AppCheck Security Blog

AppCheck Scan Template for Pulse Secure CVE-2019-11510

AppCheck have released a scan template which will run a quicker scan and check for the above vulnerability. Specifically, the module will look to detect a critical security flaw in Pulse Secure’s Zero Trust Remote Access VPN.

read more

AppCheck Scan Template for Pulse Secure CVE-2019-11510

AppCheck have released a scan template which will run a quicker scan and check for the above vulnerability. Specifically, the module will look to detect a critical security flaw in Pulse Secure’s Zero Trust Remote Access VPN.

Read more

AppCheck Scan Template for Citrix Vulnerability CVE-2019-19781

AppCheck have released a scan template to detect a remote code execution flaw in Citrix appliances.

Read more

AppCheck Plug-in for Citrix Vulnerability CVE-2019-19781

AppCheck have released a plug-in to detect a remote code execution flaw in Citrix appliances.

Read more

Macy's falls victim to hack exposing customer data

Popular department store Macy's looks to have been hit with a card skimming hack.
The hack appears very similar to those conducted by hacking group Magecart who have historically targeted Airline giants British Airways as well as online ticket sales company Ticketmaster, amongst others.

Read more

New Chrome Zero Day

Google hasn’t released official details on the exploit but in a nutshell memory corruption vulnerabilities were found in key components of the Chrome browser which could potentially lead to code execution on the user's machine if a malicious page is visited.

Read more

vBulletin Zero Day Vulnerability Released by Anonymous Source

AppCheck's Head of Development states: "We have confirmed the exploit does work and is an unauthenticated RCE that attackers can exploit. Depending on the user level they access this could range from simply accessing data, editing it or even full system takeover. Earlier today we have included a plug-in for our customers to identify and safely exploit this vulnerability."

Read more

New feature announcement: Subdomain takeover audit

AppCheck has released a new detection module available to all customers to scan for subdomain takeover vulnerabilities. 

Read more

SAP Hybris Commerce CVE-2018-2505 Vulnerability Discovered

The AppCheck research team identified a security flaw (CVE-2018-2505) within SAP Hybris affecting many large online retailers. The security flaw was due to an insecure JavaScript library that allows malicious JavaScript to be injected into a user’s session with the affected Hybris application.

Read more

Advisory: Remote Code Execution Traccar Server <=4.0 (AC-2018-10-8-1)

Our security team discovered a Remote Code Execution (RCE) vulnerability in the GPS vehicle tracking system Traccar (version <= 4.0). This allows an attacker to compromise the server’s host via a self-registered user account.

Read more

AppCheck Discovers Vulnerability in Auth0 Library (CVE-2017-17068)

AppCheck discovered a security flaw within the auth0.js JavaScript library that could be exploited by a malicious website to read sensitive access tokens cross-domain.

Read more