API Threat Research: GraphQL Authorization Flaws in Financial Technology Platform
Incident SynopsisSalt Labs researchers investigated a large business-to-business (B2B) financial technology (FinTech) platform that offers financial services in the form of API-based mobile applications (apps) and software as a service (SaaS) to small and medium-sized businesses (SMB) and commercial brands. As a result of API vulnerabilities that our researchers identified, ... Read More
API Threat Research: Detailed Financial Records Exposed on Financial Services Platform
Incident synopsisSalt Labs researchers investigated a large financial institution’s online platform that provides API services to thousands of partner banks and financial advisors. As a result of multiple API vulnerabilities, our researchers were able to launch attacks where:Any user could read the financial records of any customerAny user could delete any ... Read More
The Log4Shell CVE-2021-44228 Vulnerability: What it is, how it works, and how to protect yourself
News of the recently discovered vulnerability called “Log4Shell,” “LogJam,” or its formal designation “CVE-2021-44228” has deservedly earned widespread attention because of its prevalence and the severity of the risk. Initially reported by Chen Zhaojun of Alibaba Cloud Security Team, it was quickly known to affect some of the biggest services ... Read More
API Attacks up 348% in Six Months, per Latest “State of API Security” Report
The data makes it clear: more companies are suffering more API attacks than ever, and companies remain as ill-prepared as ever.The Salt Labs team today released the latest edition of the pioneering “State of API Security” report. The data, drawn from a combination of survey responses and empirical data from ... Read More
