TikTok’s Invisible Challenge From time to time, there is a new dangerous trending challenge on social media. If you remember the “Tide Pods Challenge” or the “Milk Crate Challenge” you know exactly what I’m talking about. This time, the latest
Every several years, a boring old problem becomes relevant again, typically because those who develop new technologies fail to learn lessons from the mistakes of those who developed old ones. This is apparently the case with Cross-Site Request Forgery (CSRF)
On the 1st of November, OpenSSL released information about two buffer overflow vulnerabilities: CVE-2022-3786 and CVE-2022-3602. In the pre-disclosure announcement on the 25th of October, the issue severity was declared as Critical, but then it was changed to High. The
Checkmarx SCS (Supply Chain Security) team found a vulnerability in GitHub that can allow an attacker to take control over a GitHub repository, and potentially infect all applications and other code relying on it with malicious code. If not explicitly
The newly discovered CVE-2022-42889 made some headlines recently. In this short blog we will discuss what the vulnerability is, its impact, and mitigation. The package affected by the CVE is Apache Commons Text, an open-source Apache library that is “focused
Checkmarx discovered ~200 malicious NPM packages with thousands of installations linked to an attack group called “LofyGang”. This attack group has been operating for over a year with multiple hacking objectives: Credit card informationDiscord “Nitro” (premium) upgradesStreaming services accounts (e.g.
c{api}tal (Checkmarx API Training and Learning) is a purpose-built vulnerable API application based on the OWASP API Top 10 risks. It is built with Python (FastAPI – a quick and easy to use web framework for developing RESTful APIs in
A few hours ago, PyPi disclose information on the first seen phishing attack aimed at a Python contributor. Right now, we are aware of hundreds of malicious packages that were related to this attack based on the known indicator. During
Automatic code execution is triggered upon downloading approximately one third of the packages on PyPi. A worrying feature in pip/PyPi allows code to automatically run when developers are merely downloading a package. Also, this feature is alarming due to the
2021 was a year where cyberattacks exploded, and if you did not know about the dangers of the cyber world, you probably do now. The pandemic got everyone into their homes and focused on their IT devices, so there was
©2022 Checkmarx Ltd. All Rights Reserved. iISO/IEC 27001:2013 Certified
