The latest Salt Security State of API Security Report is out now, and we’re thrilled to give a little sneak peek of its contents. As we have done in previous years, the State of API Security Report is assembled from survey responses and empirical data from Salt customers. This report ... Read More

On May 29, 2023, a critical security vulnerability, identified as CVE-2023-34362, was published, leaving users of MOVEit Transfer software at high risk. According to Progress, organizations have reported possible exploitation in the wild. Therefore it’s crucial that any business using MOVEit Transfer to take immediate action, especially since all versions ... Read More

The latest Salt Labs State of API Security report is out, and we’re excited to share with you some of the key findings. The security industry news has frequently covered high-profile application programming interface (API) breaches over the past few years, so it’s no surprise that our research found that ... Read More

The newly discovered vulnerability in the popular Java Spring framework, dubbed Spring4Shell, is all over the cyber news feeds today. Here, the Salt Labs team looks to clear up some confusion, explain what Spring4Shell really is, share who might be impacted, and offer tips for mitigating your risk. (Note, a ... Read More

In today’s post, we provide insights regarding two new vulnerabilities that have been uncovered in the OpenSSL library — CVE-2022-3602 and CVE-2022-3786. These vulnerabilities affect OpenSSL versions 3.0.0 — 3.0.6 but have been patched in the recent version 3.0.7. Both have been rated HIGH severity. However, of the two, CVE-2022-3602 ... Read More

It’s no secret that APIs are at the core of every modern application, and that makes them an enormously enticing attack target. Unfortunately, most organizations are unprepared to protect this ever-expanding attack surface, according to findings from the fourth edition of the Salt Labs pioneering “State of API Security” report ... Read More

Incident SynopsisThe Salt Labs team helps customers and prospects discover vulnerabilities in their APIs. In this case, we investigated the platforms of a large US-based FinTech company. This company offers a “digital transformation” service for banks of all sizes,  allowing them to switch many of their traditional banking services to ... Read More

Salt Security today released the latest findings of its bi-annual report on API security trends. Over the past 12 months, attack traffic grew at nearly twice the rate of non-malicious traffic. Empirical data from the Salt Security SaaS cloud platform shows a 681% increase in attack traffic compared to a ... Read More

This past Saturday, the Twitter account “Tree_Of_Alpha” posted a very interesting tweet regarding a security flaw he “accidentally” found in Coinbase. Tweets like this one have long become very popular, and with so many vulnerability discoveries shared, this post could have easily been missed. However, this case was indeed special.First, ... Read More

Incident synopsisSalt Labs researchers investigated a large business-to-consumer (B2C) online platform that provides API-based mobile applications and software as a service to millions of users globally.  As a result of API vulnerabilities our researchers identified in the Elastic Stack implementation, they were able to launch attacks where :Any user could ... Read More