Wallarm
Category

API Security

Category
WallarmAPI Security
vulnerabilities in nginx ingress
In API Security

Two critical security flaws found in Nginx-Ingress controller

3 Mins Read

Ingress controllers allow users to configure an HTTP load balancer for applications running on Kubernetes. It’s needed to serve those applications to clients outside of the Kubernetes Cluster. It’s also configured with Kubernetes API to deploy objects called Ingress Resources The NGINX Ingress Controller is a production-grade Ingress controller (daemon) that runs alongside NGINX Open Source or NGINX Plus instances in a Kubernetes environment. The daemon monitors NGINX Ingress resources and Kubernetes Ingress resources to…

Read More
vulnerabilities in F5 Big-IP
In API Security

CVE-2022-1388: Critical security vulnerabilities in F5 Big-IP allows attackers to execute arbitrary code

2 Mins Read

On May 5, 2022, MITRE published CVE-2022-1388, an authentication bypass vulnerability in the BIG-IP modules affecting the iControl REST component. The vulnerability was assigned a CVSSv3 score of 9.8 The vulnerability was discovered internally by the F5 security team and there is no evidence of whether it’s exploited publicly. There is no publicly available proof of concept at the time of writing this blog post. Newly discovered BIG-IP vulnerability affects the following product and versions:…

Read More
token blacklist preview
In API Security

OSS API Firewall Unveils new Feature: Blacklist for Compromised API Tokens and Cookies

4 Mins Read

Discovering and securing any API is one of the most difficult challenges for developers. The API security landscape is constantly evolving, with new threats and vulnerabilities emerging at a rapid pace. Since commercial API security solutions could be really expensive for organizations, it’s never worst to have a look at open-source alternatives. The OSS API Firewall is the pioneer in this space with more than 1 billion docker pulls after the first release in October…

Read More
Update on 0 day vulnerabilities
In API Security

Update on 0-day vulnerabilities in Spring (Spring4Shell and CVE-2022-22963)

2 Mins Read

Quick update There are two vulnerabilities: one 0-day in Spring Core which is named Spring4Shell (very severe, exploited in the wild no CVE yet) and another one in Spring Cloud Function (less severe, CVE-2022-22963) Wallarm has rolled out the update to detect and mitigate both vulnerabilities No additional actions are required from the customers when using Wallarm in blocking mode When working in a monitoring mode, consider creating a virtual patch Spring4Shell Spring Framework is…

Read More
5 things you must know about Log4Shell
In API Security

5 things you must know about Log4Shell

2 Mins Read

This is the largest vulnerability we have seen in years. You may still be vulnerable even if your project is not based on Java. Many tech stacks are vulnerable because so many tools use the Log4js including infrastructure, dev-tools, and CI/CD products. Log4Shell will be here for a while. Log4j is a basic core component that is already in use in many products, including network devices, management consoles, and enterprise software and hardware. They just…

Read More
Log4j 0day mitigation update CVE-2021-44228
In API Security

Log4j 0day mitigation update CVE-2021-44228

2 Mins Read

Wallarm has rolled out the update to detect and mitigate CVE-2021-44228. No additional actions are required from the customers Attempts at exploitation will be automatically blocked in a blocking mode When working in a monitoring mode, consider creating a virtual patch Log4Shell A 0-day exploit in the Java core library log4j was discovered that results in Remote Code Execution (RCE) by simple 1-line exploit with JNDI URL. Given how ubiquitous this library is, the impact…

Read More