News / Posted August 08, 2019
When we think of cyber-attacks our minds often flash to larger corporations and massive data leaks for millions of customers, but these are just the ones we see reported in the news. In fact the Verizon 2019 Data Breach Report found that 43% of breaches involved small business victims.
Cyber-attacks are on the rise and for most SMEs trying to get your head around them and protect your business can be a daunting and difficult task. We have complied a list of 8 steps to help prevent breaches including practical advice on what to do should a breach occur.read more
Product Research Security Alerts / Posted June 18, 2019
AppCheck has released a new detection module available to all customers to scan for subdomain takeover vulnerabilities.Read more
News Research Security Alerts / Posted March 18, 2019
Research Security Alerts / Posted December 04, 2018
Our security team discovered a Remote Code Execution (RCE) vulnerability in the GPS vehicle tracking system Traccar (version <= 4.0). This allows an attacker to compromise the server’s host via a self-registered user account.Read more
Research Security Alerts / Posted December 13, 2017
Research Security Alerts / Posted January 04, 2017
On the 25th of December 2016, a security researcher disclosed a critical security flaw within a popular PHP library used to send emails. The PHPMailer library is used by more than 9 million websites worldwide and is bundled with popular open source PHP content management systems such as WordPress. At worst the flaw could be exploited to execute arbitrary PHP code on the affected system. This would allow the remote attacker to take complete control of the application and launch further attacks against the system and internal network. PHPMailer versions below 5.2.20 are affected along with a number of other libraries that include the vulnerable code; such as SwiftMail and the Zend Framework.Read more
News Product Research / Posted August 10, 2016
AppCheck partnered with Sec-1 Ltd to undertake a research project investigating the security challenges posed by next generation web applications. The project included an investigation of Cross-Origin communication mechanisms provided via HTML5 including postMessage and CORS.
One of the key findings from the research shows that vulnerabilities introduced through an insecure postMessage implementation are frequently missed by security scanners and consultants performing manual review.Read more
Research Security Alerts / Posted October 23, 2015
On the 9th October researchers at AppCheck NG discovered a critical Remote Command Execution (RCE) in the popular WordPress plugin Form Manager which allows an attacker with an unprivileged account (including a self-registered account) to execute arbitrary commands on the host. The vulnerability was reported and fixed on the 12th October.Read more
News Product Research / Posted October 08, 2015
AppCheck Sentinel is an external monitoring system designed to detect Out-of-Band events such as DNS Lookups and HTTP requests. Its’ function in Web Application scanning is to aid the detection of vulnerabilities that cannot be identified through the use of conventional scanning techniques.Read more
News Research / Posted July 31, 2015
Research Security Alerts / Posted May 27, 2015
The aheadWorks Blog extension for Magento prior to version 1.3.10 is vulnerable to a critical SQL Injection security flaw. A remote unauthenticated attacker could exploit this vulnerability to take complete control of the affected Magento server and database.
With almost 80,000 downloads at the time of writing, the affected component is the most popular blog component available via Magento Connect.Read more