AppCheck Security Blog

Hacks, Trends and That GDPR Thing with AppCheck

With the door closed on another year within the ever-expanding cyber security industry, we can look back on some significant moments in 2017 and look forward to a very exciting year for AppCheck in 2018.

read more

Hacks, Trends and That GDPR Thing with AppCheck

With the door closed on another year within the ever-expanding cyber security industry, we can look back on some significant moments in 2017 and look forward to a very exciting year for AppCheck in 2018.

Read more

AppCheck Discovers Vulnerability in Auth0 Library (CVE-2017-17068)

AppCheck discovered a security flaw within the auth0.js JavaScript library that could be exploited by a malicious website to read sensitive access tokens cross-domain.

Read more

New WordPress SQLi Vulnerability Uncovered

A new WordPress SQLi vulnerability has been discovered by security researchers in a WordPress core, it’s strongly recommended to update to version 4.8.3, the latest at the time of writing, if you haven’t done so already.

Read more

Apache Struts (CVE-2017-9805)

Security researchers announced on 05 September 2017, a critical remote code execution vulnerability in Apache Struts.

Read more

Petya Ransomware: The Basics

A little over two months on since WannaCry set the internet on fire, a new release of ransomware is spreading around the world, as experts unfortunately warned might happen.

Read more

Critical Joomla 3.7 SQL Injection Vulnerability Patched

On the 17th of May 2017, the Joomla team issued a patch for a high severity security flaw that could allow a remote unauthenticated attacker to execute arbitrary SQL queries on the target system. A malicious attacker could exploit this flaw to read, create, modify and delete data stored within the database. It is also possible to gain administrator control of the Joomla CMS and execute PHP code on the affected server by exploiting this flaw.

Read more

WanaCrypt0r – Ransom Attack

With the global spread of this particular malware on Friday and the media coverage it has received, it is understandable that many customers are wanting to know more about this threat and what they can do to protect against it.

Read more

New Apache Struts Zero Day Vulnerability Discovered

On the 6th March 2017 information security researchers have discovered a Zero-Day vulnerability in Apache Struts web application framework, which is being actively exploited in the wild and is under active attack. Apache Struts is a free, open-source, Model-View-Controller (MVC) framework for creating elegant, modern Java web applications, which supports REST, AJAX, and JSON.

Read more

SlowLoris – Remarkably Little To Do With Lemurs

We don’t get many Lorises (or Lemurs for that matter) in the AppCheck offices – probably something to with the climate - so we don’t know much about them, other than that with a top speed of 1.2 miles per hour going flat out, you’d probably not be backing one in a race against anything much other than their even-tardier distant cousins the two-toed sloth.

But since we’re in the vulnerability-scanning game here at AppCheck, we’re going to take a look at the web application vulnerability that is the namesake of this insectivorous tropical quadruped

Read more

Detecting and Exploiting the PHPMailer RCE

On the 25th of December 2016, a security researcher disclosed a critical security flaw within a popular PHP library used to send emails. The PHPMailer library is used by more than 9 million websites worldwide and is bundled with popular open source PHP content management systems such as WordPress. At worst the flaw could be exploited to execute arbitrary PHP code on the affected system. This would allow the remote attacker to take complete control of the application and launch further attacks against the system and internal network. PHPMailer versions below 5.2.20 are affected along with a number of other libraries that include the vulnerable code; such as SwiftMail and the Zend Framework.

Read more