Checkmarx Security Research Team

CVE-2020-35774: twitter-server XSS Vulnerability Discovered

Posted on January 7, 2021 by Dor Tumarkin

According to its official documentation, “twitter-server” is a Twitter OSS project used to provide a template from which servers at Twitter are built. It provides common application components such as an administrative HTTP server, tracing, stats, and … Continue reading CVE-2020-35774: twitter-server XSS Vulnerability Discovered→

Drupal Core: Behind the Vulnerability

Posted on December 2, 2020 by Dor Tumarkin

As you may recall, back in June, Checkmarx disclosed multiple cross-site scripting (XSS) vulnerabilities impacting Drupal Core, listed as CVE-2020-13663, followed by a more technical breakdown of the findings in late November. Today, we’re releasing de… Continue reading Drupal Core: Behind the Vulnerability→

Drupal Core: Behind the Vulnerability

Posted on November 19, 2020 by Dor Tumarkin

Earlier this year, the Checkmarx Security Research Team conducted an investigation of the new version of Drupal Core (Drupal 9) – a content management system (CMS) written in PHP – uncovering several interesting issues whose technical details are worth… Continue reading Drupal Core: Behind the Vulnerability→

Privilege Escalation on Meetup.com Enabled Redirection of Payments

Posted on August 3, 2020 by Erez Yalon

The Checkmarx Security Research Team recently audited the security of several high-profile websites, including Meetup.com. For those who are not familiar with Meetup.com, it allows users to create an event where people with similar interests gather. Ev… Continue reading Privilege Escalation on Meetup.com Enabled Redirection of Payments→

Checkmarx Research: SoundCloud API Security Advisory

Posted on February 11, 2020 by Paulo Silva

Recently, the Checkmarx Security Research team investigated the online music platform SoundCloud. According to their website, “As the world’s largest music and audio platform, SoundCloud lets people discover and enjoy the greatest selection… Continue reading Checkmarx Research: SoundCloud API Security Advisory→

Checkmarx Research: Solidity and Smart Contracts from a Security Standpoint

Posted on January 15, 2020 by Paulo Silva

This research was provided by Paulo Silva and Guillaume Lopes, who are members of the Checkmarx Security Research Team. Quoting the official documentation, Solidity “is a contract-oriented, high-level language for implementing smart contracts.&#8… Continue reading Checkmarx Research: Solidity and Smart Contracts from a Security Standpoint→

2019 – Checkmarx Research Roundup

Posted on December 26, 2019 by Stephen Gates

Discovering vulnerabilities like the ones mentioned below is why the Checkmarx Security Research team performs investigations. This type of research activity is part of their ongoing efforts to drive the necessary changes in software security practices… Continue reading 2019 – Checkmarx Research Roundup→

How Attackers Could Hijack Your Android Camera to Spy on You

Posted on November 19, 2019 by Erez Yalon

This blog was co-authored by Pedro Umbelino, Senior Security Researcher, Checkmarx. Introduction In today’s digitally-connected society, smartphones have become an extension of us. Advanced camera and video capabilities in particular are playing … Continue reading How Attackers Could Hijack Your Android Camera to Spy on You→

Your Lenovo Watch X Is Watching You & Sharing What It Learns

Posted on February 11, 2019 by David Sopas

A friend of mine offered me a Lenovo Watch X – which costs around €60 – in return for helping him with a security project. I was impressed with the design and the quality of the watch. Of course, I also immediately wanted to test its … Continue reading Your Lenovo Watch X Is Watching You & Sharing What It Learns→