The recent critical security issue in VMware vCenter was discovered this January and fixed on February 23rd https://www.vmware.com/security/advisories/VMSA-2021-0002.html. The exploit looks like a simple JSP shell upload, but for some reason, it’s a blind spot for Web Application Firewalls (WAFs). Let’s understand why. The CVE-2021-21972 affects vCenter versions 6.5, 6.7, and 7.0. The exploit for Metasploit released https://vulners.com/packetstorm/PACKETSTORM:161695 today. The exploit description is pretty straight forward “This module exploits an unauthenticated OVA file upload and path traversal in VMware…
Grammarly is the unicorn company that announced its open bug bounty program last September. Since that time, many security researchers…
Most of the Wallarm e-commerce customers are running WAF protection with Brute-Force attacks protection functionality
The risks involved with the operatorAliases option in Sequelize, the popular library for DBMSs
Consul is a software first released in 2014 for DNS-based service discovery. It provides distributed key-value storage, segmentation, and configuration.…
New critical Apache Unomi exploit was released yesterday. As an official press release says: “Apache Unomi is the industry’s first…
In the latest version of Wallarm Node, we integrated a new attack detection engine that will work with a combination…
On July 14th, Emil Lerner found and explored new ways of HTTP desync/smuggling exploitation based on HTTP/2 request processing issues.…
This year is full of extraordinary events and cybersecurity domains are not an exception. Massive WebSocket vulnerabilities are not so…
An easy to use Cloud WAF and API protection package We are thrilled to announce the launch of the new…
In the recent post (https://lab.wallarm.com/340-weak-jwt-secrets-you-should-check-in-your-code/), we presented a wallarm/jwt-secrets GitHub repository with a 340 JSON Web Token secrets available publicly.…