Tag : Hacking

The-Week-in-AppSec-News-300x300

The Sochi Hacking Scare Take Down & The Rest of The Weeks Best

Feb 09, 2014 By Sarah Vonnegut |  
This week, NBC got called out for a slightly exaggerated report of hacking in Sochi (hint: they weren’t even in Sochi); SnapChat got hit with another vulnerability report; Target was hacked via their A/C and heat guys and more. Here’s a short n’ sweet version of the weeks’ news you may have missed.

</Read More>
syrian-electronic-army-facebook-300x168

Facebook Almost Hacked By The SEA: “Happy Birthday, Mark!”

Feb 06, 2014 By Sarah Vonnegut | The notorious hacker group Syrian Electronic Army (SEA) is stirring up trouble again, this time with Facebook. Overnight, the group claimed to pwn the Facebook.com domain, posting a screenshot of the WHOIS info on its Twitter. ‘Happy Birthday Mark,’ the tweet taunted, referring to Facebook’s recent 10th birthday. The registrant data indeed reflected that the email address had been changed to a Syrian Gmail account. 

</Read More>
giovanni-vigna

Preparing the Cyber-Cops of Tomorrow: Interview with Giovanni Vigna

Jan 22, 2014 By Sarah Vonnegut | Each year, hundreds of hackers gather in computer labs around the world. Their goal? Like any other hackers, their goal is to manually exploit application and network level flaws in servers across the globe. If it sounds malicious, it’s just because it mimics real world vulnerability exploitations that happen every day. In fact, this specific activity is meant to be educational – and the hackers in question are actually students hacking from their universities.
This year, 123 teams from around the world simultaneously connected to UCSB’s servers from their respective countries for the iCTF ‘Capture the Flag’ competition. The theme was “Nuclear Cyberwar,” and each team was to patch and keep their own nuclear enrichment plant secure before trying to hack other teams’ system by seeking out and exploiting system flaws.
The competition was grown organically out of Vigna’s advanced computer security classes as well as his own experience with CTFs; in fact, his team, Shellfish, won the 2005 DefCon Capture the Flag. As a professor, Vigna would hold a vulnerability analysis contest at semesters’ end, where half the class would act as attacker and the other half defenders. It soon turned into a hacking contest and then became so popular that other professors took notice. The rest is hacking history. The competition has grown from 12 students in the U.S. to 1,300 participants from 40 different countries this year.

</Read More>
iStock_000006062959Small-200x300

SMBs: ‘Too Small To Be A Target’ Thinking Won’t Cut It Anymore

Jan 14, 2014 By Sarah Vonnegut | With big name brands like Target and Neiman Marcus getting hit left and right these days, it would be easy to make the assumption that hackers are mostly interested in hacking the big guys, especially with further breached retailers soon to be named. It simply is not the case. Small and medium sized businesses still pose plenty of advantages to hackers.

</Read More>
iStock_000031268478Small-300x156

Virtual Reality, Meet Hard Reality: The World of Warcraft Crackdown & What It Could Mean For Cybercrime in China

Dec 31, 2013 By Sarah Vonnegut | Last week in the Zhejiang province of China, 10 men were sentenced to prison terms of up to two years for accessing over 11,500 World of Warcraft accounts. The men didn’t hack into the accounts, but instead bought the login details for the accounts on the black market, then sold each player’s gear and accumulated gold to other gamers within the game.

</Read More>
dogecoin

The Grinch Who Stole Christmas – And 30 Million Dogecoins

Dec 26, 2013 By Sarah Vonnegut | Hundreds of owners of the cryptocurrency Dogecoin awoke on Christmas to a not-so-cheery discovery: their digital wallets had been cleared out. Someone has stolen at least 30 million Dogecoin from Dogewallet.com, one of the largest sites being used to hold Dogecoins. The discovery came after Dogecoin forum users began posting complaints that their funds were disappearing without their authorization. The attack apparently targeted the site themselves, the hacker modifying the sites’ receiving page to ensure transactions came straight to the thief’s’ account. The site has since been shut down and the site’s owners are now investigating the digital robbery.

</Read More>
A-Black-Friday-Breach-Nightmare-300x300

Black Friday Breach Nightmare: At Least 45 Million Target Customers Affected

Dec 19, 2013 By Sarah Vonnegut | Target’s famous bullseye logo attracted some malicious arrows over the holiday shopping season as the national retail chain was the target of a major data breach that may be much more serious than first thought as details emerge.
The data breach will potentially affect hundreds of thousands, perhaps millions, of Target customers that shopped in-store at any of the American retail giant’s 1,800+ locations in the U.S. and Canada between Black Friday and December 15th. Brian Krebs, who first reported on the story on his blog, spoke with several sources that corroborated the same story: Target is currently working with the Secret Service to determine the perpetrators, cause, and outcome of an incident in which the data stored on customer’s magnetic card stripe was stolen.

</Read More>
iStock_000020450842XSmall

Balloon Pop 2 Taken Off Android Play Store – WhatsApp Snooping Exposed

Dec 13, 2013 By Sharon Solomon | Mobile malware has come a long way in recent years. The latest exploit was exposed this week when the popular “Balloon Pop 2”, played and enjoyed by thousands of Android users, was found to contain a malicious code that enabled eavesdropping on WhatsApp conversations. Google has taken the game off its Play Store app market.

</Read More>
iStock_000019262178XSmall

UCSB Hosts International Hacking Contest – Students Lock Horns

Dec 09, 2013 By Sharon Solomon | The UCSB hosted yet another mega-contest featuring the best hacking minds in the world. Pizza, coffee and laptops were found in abundance on the premises last weekend, as young minds from over 40 countries did battle for the bragging rights and a $1,024 bounty.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.