AppCheck news & events

8 Tips to Improve IT Security for SMEs

When we think of cyber-attacks our minds often flash to larger corporations and massive data leaks for millions of customers, but these are just the ones we see reported in the news. In fact the Verizon 2019 Data Breach Report found that 43% of breaches involved small business victims.

Cyber-attacks are on the rise and for most SMEs trying to get your head around them and protect your business can be a daunting and difficult task. We have complied a list of 8 steps to help prevent breaches including practical advice on what to do should a breach occur.

read more

New feature announcement: Subdomain takeover audit

AppCheck has released a new detection module available to all customers to scan for subdomain takeover vulnerabilities. 

Read more

SAP Hybris Commerce CVE-2018-2505 Vulnerability Discovered

The AppCheck research team identified a security flaw (CVE-2018-2505) within SAP Hybris affecting many large online retailers. The security flaw was due to an insecure JavaScript library that allows malicious JavaScript to be injected into a user’s session with the affected Hybris application.

Read more

Advisory: Remote Code Execution Traccar Server <=4.0 (AC-2018-10-8-1)

Our security team discovered a Remote Code Execution (RCE) vulnerability in the GPS vehicle tracking system Traccar (version <= 4.0). This allows an attacker to compromise the server’s host via a self-registered user account.

Read more

AppCheck Discovers Vulnerability in Auth0 Library (CVE-2017-17068)

AppCheck discovered a security flaw within the auth0.js JavaScript library that could be exploited by a malicious website to read sensitive access tokens cross-domain.

Read more

New WordPress SQLi Vulnerability Uncovered

A new WordPress SQLi vulnerability has been discovered by security researchers in a WordPress core, it’s strongly recommended to update to version 4.8.3, the latest at the time of writing, if you haven’t done so already.

Read more

Apache Struts (CVE-2017-9805)

Security researchers announced on 05 September 2017, a critical remote code execution vulnerability in Apache Struts.

Read more

Petya Ransomware: The Basics

A little over two months on since WannaCry set the internet on fire, a new release of ransomware is spreading around the world, as experts unfortunately warned might happen.

Read more

Critical Joomla 3.7 SQL Injection Vulnerability Patched

On the 17th of May 2017, the Joomla team issued a patch for a high severity security flaw that could allow a remote unauthenticated attacker to execute arbitrary SQL queries on the target system. A malicious attacker could exploit this flaw to read, create, modify and delete data stored within the database. It is also possible to gain administrator control of the Joomla CMS and execute PHP code on the affected server by exploiting this flaw.

Read more

WanaCrypt0r – Ransom Attack

With the global spread of this particular malware on Friday and the media coverage it has received, it is understandable that many customers are wanting to know more about this threat and what they can do to protect against it.

Read more

New Apache Struts Zero Day Vulnerability Discovered

On the 6th March 2017 information security researchers have discovered a Zero-Day vulnerability in Apache Struts web application framework, which is being actively exploited in the wild and is under active attack. Apache Struts is a free, open-source, Model-View-Controller (MVC) framework for creating elegant, modern Java web applications, which supports REST, AJAX, and JSON.

Read more