IoT Log4j Exchange ProxyLogon OT PKI IoT security

Log4j, ProxyLogon Top 2021 Exploitable Vulnerabilities List 

The Log4Shell vulnerability affecting Apache’s Log4j library and the ProxyLogon and ProxyShell vulnerabilities affecting Microsoft Exchange email servers topped the list of the most routinely exploited vulnerabilities in 2021. These threats were ...
Security Boulevard
Qualys third-party risk management

Qualys Unfurls Ransomware Risk Assessment Service

Qualys today launched a Ransomware Risk Assessment Service through which organizations can proactively identify, prioritize, track and ultimately remediate assets that are vulnerable to ransomware attacks. Sumedh Thakar, Qualys CEO, said the ...
Security Boulevard
Meetup.com Vulnerabilities Cause Privilege Escalation and Payment Redirection

Privilege Escalation on Meetup.com Enabled Redirection of Payments

The Checkmarx Security Research Team recently audited the security of several high-profile websites, including Meetup.com. For those who are not familiar with Meetup.com, it allows users to create an event where people ...
On the Road to DevSecOps: Securing the Software Driving Mobility

On the Road to DevSecOps: Securing the Software Driving Mobility

The automotive industry is experiencing radical change—and software is the catalyst. Progressively more software, increasingly intelligent components, and new methods of interaction are finding their way into automobiles of all sizes and ...
On the Road to DevSecOps: Top Three Benefits of CxFlow

On the Road to DevSecOps: Top Three Benefits of CxFlow

Most organizations who are in the process of transitioning to DevOps understand that this new software development methodology is really about a change of corporate mindset, improvements to internal practices, and the ...
Exploiting mXSS Vulnerabilities Within Mozilla-Bleach

Mutation Cross-Site Scripting (mXSS) Vulnerabilities Discovered in Mozilla-Bleach

As part of the beta testing phase that took place earlier this year for our recently launched Software Composition Analysis solution, CxSCA, the Checkmarx Security Research Team investigated Mozilla-Bleach, finding multiple concerning ...
The Road to DevSecOps: Addressing the Challenges of AppSec Awareness

The Road to DevSecOps: Addressing the Challenges of AppSec Awareness

Recently, I had an opportunity to sit down with Kurt Risley and ask him about his experiences and observations when working with organizations who desire to develop a comprehensive AppSec Awareness Program ...
It’s Time to Update Your Drupal Now!

It’s Time to Update Your Drupal Now!

As part of our ongoing mission to help organizations develop and deploy more secure software and applications, and in light of Checkmarx’s expanded insight into the open source security landscape with its ...
Bringing Your Retail Application Security Strategy Up to Par

Bringing Your Retail Application Security Strategy Up to Par

It’s no secret that retail has been in the midst of a massive digital transformation over the past few years, largely driven by emerging software and technology, as shoppers seek out new ...
The Road to DevSecOps: Addressing the Challenges of Open Source Software

The Road to DevSecOps: Addressing the Challenges of Open Source Software

Although software is significantly changing our work, home, and personal lives, many don’t realize that today’s software is made up of numerous ingredients. Some of the software we use daily contains pieces ...