Ivanwallarm
Wallarm

Azure CLI Code Injection CVE-2022-39327 hits 9.8/10 CVSS score

| | API security
The most recent Azure CLI Code Injection vulnerability is a rare and dangerous case. It’s not often that the most popular cloud platform client is vulnerable to such critical issues as code injection. Regardless overall high risk of injections by OWASP Top 10 and OWASP API Security Top 10, code ... Read More
Wallarm

Three new API exploits causes GitLab data privacy and availability issues

| | API security, Cloud Security, cve-2022-1352, DEVOPS, GitLab, idor, Network Security, Web Application Security
On May 10, 2022, and May 11, 2022, CVE-2022-1352 CVE-2021-1431, and CVE-2022-1545 were fixed and published on Gitlab-ORG public repository. There are no technical details or exploits yet, but according to the high-level description and titles, they gonna be critical Gitlab API vulnerabilities that affect data privacy and service availability.  ... Read More
Wallarm

Two critical security flaws found in Nginx-Ingress controller

| | API security, Cloud Security, DEVOPS, Different attack types, Researcher Corner
Ingress controllers allow users to configure an HTTP load balancer for applications running on Kubernetes. It’s needed to serve those applications to clients outside of the Kubernetes Cluster. It’s also configured with Kubernetes API to deploy objects called Ingress Resources The NGINX Ingress Controller is a production-grade Ingress controller (daemon) ... Read More
Wallarm
CVE-2022-1388: Critical security vulnerabilities in F5 Big-IP allows attackers to execute arbitrary code

CVE-2022-1388: Critical security vulnerabilities in F5 Big-IP allows attackers to execute arbitrary code

| | API exploit, API security, BIG-IP, cve-2022-1388, Different attack types, f5, Network Security, rce, Researcher Corner, Web Application Security
On May 5, 2022, MITRE published CVE-2022-1388, an authentication bypass vulnerability in the BIG-IP modules affecting the iControl REST component. The vulnerability was assigned a CVSSv3 score of 9.8 The vulnerability was discovered internally by the F5 security team and there is no evidence of whether it’s exploited publicly. There ... Read More
Wallarm

OSS API Firewall Unveils new Feature: Blacklist for Compromised API Tokens and Cookies

| | API security
Discovering and securing any API is one of the most difficult challenges for developers. The API security landscape is constantly evolving, with new threats and vulnerabilities emerging at a rapid pace. Since commercial API security solutions could be really expensive for organizations, it’s never worst to have a look at ... Read More
Wallarm
Log4j 0day mitigation update CVE-2021-44228

Log4j 0day mitigation update CVE-2021-44228

| | API security, Cloud Security, Compliance, cyberattacks, DEVOPS, Different attack types, Network Security, owasp, Product updates, Researcher Corner, Wallarm News, Web Application Security
Wallarm has rolled out the update to detect and mitigate CVE-2021-44228. No additional actions are required from the customers Attempts at exploitation will be automatically blocked in a blocking mode When working in a monitoring mode, consider creating a virtual patch Log4Shell A 0-day exploit in the Java core library ... Read More
Wallarm