Tag : BYOD


Pakistani Ethical Hacker Reveals How He Exposed Android Vulnerabilities

Oct 21, 2014 By Sharon Solomon | Hackers are often viewed as modern-day pirates. While mostly true due to the security hazards they create, ethical hackers actually are very helpful in actually improving security standards. Most of these security experts perform these actions simply for the benefit of the community. Rafay Baloch is one such ethical hacker.   Baloch, also known as Pakistan’s “Top Ethical Hacking Prodigy”, has been in the headlines recently for exposing two vulnerabilities in Android’s stock (AOSP) browser. These security loopholes allow hackers to steal the mobile user’s session cookie, enabling them to perform a wide variety of malicious actions including identity theft.   The Pakistani AppSec expert, currently an undergraduate student who spends his free time honing his research skills, was also kind enough to take Checkmarx’s questions and provide an in-depth view into how he revealed the aforementioned vulnerabilities in the world’s most popular mobile OS.  

</Read More>

eBay Data Breach: A Big Wake-Up Call for e-Commerce Giants

May 27, 2014 By Sharon Solomon | eBay, the world’s largest and most used eCommerce platform, has suffered a major security breach. More than 100 million users have been affected in what has become this year’s biggest cybercrime so far. It’s still not clear how the intruders gained access to the eBay databases, but this is definitely the right time to bolster application security.
Identity/data theft has become serious problem in recent years. The aforementioned eBay breach is still creating waves as millions of usernames, passwords, phone numbers and physical addresses have been stolen.
“Cyber-attackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network,” eBay recently commented. “The company is aggressively investigating the matter.”

</Read More>

Mobile Sunday: Viber Encryption Troubles Putting Millions at Risk

May 04, 2014 By Sharon Solomon | The Viber instant messaging app has become a household name, with over 200 million downloads worldwide. This cross-platform software is also compatible with desktops and provides unique functionality. But researchers at the University of New Haven have now exposed the lack of data encryption in the popular mobile app, a serious security problem. This is the second IM vulnerability exposed by the UNH experts this month, with the previous one being found in the WhatsApp messenger. The Facebook-owned service was found to give away user location in an unencrypted and open form. Viber is now feeling the heat. Hackers can easily perform man-in-the-middle attacks to harvest sensitive user data. Its even possible to retrieve messages including photos, videos and location-related data from the Viber servers.

</Read More>

Mobile Friday: Backdoor Exposed in Samsung Smartphones

Mar 14, 2014 By Sharon Solomon | Smartphones are getting smarter and the risks involved in using them are also getting bigger. More and more security issues are popping up in today’s mobile phones. The latest high-profile vulnerability has been exposed in a wide range of mainstream Samsung devices, sold in millions all around the world.
Replicant has published a proof-of-concept software that can access files on numerous Samsung devices thanks to a backdoor in their proprietary software. The researchers have also shown how the vulnerability can be patched and fixed.

</Read More>

Coming Soon: Chameleon, A WiFi Virus That Spreads Like Flu

Mar 03, 2014 By Sharon Solomon | The diversity in malware and virus attributes is huge. New techniques are being invented all the time. Just a few months ago Hacking with Inaudible Sounds was demonstrated. Now there is Chameleon, a contagious virus that skips in between Wireless Access Points. Researchers at the University of Liverpool in the UK conducted a unique research trying to infect Wireless Access Points. This revolutionary virus can potentially spread without the hacker’s intervention just like the common cold spreads between humans.

</Read More>

Mobile Friday: iOS Apps Riskier Than Android Ones

Feb 28, 2014 By Sharon Solomon | The mobile app markets are booming. More and more developers are shifting their focus towards smartphone and tablet software. Despite the common belief that Apple has the safest mobile platform, an in-depth research by Appthority has shown that iOS apps are more vulnerable than Android ones. Appthority is a leading application security analysis provider that recently compared the security levels in iOS and Android platforms. Security related app behaviors, such as location tracking and data sharing, were researched and analyzed.

</Read More>

BYOD Data Security Becoming Top Priority

Feb 12, 2014 By Sharon Solomon | Today’s booming technology and internet revolution has caused a new problem for CISOs and InfoSec Managers. Bring Your Own Device (BYOD) is the growing phenomenon of employees bringing personal smartphones (BYOP) and laptops/tablets (BYOPC) to work, causing a wide array of communication and security issues. Most IT companies have embraced the latest technological trend, believing that this eventually improves worker productivity. But the security aspect is hugely neglected and can lead to major security breaches and compromise valuable data.

</Read More>

What’s HOT in Application Security Vol #4

Mar 11, 2012 By Administrator | Where is NASA’s security?
5,408 successful eruptions since 2009, 48 stolen laptops and mobile devices,47 advanced persistent threats (APTs) and 13 that managed to jeopardize thousands of NASA’s computers causing serious damage and leaving NASA with an approximated $7 million bill. http://www.space.com/14750-stolen-nasa-laptop.html

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.