News
News
35K Malicious Code Insertions in GitHub: Attack or Bug-Bounty Effort?
August 4, 2022A hacker going by the handle "Pl0xP" cloned a large number of GitHub repositories and slightly changed the cloned repository names, in a typosquatting effort to impersonate legitimate projects —... Read More
Cybersecurity Startups Make Waves at RSAC 2022
June 9, 2022RSA Conference 2022 showcased cybersecurity startups vying for a foothold in the crowded market. Here’s a roundup of the top announcements. Read More
Checkmarx Fusion Released
June 8, 2022Checkmarx announced the availability of Checkmarx Fusion, a context-aware correlation engine that enables full visibility into applications, component interactions, and bills of materials. Read More
Hottest new cybersecurity products at RSA 2022
June 8, 2022The annual RSA Conference is an opportunity for companies to showcase their latest cybersecurity products. Here are some of the most interesting new products being shown at RSA Conference 2022. Read More
2022 Women of the Channel Awards
May 10, 2022This year, CRN honors nearly 1400 women whose channel expertise and vision are deserving of recognition. The Most Powerful Women Of The Channel 2022: Power 100 > The Power 100 is culled from the ranks of CRN’s Women of the Channel and spotlights the female executives at vendors and distributors... Read More
DevSecOps: como integrar desenvolvimento, segurança e operações?
May 10, 2022O cenário da infraestrutura de TI passou por mudanças exponenciais na última década. A migração para plataformas ágeis de computação em nuvem, armazenamento, dados compartilhados e aplicativos dinâmicos trouxe enormes... Read More
Checkmarx Report Highlights Need for AppSec Collaboration
May 9, 2022A research report published by Checkmarx finds the same basic malicious software developed using multiple programming languages as cyberattackers industrialize their malware development processes. Read More
World Password Day helps to raise security awareness
May 5, 2022The death of the password is something that has been predicted for a very long time. But the venerable means of securing our accounts still clings tenaciously to life. Today's World Password Day is designed to raise awareness of the continued importance of passwords and the need -- where we do still... Read More
StarJacking: Attackers disguise malicious open source packages
May 4, 2022Open-Source-Pakete sind ein zentraler Bestandteil moderner Software-Supply-Chains. Die Entscheidung, welches Paket Entwickler in ihrem Projekt verwenden, hängt maßgeblich von dessen Bewertung und Downloadzahlen ab – diese Form der Entscheidungsfindung birgt aber auch Risiken. Read More
Attackers targeting packages in multiple coding languages in recent software supply chain attacks
May 3, 2022Malicious packages in multiple coding languages that went undetected for years were revealed by the Checkmarx Supply Chain Security team using advanced threat hunting techniques. Read More
Checkmarx-SCA-Plug-in für JetBrains IntelliJ IDEA Ultimate
April 29, 2022JetBrains und Checkmarx sind eine strategische Partnerschaft eingegangen. Fortan könnten Entwickler ihren nicht kompilierten Code einfach scannen, um Hunderte potenzielle Schwachstellen zu erkennen und zu beheben – alles von ihrem gewohnten IntelliJ IDEA Workspace aus. Read More
Licorne de la sécurité applicative, Checkmarx cible 30 millions de développeurs, et leurs successeurs.
April 27, 2022Licorne à 16 ans, suite au rachat à 1,15 milliard de dollars par H&F, Checkmarx n’a pas fini de faire parler d’elle. Rencontre avec Emmanuel Benzaquen, son CEO dès l’origine. Read More
The Implications of Twitter’s Potential Algorithm Move to Open Source
April 27, 2022ElonMusk’s recently announced takeover of Twitter raises a whole slew of questions and concerns for the future of the social media platform. One such question comes from the potential shift... Read More
Checkmarx Finds Malicious Open Source PyPi Repository
April 20, 2022Checkmarx, a provider of a platform for testing application security, this week disclosed it has discovered a malicious instance of a PyPi repository for Python code that has been downloaded more than 70,000 times. Read More
Checkmarx: Attackers Hijacking GitHub Ratings to ‘Infect As Many Targets As Possible
April 20, 2022Cybersecurity company Checkmarx said it has discovered that hackers can effectively hijack GitHub’s star ratings of open-source products to trick developers into downloading malicious code. In a blog post, Checkmarx’s Tzachi “Zack”... Read More
Checkmarx and JetBrains provide developers with security information during development
April 15, 2022Checkmarx’ Software Composition Analysis (SCA) solution has been integrated directly into the JetBrains IntelliJ IDEA Ultimate through a free plug-in to provide the Software Composition Analysis to IntelliJ IDEA Ultimate... Read More
New Research From Checkmarx Prompts Supply Chain Security Solution to Restore Trust in Open Source Packages
April 8, 2022Now available for use with Checkmarx Software Composition Analysis (SCA), the solution restores trust in modern application development while letting developers embrace open source code RAMAT GAN, Israel and ATLANTA, March 22, 2022 /PRNewswire/ — Checkmarx,... Read More
RED-LILI continues to launch NPM attacks on Azure developers
March 28, 2022Researchers on Monday reported that threat actor RED-LILI has launched hundreds of malicious packages as part of node package manager (NPM) attacks on Azure and other developers. Read More
Checkmarx Finds Threat Actor ‘Fully Automating’ NPM Supply Chain Attacks
March 28, 2022Threat hunters at Checkmarx on Monday raised an alarm after discovering a threat actor fully automating the creation and delivery of "hundreds of malicious packages" into the NPM ecosystem. The... Read More
Hundreds more packages found in malicious npm ‘factory
March 28, 2022Researchers continue to investigate a wave of malicious npm packages, with the published tally now reaching over 700. Last week, JFrog researchers disclosed the scheme in which an unknown threat actor had published at least 200 malicious Node Package Manager (npm) packages. The team said that the repositories were first detected on... Read More
