Meetup Vulnerabilities: Escalation of Privilege and Redirection of Funds

Checkmarx Blog

Checkmarx Research: Smart Vacuum Security Flaws May Leave Users Exposed

There is little doubt that today’s consumers have a tendency to choose convenience over security. When a shiny new gadget designed to make our lives easier finds its way to the consumer market, buyers often jump at the opportunity to purchase it and put it into action. Unfortunately, every new internet-connected gadget opens users up

Read More ›

Checkmarx Research: Apache Dubbo 2.7.3 – Unauthenticated RCE via Deserialization of Untrusted Data (CVE-2019-17564)

Executive Summary Having developed a high level of interest in serialization attacks in recent years, I’ve decided to put some effort into researching Apache Dubbo some months back. Dubbo, I’ve learned, deserializes many things in many ways, and whose usage world-wide has grown significantly after its adoption by the Apache Foundation. Figure 1 – Dubbo

Read More ›

Checkmarx Research: SoundCloud API Security Advisory

Recently, the Checkmarx Security Research team investigated the online music platform SoundCloud. According to their website, “As the world’s largest music and audio platform, SoundCloud lets people discover and enjoy the greatest selection of music from the most diverse creator community on earth.” This investigation was part of a broader research conducted by Checkmarx, in

Read More ›

Checkmarx Research: A Race Condition in Kubernetes

Last year, the Checkmarx Security Research Team decided to investigate Kubernetes due to the growing usage of it worldwide. For those who are not too familiar with this technology, you can find more information at the official site here. Kubernetes is an open-source framework written in the Go language, originally designed and developed by Google

Read More ›

Correlating and Remediating Security Risks at Scale is Vital to DevOps

The recent industry shift towards DevOps makes it clear that organizations are adopting this development and operational model to facilitate the practice of automating software delivery and deployment. As a result, organizations are acknowledging that their traditional approaches to software security are having a difficult time adapting to this new model, since security if often

Read More ›

Jump to Category