News | Checkmarx Application Security


Your one stop for the latest application security articles, stories, and trends. Stay on top of the news and know what’s happening, both at Checkmarx and in the industry at large.


NFCDrip: Português descobre falha que afeta smartphones, impressoras e milhões de outros equipamentos
October 27, 2018

Vulnerabilidade encontrada no NFC pode nunca vir a ter correção. Investigador fala numa mudança de paradigma para aquela que é uma das tecnologias mais populares no mundo. Read More

Checkmarx and Fishtech Group partner to help businesses fight software exposure risk
October 24, 2018

Checkmarx formed a strategic partnership with Fishtech Group to enable customers across North America manage software exposure at the speed of DevOps. Working together, Fishtech Group will become a reseller... Read More

NFCdrip Attack Proves Long-Range Data Exfiltration via NFC
October 18, 2018

Researchers have demonstrated that the near-field communication (NFC) protocol can be used to exfiltrate small amounts of data, such as passwords and encryption keys, over relatively long distances. Read More

Government payment provider exposes 14M customer records online
September 19, 2018

Government Payment Service Inc., a company that offers a service called GovPayNow used by U.S. state and local governments, exposed 14 million records online. Discovered by security researcher Brian Krebs and revealed Tuesday, the breach included names, addresses, phone numbers and the last four digits of the payer’s credit card going... Read More

Addressing Software Exposure Within the DevOps Cycle
August 16, 2018

There once was a time in software development where developers could design, build and then think about their software's security. However in today's highly connected, API-driven application environment, this approach is simply too risky as it exposes the software to vulnerabilities. Read More

Add It Up: DevOps Security Needs More Tooling
August 9, 2018

DevOps teams are involved with security but they need to do more. Two recent studies show that tooling is inadequate and that security is not properly integrated into the entire DevOps process. Read More

Black Hat conference in Las Vegas addresses cryptocurrency theft
August 8, 2018

Crypto phishing — sending emails or creating websites that resemble a trusted crypto company — and cryptojacking — using another person’s computer to mine currencies — are two new methods... Read More

92 percent of enterprises struggle to integrate security into DevOps
August 7, 2018

A large majority of organizations are struggling to implement security into their DevOps processes, despite saying they want to do so, according to a new report. Read More

Report finds most enterprises fail to implement security across DevOps process
August 7, 2018

That’s the biggest takeaway from a new report out today from security firm Checkmarx Ltd. “Managing Software Exposure: Time to Fully Embed Security into Your Application Lifecycle” was undertaken in conjunction with FreeForm Dynamics... Read More

Cybersecurity 500 2018: The Official List
May 21, 2018

Thousands of startups have been formed over the past decade to focus on combating cybercrime.  The Cybersecurity 500 features the hottest and most innovative companies in this market. Read More

Amazon’s Alexa could be tricked into snooping on users, say security researchers
May 7, 2018

Security researchers say they found a way to make Amazon's Alexa digital assistant listen in on its users indefinitely -- and provide a transcript of everything said in front of... Read More

Turning an Echo Into a Spy Device Only Took Some Clever Coding
May 7, 2018

IT'S IMPORTANT NOT to overstate the security risks of the Amazon Echo and other so-called smart speakers. They're useful, fun, and generally have well thought-out privacy protections. Then again, putting a mic in your home naturally... Read More

New Skill Let Amazon Alexa Spy on Users
May 7, 2018

As a proof of concept, researchers from Israel-based application-security firm Checkmarx wrote a malicious "skill," or Alexa functions, that managed to turn an Amazon Echo Dot into a full-fledged eavesdropping device that recorded dialogue indefinitely and sent transcriptions of human speech to a third-party website as well as to Amazon. (The skill was never... Read More

Researchers Hacked Amazon’s Alexa to Spy On Users, Again
May 7, 2018

A malicious proof-of-concept Amazon Echo Skill shows how attackers can abuse the Alexa virtual assistant to eavesdrop on consumers with smart devices – and automatically transcribe every word said. Checkmarx... Read More

Latest Alexa hack shows Echo could be turned into scary spying device
May 7, 2018

According to Forbes, the discovery was made by a company called Checkmarx, whose tools test the security of soon-to-be released software. The hack exploits Alexa’s in-built function to listen out for follow-up... Read More

Hacking the Amazon Alexa virtual assistant to spy on unaware users
May 7, 2018

Checkmarx experts created a proof-of-concept Amazon Echo Skill for Alexa that instructs the device to eavesdrop on users’ conversations and then sends the transcripts to a website controlled by the attackers. Read More

Amazon Echo made to eavesdrop without exploit or manipulation
May 7, 2018

Checkmarx security researchers developed a proof of concept attack that would allow enable an Amazon Echo to continue recording a user long after a request is made. Read More

Researchers Find Alexa Security Flaw to Spy on Users
May 7, 2018

Security researchers at the firm Checkmarx said they found a way to create an Alexa skill that would continue listening to users long after they prompted the software, according to... Read More

Amazon Alexa Tricked By Security Researchers To Keep Listening
May 7, 2018

Researchers from security firm Checkmarx say they have found a way to keep Amazon’s digital assistant Alexa listening in on what is said -- and even transcribe it. The researchers... Read More

Alexa Turned Spy, Able to Snoop on Users
May 7, 2018

Amazon put a quick stop to an issue in Alexa’s skill set after Chexmarx researchers reported that her skill set could be expanded to listen in on users not just some of the time but all of the time. According to a Checkmarx research paper, Alexa skills can be developed in different languages using... Read More

Skip to content