the world. Once infecting the PC, the software locks up the data and the device, and holds it for ransom.
Read More »
blog-april-infographic

April 2017: Top Hacks and Breaches [INFOGRAPHIC]

May 08, 2017 By Arden Rubens | April showers bring… hacks and breaches? Our list of April cyber-events begins with Dallas residents getting quite the fright as a hacker triggered the city’s emergency sirens. In early April, users of Wonga, a payday loan firm, were alerted about a data breach. The breach is said to affect 245,000 accounts in the UK and an additional 25,000 accounts in Poland. The stolen information includes full names, email addresses, phone numbers, and the last four digits of credit cards.  
Read More »
blog-brexit

Brexit & Its Impact on Cybersecurity

Apr 27, 2017 By Arden Rubens | The United Kingdom leaving the European Union – aka Brexit (shorthand for British Exit) – is a decision which has generated much gossip and speculation within the cybersecurity community. In general, there is no doubt that the result of the Brexit referendum, held in June last year, will have an impact on many industries and sectors; and in today’s connected landscape, the effect will also be felt in the cyber-world. So what will Brexit mean in terms of cybersecurity?
Read More »
blog-software-dev-in-agile-era-1

Six Steps to Secure Software Development in the Agile Era

Apr 20, 2017 By Sarah Vonnegut | Written in 2001, the Agile Manifesto launched an evolution in software development that has unfolded over the past decade and a half. Moving from waterfall development to rapid development and into the Agile methodology, software companies around the world have adopted at least some of the Agile processes and practices. And for many organizations, the evolution has paid off – at least in some parts of the business.    
Read More »
blog-go

BSIMM in the Age of Agile

Apr 13, 2017 By Paul Curran | Since 2009, the Build Security in Maturity Model (BSIMM) has been helping organizations across a wide range of verticals build long-term plans for software security initiatives based on actual observed data from the field provided by nearly 100 participating firms.   In the most recent BSIMM report, released in late 2016, BSIMM co-author and inventor Gary McGraw highlights the challenge organizations face when it comes to correctly implementing security in agile development environments. For organizations adopting continuous integration/continuous deployment (CICD) and DevOps, security may be seen an inhibitor, but it doesn’t need to be. Read on to find out why.
Read More »
blog-go

How You can be Coding Securely in Go

Apr 06, 2017 By Paul Curran | For the third year in a row, Go has made the top 5 most loved programming languages and ranks number three in terms of “most wanted” programming language in Stack Overflow’s 2017 developer survey.   Additionally, Go developers are also among the top 5 highest paid according to tens of thousands of respondents of the same survey. Adding secure coding knowledge to the ability to develop in Go can lead to an even larger annual salary as security aware developers tend to earn more. Read on to learn about the secure coding resource that Checkmarx built to help developers across all verticals code securely in Go. 
Read More »
blog-march-infographic-1

March 2017: Top Hacks and Breaches [INFOGRAPHIC]

Apr 04, 2017 By Arden Rubens | The month of March in hacks and breaches began strong with discovery of a database containing 1.4B records left exposed by one of the biggest senders of spam. A few days after, WikiLeaks released details on secret CIA hacking tools used to break into computers, mobile devices, and smart TVs.  On the 13th of March, Statistic Canada was breached as hackers exploit a new software bug. Hackers managed to break into the national statistics’ bureau by exploiting a security bug in Apache Struts 2, a software most commonly used in governmental, financial, and retailer websites.
Read More »
7-ways-ciso

7 Ways to Win Over Your CISO

Mar 22, 2017 By Sarah Vonnegut | Security maturity, as cliche as it sounds, is a journey – not a destination. Security is never “done”; there is always more to be done, new technologies or processes to secure, evolving business objectives with which to align.   The great part about being on the security team is that you don’t have to be the CISO, or Chief Information Security Officer, to make some real changes. If you’re a dedicated security professional, you can absolutely help guide how security is implemented in your organization, as well as how security is perceived. Not only are these activities good for the company as a whole as well as the security team – your good work is often reflected back on you, personally – and can help you in your professional journey.  
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.