Noname Public Service Announcement: Moveit attack involving API abuse
A recent onslaught of attacks targeting the MoveIT application have affected several US Government agencies including Department of Energy (DOE); the Oak Ridge National Laboratory (ORNL) and several State governments such as Minnesota, Missouri, and Illinois. Media coverage of the vulnerabilities (CVE-2023-34362, CVE-2023-35036, and most recently CVE-2023-35708) involving a SQL ... Read More
How API Security Can Help You Prepare For FedRAMP
Cloud companies that wish to do business with the United States federal government can only do so if they receive authorization under the Federal Risk and Authorization Management Program (FedRAMP). For a cloud service or product to get authorized through FedRAMP, its maker must demonstrate that it meets certain security ... Read More
Left of Boom: Proactive Spring4Shell Detection with the Noname API Security Platform
Introduction Between March 29th and March 31st, 2022, a zero day vulnerability was discovered in the Spring Framework, a popular framework used by Java developers. The vulnerability allowed for remote code execution (RCE) and was dubbed “Spring4Shell” (CVE-2022-22965) ... Read More
