BreakingFormation: API Vulnerability in the AWS CloudFormation API

BreakingFormation: API Vulnerability in the AWS CloudFormation API

|
On January 13th, researchers from Orca Security published a vulnerability found in the AWS CloudFormation API, a service that helps users model and set up their AWS resources. The vulnerability allowed the researchers to get file and credential disclosure primitives on an internal AWS service and leverage these to leak ... Read More
Active Testing: Runtime Detection for Log4j Vulnerability in APIs

Active Testing: Runtime Detection for Log4j Vulnerability in APIs

|
As mentioned in an earlier blog post, the Log4j vulnerability poses new risks to APIs. APIs are both a new attack vector for this exploit and attackers can extend their reach via APIs ... Read More
Log4j Vulnerability: APIs Causing Massive Risk Exposure

Log4j Vulnerability: APIs Causing Massive Risk Exposure

|
Security teams around the globe are scrambling to address the Apache Log4J2 vulnerability (CVE-2021-44228), dubbed “Log4Shell”, which can be easily exploited to take control of vulnerable systems remotely. At the same time, hackers are actively scanning the internet for affected systems. The United States Cybersecurity and Infrastructure Security Agency issued ... Read More