Application Security Vulnerabilities
Hackers Exploit ConnectWise Bugs to Deploy LockBit Ransomware
Cyberattacks exploiting critical vulnerabilities in ConnectWise’s remote monitoring and management (RMM) tool revealed this week have snowballed and some bad actors are using it to deploy LockBit ransomware, which was the target ...
Log4j, ProxyLogon Top 2021 Exploitable Vulnerabilities List
The Log4Shell vulnerability affecting Apache’s Log4j library and the ProxyLogon and ProxyShell vulnerabilities affecting Microsoft Exchange email servers topped the list of the most routinely exploited vulnerabilities in 2021. These threats were ...
Qualys Unfurls Ransomware Risk Assessment Service
Qualys today launched a Ransomware Risk Assessment Service through which organizations can proactively identify, prioritize, track and ultimately remediate assets that are vulnerable to ransomware attacks. Sumedh Thakar, Qualys CEO, said the ...
Privilege Escalation on Meetup.com Enabled Redirection of Payments
The Checkmarx Security Research Team recently audited the security of several high-profile websites, including Meetup.com. For those who are not familiar with Meetup.com, it allows users to create an event where people ...
On the Road to DevSecOps: Securing the Software Driving Mobility
The automotive industry is experiencing radical change—and software is the catalyst. Progressively more software, increasingly intelligent components, and new methods of interaction are finding their way into automobiles of all sizes and ...
On the Road to DevSecOps: Top Three Benefits of CxFlow
Most organizations who are in the process of transitioning to DevOps understand that this new software development methodology is really about a change of corporate mindset, improvements to internal practices, and the ...
Mutation Cross-Site Scripting (mXSS) Vulnerabilities Discovered in Mozilla-Bleach
As part of the beta testing phase that took place earlier this year for our recently launched Software Composition Analysis solution, CxSCA, the Checkmarx Security Research Team investigated Mozilla-Bleach, finding multiple concerning ...
The Road to DevSecOps: Addressing the Challenges of AppSec Awareness
Recently, I had an opportunity to sit down with Kurt Risley and ask him about his experiences and observations when working with organizations who desire to develop a comprehensive AppSec Awareness Program ...
It’s Time to Update Your Drupal Now!
As part of our ongoing mission to help organizations develop and deploy more secure software and applications, and in light of Checkmarx’s expanded insight into the open source security landscape with its ...
Bringing Your Retail Application Security Strategy Up to Par
It’s no secret that retail has been in the midst of a massive digital transformation over the past few years, largely driven by emerging software and technology, as shoppers seek out new ...
