AppCheck Security Blog

SAP Hybris Commerce CVE-2018-2505 Vulnerability Discovered

News Research Security Alerts / Posted March 18, 2019

The AppCheck research team identified a security flaw (CVE-2018-2505) within SAP Hybris affecting many large online retailers. The security flaw was due to an insecure JavaScript library that allows malicious JavaScript to be injected into a user’s session with the affected Hybris application.

Scan & Secure WordPress with AppCheck

Product / Posted December 21, 2018

WordPress is the worlds leading Content Management System (CMS) accounting for approximately 27% of all websites on the Internet. As such, WordPress is a common target for malicious attackers and malware authors aiming to propagate malicious software by compromising websites.

Almost all studies into the most commonly compromised CMS based websites list WordPress as the biggest offender, with one study citing 78% of CMS hacks attributed to WordPress.

The Importance of Regular Vulnerability Scanning

News / Posted December 21, 2018

As we probably all know, information security is a broad subject and for many of us understanding the different layers that can help within this spectrum can be at times difficult. In this blog we will look at the risk and what you as a business could do about it!

Advisory: Remote Code Execution Traccar Server <=4.0 (AC-2018-10-8-1)

Research Security Alerts / Posted December 04, 2018

Our security team discovered a Remote Code Execution (RCE) vulnerability in the GPS vehicle tracking system Traccar (version <= 4.0). This allows an attacker to compromise the server’s host via a self-registered user account.

BlackHat & Defcon 2018 updates

Events News / Posted August 11, 2018

Each year at the beginning of August the world’s best security researchers and hackers get together for two annual security conferences; BlackHat and Defcon. Each conference takes place over three days where the latest and greatest new hacking techniques are presented.

AppCheck & The GDPR

News Product / Posted March 15, 2018

There is no doubt that the GDPR is serious business. AppCheck has noticed a significant shift in focus by company executives, taking a much more active interest in security matters since the GDPR, and specifically the fines were introduced. Naturally, with that comes a never-ending list of vendors claiming to solve the GDPR problem. In truth, no one product or service can achieve compliance, rather the GDPR requires a strategy that includes a thorough understanding of your responsibilities, exposure and requirements to demonstrate compliance with the six principals of the GDPR.

Detect Rogue JavaScript Crypto-Miners with AppCheck

News Product / Posted February 14, 2018

Browser based Crypto-Mining malware has made a dramatic resurgence in 2018 hitting the headlines on several occasions over the past month. Most recently, two major campaigns affecting thousands were reported by The Register with those affected ranging from YouTube to the UK’s Information Commissioner’s Office.

Hacks, Trends and That GDPR Thing with AppCheck

Events Product / Posted January 08, 2018

With the door closed on another year within the ever-expanding cyber security industry, we can look back on some significant moments in 2017 and look forward to a very exciting year for AppCheck in 2018.

AppCheck Discovers Vulnerability in Auth0 Library (CVE-2017-17068)

Research Security Alerts / Posted December 13, 2017

AppCheck discovered a security flaw within the auth0.js JavaScript library that could be exploited by a malicious website to read sensitive access tokens cross-domain.

New WordPress SQLi Vulnerability Uncovered

Security Alerts / Posted November 01, 2017

A new WordPress SQLi vulnerability has been discovered by security researchers in a WordPress core, it’s strongly recommended to update to version 4.8.3, the latest at the time of writing, if you haven’t done so already.

Start your free trial