AppCheck news & events
Featured post
8 Tips to Improve IT Security for SMEs
News / Posted August 08, 2019
When we think of cyber-attacks our minds often flash to larger corporations and massive data leaks for millions of customers, but these are just the ones we see reported in the news. In fact the Verizon 2019 Data Breach Report found that 43% of breaches involved small business victims.
Cyber-attacks are on the rise and for most SMEs trying to get your head around them and protect your business can be a daunting and difficult task. We have complied a list of 8 steps to help prevent breaches including practical advice on what to do should a breach occur.
read moreCritical: Remote Command Execution in WordPress Form Manager Plugin (CVE-2015-7806)
Research Security Alerts / Posted October 23, 2015
On the 9th October researchers at AppCheck NG discovered a critical Remote Command Execution (RCE) in the popular WordPress plugin Form Manager which allows an attacker with an unprivileged account (including a self-registered account) to execute arbitrary commands on the host. The vulnerability was reported and fixed on the 12th October.
Read moreDetecting Delayed Execution Vulnerabilities
News Product Research / Posted October 08, 2015
AppCheck Sentinel is an external monitoring system designed to detect Out-of-Band events such as DNS Lookups and HTTP requests. Its’ function in Web Application scanning is to aid the detection of vulnerabilities that cannot be identified through the use of conventional scanning techniques.
Read moreAdobe Fixes HTML5 PostMessage Security Flaw
News Research / Posted July 31, 2015
AppCheck has identified a significant security flaw affecting a common JavaScript component provided as part of the Adobe Marketing Cloud. The flaw affected many high profile applications including several banking sites and well known .com organisations, and has now been fixed by the vendor.
Read moreCritical Security Flaw Patched in Magento Blog Extension (CVE-2015-3428)
Research Security Alerts / Posted May 27, 2015
The aheadWorks Blog extension for Magento prior to version 1.3.10 is vulnerable to a critical SQL Injection security flaw. A remote unauthenticated attacker could exploit this vulnerability to take complete control of the affected Magento server and database.
With almost 80,000 downloads at the time of writing, the affected component is the most popular blog component available via Magento Connect.
Read moreHTML 5 Security
News Product Research / Posted May 14, 2015
In this video series we discuss the common security flaws encountered in HTML5 enabled websites. Our focus is around Cross-Origin communication through postMessage and CORS.
Read moreCritical Vulnerability in Magento Platform
Security Alerts / Posted April 21, 2015
Researchers have identified a serious vulnerability in Magento, the popular e-commerce platform owned by eBay. This critical flaw in the Magento eCommerce platform exposes online shops to serious risk by allowing malicious hackers to access credit card data or execute arbitrary PHP code on the web server. This vulnerability should be considered a high risk factor for businesses making use of the Magento platform, and should be addressed as a matter of priority.
Read moreCritical Microsoft Web Services (IIS) Flaw Patched (MS15-034)
Security Alerts / Posted April 15, 2015
Microsoft has released a patch for a critical remote code execution vulnerability in the Windows HTTP Stack for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2.
Read moreAppCheck NG Acknowledged by Microsoft, EBay, AT&T and Adobe
News Product Research / Posted March 04, 2015
The Appcheck Web Application scanner is developed in conjunction with a team of around 20 experienced penetration testers and as such deploys the very latest techniques in vulnerability detection from the front lines. Included in those techniques is our ability to detect DOM Based Cross Site Scripting vulnerabilities using a combination of static and run-time analysis of JavaScript and Flash content. Unlike most SaaS vulnerability scanners, AppCheck NG deploys both lexical and browser based analysis of each assessed application component to ensure modern JavaScript heavy and Flash based applications are fully explored for vulnerabilities. This technology allows AppCheck to detect security flaws in components other scanners will fail to detect.
Read moreSecurity Flaw Fixed in Popular Joomla Extension VirtueMart (CVE-2015-2193)
Research Security Alerts / Posted March 03, 2015
On the 10th of February 2015 Appcheck reported several security flaws in the popular VirtueMart eCommerce extension for Joomla (Version 3.0.2). A fix has since been made available via http://virtuemart.net/ although no official announcement was released by the vendor.
Read moreAppCheck Updated to Detect CVE-2015-0235 (a.k.a. GHOST)
Product Security Alerts / Posted January 09, 2015
The “GHOST” vulnerability is a security flaw within a key component of the Linux Operating System. The affected component “gethostbyname” is found in the Linux GNU C Library that is used by all Linux programs. If an attacker can pass a specially crafted hostname to the affected function it may be possible to execute malicious code on the system.
Read more