News | Checkmarx Application Security

Checkmarx.com

News

Your one stop for the latest application security articles, stories, and trends. Stay on top of the news and know what’s happening, both at Checkmarx and in the industry at large.

News

Checkmarx Acquires Custodela
November 7, 2018

Checkmarx has acquired Custodela, an Ontario-based provider of software security program development and consulting services focused on DevSecOps. The acquisition positions Checkmarx to empower CIOs and CISOs in accelerating the maturity of their DevSecOps programs with expert services for software security deployment and automation. Read More

Checkmarx Acquires Custodela
November 7, 2018

The purchase adds DevSecOps capabilities to a software exposure platform. Checkmarx has announced the acquisition of Custodela in a deal that will bring DevSecOps integration to the Checkmarx platform. Read More

Facebook, Google+ user exposure, and the breadth of consequences
November 2, 2018

Preventing breaches can be a significant challenge, however, because modern web application and software design has become increasingly complex, and most security programs don’t take a holistic approach to managing... Read More

How Security Can Enable Digital Transformation
November 1, 2018

Digital transformation can mean many different things to a variety of business leaders. But at its core, it is the process of integrating digital technologies into business practice. Organizations embark on a digital transformation journey for more efficiency, increased cost savings, enhanced customer experience and better productivity, just to name a... Read More

AppSec Is Dead, but Software Security Is Alive & Well
October 29, 2018

Application security must be re-envisioned to support software security. It's time to shake up your processes. There's no denying that an enterprise's application ecosystem must be protected, especially when the average... Read More

AppSec Is Dead, but Software Security Is Alive & Well
October 29, 2018

Application security must be re-envisioned to support software security. It's time to shake up your processes. There's no denying that an enterprise's application ecosystem must be protected, especially when the average... Read More

NFCDrip: Português descobre falha que afeta smartphones, impressoras e milhões de outros equipamentos
October 27, 2018

Vulnerabilidade encontrada no NFC pode nunca vir a ter correção. Investigador fala numa mudança de paradigma para aquela que é uma das tecnologias mais populares no mundo. Read More

Checkmarx and Fishtech Group partner to help businesses fight software exposure risk
October 24, 2018

Checkmarx formed a strategic partnership with Fishtech Group to enable customers across North America manage software exposure at the speed of DevOps. Working together, Fishtech Group will become a reseller... Read More

NFCdrip Attack Proves Long-Range Data Exfiltration via NFC
October 18, 2018

Researchers have demonstrated that the near-field communication (NFC) protocol can be used to exfiltrate small amounts of data, such as passwords and encryption keys, over relatively long distances. Read More

Government payment provider exposes 14M customer records online
September 19, 2018

Government Payment Service Inc., a company that offers a service called GovPayNow used by U.S. state and local governments, exposed 14 million records online. Discovered by security researcher Brian Krebs and revealed Tuesday, the breach included names, addresses, phone numbers and the last four digits of the payer’s credit card going... Read More

Addressing Software Exposure Within the DevOps Cycle
August 16, 2018

There once was a time in software development where developers could design, build and then think about their software's security. However in today's highly connected, API-driven application environment, this approach is simply too risky as it exposes the software to vulnerabilities. Read More

Add It Up: DevOps Security Needs More Tooling
August 9, 2018

DevOps teams are involved with security but they need to do more. Two recent studies show that tooling is inadequate and that security is not properly integrated into the entire DevOps process. Read More

Black Hat conference in Las Vegas addresses cryptocurrency theft
August 8, 2018

Crypto phishing — sending emails or creating websites that resemble a trusted crypto company — and cryptojacking — using another person’s computer to mine currencies — are two new methods... Read More

92 percent of enterprises struggle to integrate security into DevOps
August 7, 2018

A large majority of organizations are struggling to implement security into their DevOps processes, despite saying they want to do so, according to a new report. Read More

Report finds most enterprises fail to implement security across DevOps process
August 7, 2018

That’s the biggest takeaway from a new report out today from security firm Checkmarx Ltd. “Managing Software Exposure: Time to Fully Embed Security into Your Application Lifecycle” was undertaken in conjunction with FreeForm Dynamics... Read More

Cybersecurity 500 2018: The Official List
May 21, 2018

Thousands of startups have been formed over the past decade to focus on combating cybercrime.  The Cybersecurity 500 features the hottest and most innovative companies in this market. Read More

Amazon’s Alexa could be tricked into snooping on users, say security researchers
May 7, 2018

Security researchers say they found a way to make Amazon's Alexa digital assistant listen in on its users indefinitely -- and provide a transcript of everything said in front of... Read More

Turning an Echo Into a Spy Device Only Took Some Clever Coding
May 7, 2018

IT'S IMPORTANT NOT to overstate the security risks of the Amazon Echo and other so-called smart speakers. They're useful, fun, and generally have well thought-out privacy protections. Then again, putting a mic in your home naturally... Read More

New Skill Let Amazon Alexa Spy on Users
May 7, 2018

As a proof of concept, researchers from Israel-based application-security firm Checkmarx wrote a malicious "skill," or Alexa functions, that managed to turn an Amazon Echo Dot into a full-fledged eavesdropping device that recorded dialogue indefinitely and sent transcriptions of human speech to a third-party website as well as to Amazon. (The skill was never... Read More

Researchers Hacked Amazon’s Alexa to Spy On Users, Again
May 7, 2018

A malicious proof-of-concept Amazon Echo Skill shows how attackers can abuse the Alexa virtual assistant to eavesdrop on consumers with smart devices – and automatically transcribe every word said. Checkmarx... Read More

Skip to content