News
Checkmarx Acquires Custodela
November 7, 2018Checkmarx has acquired Custodela, an Ontario-based provider of software security program development and consulting services focused on DevSecOps. The acquisition positions Checkmarx to empower CIOs and CISOs in accelerating the maturity of their DevSecOps programs with expert services for software security deployment and automation. Read More
Checkmarx Acquires Custodela
November 7, 2018The purchase adds DevSecOps capabilities to a software exposure platform. Checkmarx has announced the acquisition of Custodela in a deal that will bring DevSecOps integration to the Checkmarx platform. Read More
Facebook, Google+ user exposure, and the breadth of consequences
November 2, 2018Preventing breaches can be a significant challenge, however, because modern web application and software design has become increasingly complex, and most security programs don’t take a holistic approach to managing... Read More
How Security Can Enable Digital Transformation
November 1, 2018Digital transformation can mean many different things to a variety of business leaders. But at its core, it is the process of integrating digital technologies into business practice. Organizations embark on a digital transformation journey for more efficiency, increased cost savings, enhanced customer experience and better productivity, just to name a... Read More
AppSec Is Dead, but Software Security Is Alive & Well
October 29, 2018Application security must be re-envisioned to support software security. It's time to shake up your processes. There's no denying that an enterprise's application ecosystem must be protected, especially when the average... Read More
AppSec Is Dead, but Software Security Is Alive & Well
October 29, 2018Application security must be re-envisioned to support software security. It's time to shake up your processes. There's no denying that an enterprise's application ecosystem must be protected, especially when the average... Read More
NFCDrip: Português descobre falha que afeta smartphones, impressoras e milhões de outros equipamentos
October 27, 2018Vulnerabilidade encontrada no NFC pode nunca vir a ter correção. Investigador fala numa mudança de paradigma para aquela que é uma das tecnologias mais populares no mundo. Read More
Checkmarx and Fishtech Group partner to help businesses fight software exposure risk
October 24, 2018Checkmarx formed a strategic partnership with Fishtech Group to enable customers across North America manage software exposure at the speed of DevOps. Working together, Fishtech Group will become a reseller... Read More
NFCdrip Attack Proves Long-Range Data Exfiltration via NFC
October 18, 2018Researchers have demonstrated that the near-field communication (NFC) protocol can be used to exfiltrate small amounts of data, such as passwords and encryption keys, over relatively long distances. Read More
Government payment provider exposes 14M customer records online
September 19, 2018Government Payment Service Inc., a company that offers a service called GovPayNow used by U.S. state and local governments, exposed 14 million records online. Discovered by security researcher Brian Krebs and revealed Tuesday, the breach included names, addresses, phone numbers and the last four digits of the payer’s credit card going... Read More
Addressing Software Exposure Within the DevOps Cycle
August 16, 2018There once was a time in software development where developers could design, build and then think about their software's security. However in today's highly connected, API-driven application environment, this approach is simply too risky as it exposes the software to vulnerabilities. Read More
Add It Up: DevOps Security Needs More Tooling
August 9, 2018DevOps teams are involved with security but they need to do more. Two recent studies show that tooling is inadequate and that security is not properly integrated into the entire DevOps process. Read More
Black Hat conference in Las Vegas addresses cryptocurrency theft
August 8, 2018Crypto phishing — sending emails or creating websites that resemble a trusted crypto company — and cryptojacking — using another person’s computer to mine currencies — are two new methods... Read More
92 percent of enterprises struggle to integrate security into DevOps
August 7, 2018A large majority of organizations are struggling to implement security into their DevOps processes, despite saying they want to do so, according to a new report. Read More
Report finds most enterprises fail to implement security across DevOps process
August 7, 2018That’s the biggest takeaway from a new report out today from security firm Checkmarx Ltd. “Managing Software Exposure: Time to Fully Embed Security into Your Application Lifecycle” was undertaken in conjunction with FreeForm Dynamics... Read More
Cybersecurity 500 2018: The Official List
May 21, 2018Thousands of startups have been formed over the past decade to focus on combating cybercrime. The Cybersecurity 500 features the hottest and most innovative companies in this market. Read More
Amazon’s Alexa could be tricked into snooping on users, say security researchers
May 7, 2018Security researchers say they found a way to make Amazon's Alexa digital assistant listen in on its users indefinitely -- and provide a transcript of everything said in front of... Read More
Turning an Echo Into a Spy Device Only Took Some Clever Coding
May 7, 2018IT'S IMPORTANT NOT to overstate the security risks of the Amazon Echo and other so-called smart speakers. They're useful, fun, and generally have well thought-out privacy protections. Then again, putting a mic in your home naturally... Read More
New Skill Let Amazon Alexa Spy on Users
May 7, 2018As a proof of concept, researchers from Israel-based application-security firm Checkmarx wrote a malicious "skill," or Alexa functions, that managed to turn an Amazon Echo Dot into a full-fledged eavesdropping device that recorded dialogue indefinitely and sent transcriptions of human speech to a third-party website as well as to Amazon. (The skill was never... Read More
Researchers Hacked Amazon’s Alexa to Spy On Users, Again
May 7, 2018A malicious proof-of-concept Amazon Echo Skill shows how attackers can abuse the Alexa virtual assistant to eavesdrop on consumers with smart devices – and automatically transcribe every word said. Checkmarx... Read More