Aner Morag

Noname API Security Blog

We are all excited about our new strategic partnership with Wiz. Our latest integration gives corporate information security teams unprecedented visibility and control of the APIs scattered across their entire cloud estate. Wiz is the fastest-growing software company in the world for good reason. Their cloud-native, agentless platform connects in ... Read More

Introduction Between March 29th and March 31st, 2022, two new zero-day vulnerabilities were discovered in the Spring Framework, a popular framework used by Java developers. Both vulnerabilities allow for remote code execution (RCE), although the more recent one, called “Spring4Shell,” is by far the more severe of the two and ... Read More

On Friday, February 11th 2022, a security researcher (Tree_of_Alpha on Twitter) discovered a flaw in Coinbase’s new Advanced Trading feature that allowed users to sell cryptocurrencies without owning them. According to the Coinbase blog, the flaw was resolved in a matter of hours without any malicious exploitation. And Coinbase paid ... Read More

On January 13th, researchers from Orca Security published a vulnerability found in the AWS CloudFormation API, a service that helps users model and set up their AWS resources. The vulnerability allowed the researchers to get file and credential disclosure primitives on an internal AWS service and leverage these to leak ... Read More

As mentioned in an earlier blog post, the Log4j vulnerability poses new risks to APIs. APIs are both a new attack vector for this exploit and attackers can extend their reach via APIs ... Read More

Security teams around the globe are scrambling to address the Apache Log4J2 vulnerability (CVE-2021-44228), dubbed “Log4Shell”, which can be easily exploited to take control of vulnerable systems remotely. At the same time, hackers are actively scanning the internet for affected systems. The United States Cybersecurity and Infrastructure Security Agency issued ... Read More