Application Security Vulnerabilities
Hackers Exploit ConnectWise Bugs to Deploy LockBit Ransomware
Cyberattacks exploiting critical vulnerabilities in ConnectWise’s remote monitoring and management (RMM) tool revealed this week have snowballed and some bad actors are using it to deploy LockBit ransomware, which was the target ...
Security Boulevard
Log4j, ProxyLogon Top 2021 Exploitable Vulnerabilities List
Nathan Eddy | | Apache Log4j, Application Security Vulnerabilities, iot, Microsoft Exchange, ProxyLogon
The Log4Shell vulnerability affecting Apache’s Log4j library and the ProxyLogon and ProxyShell vulnerabilities affecting Microsoft Exchange email servers topped the list of the most routinely exploited vulnerabilities in 2021. These threats were ...
Security Boulevard
Qualys Unfurls Ransomware Risk Assessment Service
Michael Vizard | | Application Security Vulnerabilities, Qualys, Ransomware, Risk Assessment and Management
Qualys today launched a Ransomware Risk Assessment Service through which organizations can proactively identify, prioritize, track and ultimately remediate assets that are vulnerable to ransomware attacks. Sumedh Thakar, Qualys CEO, said the ...
Security Boulevard
Privilege Escalation on Meetup.com Enabled Redirection of Payments
Erez Yalon | | Application Security Testing, Application Security Vulnerabilities, Blog, Checkmarx Security Research Team, CSRF, Exploitable Vulnerabilities, XSS
The Checkmarx Security Research Team recently audited the security of several high-profile websites, including Meetup.com. For those who are not familiar with Meetup.com, it allows users to create an event where people ...
On the Road to DevSecOps: Securing the Software Driving Mobility
Stephen Gates | | Application Security Testing, Application Security Vulnerabilities, Blog, DEVOPS, DevSecOps, Software Developers
The automotive industry is experiencing radical change—and software is the catalyst. Progressively more software, increasingly intelligent components, and new methods of interaction are finding their way into automobiles of all sizes and ...
On the Road to DevSecOps: Top Three Benefits of CxFlow
Stephen Gates | | Application Security Vulnerabilities, Automation, Blog, CxFlow, DEVOPS, DevSecOps, Software Developers
Most organizations who are in the process of transitioning to DevOps understand that this new software development methodology is really about a change of corporate mindset, improvements to internal practices, and the ...
Mutation Cross-Site Scripting (mXSS) Vulnerabilities Discovered in Mozilla-Bleach
Erez Yalon | | Application Security Vulnerabilities, appsec awareness program, Blog, Codebashing, DEVOPS, Secure Coding Education, Secure SDLC, Software Developers
As part of the beta testing phase that took place earlier this year for our recently launched Software Composition Analysis solution, CxSCA, the Checkmarx Security Research Team investigated Mozilla-Bleach, finding multiple concerning ...
The Road to DevSecOps: Addressing the Challenges of AppSec Awareness
Stephen Gates | | Application Security Vulnerabilities, appsec awareness program, Blog, Codebashing, DEVOPS, Secure Coding Education, Secure SDLC, Software Developers
Recently, I had an opportunity to sit down with Kurt Risley and ask him about his experiences and observations when working with organizations who desire to develop a comprehensive AppSec Awareness Program ...
It’s Time to Update Your Drupal Now!
Erez Yalon | | Application Security Vulnerabilities, Blog, Drupal security analysis, Open Source Projects, open-source-software, SCA, Software Composition Analysis
As part of our ongoing mission to help organizations develop and deploy more secure software and applications, and in light of Checkmarx’s expanded insight into the open source security landscape with its ...
Bringing Your Retail Application Security Strategy Up to Par
Matthew Rose | | Application Security Vulnerabilities, Blog, DEVOPS, Retail Security, Secure Coding Education, Secure SDLC, Software Composition Analysis, Software Developers
It’s no secret that retail has been in the midst of a massive digital transformation over the past few years, largely driven by emerging software and technology, as shoppers seek out new ...