AppCheck Security Blog
Featured post
Macy's falls victim to hack exposing customer data
/ Posted November 20, 2019
Popular department store Macy's looks to have been hit with a card skimming hack.
The hack appears very similar to those conducted by hacking group Magecart who have historically targeted Airline giants British Airways as well as online ticket sales company Ticketmaster, amongst others.
Filter by:
Macy's falls victim to hack exposing customer data
Security Alerts / Posted November 20, 2019
Popular department store Macy's looks to have been hit with a card skimming hack.
The hack appears very similar to those conducted by hacking group Magecart who have historically targeted Airline giants British Airways as well as online ticket sales company Ticketmaster, amongst others.
New Chrome Zero Day
Security Alerts / Posted November 01, 2019
Google hasn’t released official details on the exploit but in a nutshell memory corruption vulnerabilities were found in key components of the Chrome browser which could potentially lead to code execution on the user's machine if a malicious page is visited.
Read morevBulletin Zero Day Vulnerability Released by Anonymous Source
News Security Alerts / Posted September 25, 2019
AppCheck's Head of Development states: "We have confirmed the exploit does work and is an unauthenticated RCE that attackers can exploit. Depending on the user level they access this could range from simply accessing data, editing it or even full system takeover. Earlier today we have included a plug-in for our customers to identify and safely exploit this vulnerability."
Read moreNew feature announcement: Subdomain takeover audit
Product Research Security Alerts / Posted June 18, 2019
AppCheck has released a new detection module available to all customers to scan for subdomain takeover vulnerabilities.
Read moreSAP Hybris Commerce CVE-2018-2505 Vulnerability Discovered
News Research Security Alerts / Posted March 18, 2019
The AppCheck research team identified a security flaw (CVE-2018-2505) within SAP Hybris affecting many large online retailers. The security flaw was due to an insecure JavaScript library that allows malicious JavaScript to be injected into a user’s session with the affected Hybris application.
Read moreAdvisory: Remote Code Execution Traccar Server <=4.0 (AC-2018-10-8-1)
Research Security Alerts / Posted December 04, 2018
Our security team discovered a Remote Code Execution (RCE) vulnerability in the GPS vehicle tracking system Traccar (version <= 4.0). This allows an attacker to compromise the server’s host via a self-registered user account.
Read moreAppCheck Discovers Vulnerability in Auth0 Library (CVE-2017-17068)
Research Security Alerts / Posted December 13, 2017
AppCheck discovered a security flaw within the auth0.js JavaScript library that could be exploited by a malicious website to read sensitive access tokens cross-domain.
Read moreNew WordPress SQLi Vulnerability Uncovered
Security Alerts / Posted November 01, 2017
A new WordPress SQLi vulnerability has been discovered by security researchers in a WordPress core, it’s strongly recommended to update to version 4.8.3, the latest at the time of writing, if you haven’t done so already.
Read moreApache Struts (CVE-2017-9805)
Security Alerts / Posted September 06, 2017
Security researchers announced on 05 September 2017, a critical remote code execution vulnerability in Apache Struts.
Read morePetya Ransomware: The Basics
Security Alerts / Posted June 28, 2017
A little over two months on since WannaCry set the internet on fire, a new release of ransomware is spreading around the world, as experts unfortunately warned might happen.
Read more