AppCheck Security Blog
Featured post
AppCheck Scan Template for Pulse Secure CVE-2019-11510
/ Posted January 09, 2020
AppCheck have released a scan template which will run a quicker scan and check for the above vulnerability. Specifically, the module will look to detect a critical security flaw in Pulse Secure’s Zero Trust Remote Access VPN.
read moreFilter by:
AppCheck Scan Template for Pulse Secure CVE-2019-11510
Product Research Security Alerts / Posted January 09, 2020
AppCheck have released a scan template which will run a quicker scan and check for the above vulnerability. Specifically, the module will look to detect a critical security flaw in Pulse Secure’s Zero Trust Remote Access VPN.
Read moreAppCheck Scan Template for Citrix Vulnerability CVE-2019-19781
Product Research Security Alerts / Posted January 09, 2020
AppCheck have released a scan template to detect a remote code execution flaw in Citrix appliances.
Read moreAppCheck Plug-in for Citrix Vulnerability CVE-2019-19781
Product Research Security Alerts / Posted December 18, 2019
AppCheck have released a plug-in to detect a remote code execution flaw in Citrix appliances.
Read moreMacy's falls victim to hack exposing customer data
Security Alerts / Posted November 20, 2019
Popular department store Macy's looks to have been hit with a card skimming hack.
The hack appears very similar to those conducted by hacking group Magecart who have historically targeted Airline giants British Airways as well as online ticket sales company Ticketmaster, amongst others.
New Chrome Zero Day
Security Alerts / Posted November 01, 2019
Google hasn’t released official details on the exploit but in a nutshell memory corruption vulnerabilities were found in key components of the Chrome browser which could potentially lead to code execution on the user's machine if a malicious page is visited.
Read morevBulletin Zero Day Vulnerability Released by Anonymous Source
News Security Alerts / Posted September 25, 2019
AppCheck's Head of Development states: "We have confirmed the exploit does work and is an unauthenticated RCE that attackers can exploit. Depending on the user level they access this could range from simply accessing data, editing it or even full system takeover. Earlier today we have included a plug-in for our customers to identify and safely exploit this vulnerability."
Read moreNew feature announcement: Subdomain takeover audit
Product Research Security Alerts / Posted June 18, 2019
AppCheck has released a new detection module available to all customers to scan for subdomain takeover vulnerabilities.
Read moreSAP Hybris Commerce CVE-2018-2505 Vulnerability Discovered
News Research Security Alerts / Posted March 18, 2019
The AppCheck research team identified a security flaw (CVE-2018-2505) within SAP Hybris affecting many large online retailers. The security flaw was due to an insecure JavaScript library that allows malicious JavaScript to be injected into a user’s session with the affected Hybris application.
Read moreAdvisory: Remote Code Execution Traccar Server <=4.0 (AC-2018-10-8-1)
Research Security Alerts / Posted December 04, 2018
Our security team discovered a Remote Code Execution (RCE) vulnerability in the GPS vehicle tracking system Traccar (version <= 4.0). This allows an attacker to compromise the server’s host via a self-registered user account.
Read moreAppCheck Discovers Vulnerability in Auth0 Library (CVE-2017-17068)
Research Security Alerts / Posted December 13, 2017
AppCheck discovered a security flaw within the auth0.js JavaScript library that could be exploited by a malicious website to read sensitive access tokens cross-domain.
Read more