Featured post
/ Posted November 20, 2019
Popular department store Macy's looks to have been hit with a card skimming hack.
The hack appears very similar to those conducted by hacking group Magecart who have historically targeted Airline giants British Airways as well as online ticket sales company Ticketmaster, amongst others.
Filter by:
Security Alerts / Posted November 20, 2019
Popular department store Macy's looks to have been hit with a card skimming hack.
The hack appears very similar to those conducted by hacking group Magecart who have historically targeted Airline giants British Airways as well as online ticket sales company Ticketmaster, amongst others.
Security Alerts / Posted November 01, 2019
Google hasn’t released official details on the exploit but in a nutshell memory corruption vulnerabilities were found in key components of the Chrome browser which could potentially lead to code execution on the user's machine if a malicious page is visited.
Read moreNews Security Alerts / Posted September 25, 2019
AppCheck's Head of Development states: "We have confirmed the exploit does work and is an unauthenticated RCE that attackers can exploit. Depending on the user level they access this could range from simply accessing data, editing it or even full system takeover. Earlier today we have included a plug-in for our customers to identify and safely exploit this vulnerability."
Read moreProduct Research Security Alerts / Posted June 18, 2019
AppCheck has released a new detection module available to all customers to scan for subdomain takeover vulnerabilities.
Read moreNews Research Security Alerts / Posted March 18, 2019
The AppCheck research team identified a security flaw (CVE-2018-2505) within SAP Hybris affecting many large online retailers. The security flaw was due to an insecure JavaScript library that allows malicious JavaScript to be injected into a user’s session with the affected Hybris application.
Read moreResearch Security Alerts / Posted December 04, 2018
Our security team discovered a Remote Code Execution (RCE) vulnerability in the GPS vehicle tracking system Traccar (version <= 4.0). This allows an attacker to compromise the server’s host via a self-registered user account.
Read moreResearch Security Alerts / Posted December 13, 2017
AppCheck discovered a security flaw within the auth0.js JavaScript library that could be exploited by a malicious website to read sensitive access tokens cross-domain.
Read moreSecurity Alerts / Posted November 01, 2017
A new WordPress SQLi vulnerability has been discovered by security researchers in a WordPress core, it’s strongly recommended to update to version 4.8.3, the latest at the time of writing, if you haven’t done so already.
Read moreSecurity Alerts / Posted September 06, 2017
Security researchers announced on 05 September 2017, a critical remote code execution vulnerability in Apache Struts.
Read moreSecurity Alerts / Posted June 28, 2017
A little over two months on since WannaCry set the internet on fire, a new release of ransomware is spreading around the world, as experts unfortunately warned might happen.
Read more