Different attack types Archives

In API Security

GCP ESPv2 Hit with Critical API Authorization Bypass CVE-2023-30845

June 19, 2023 6 Mins Read

This post delves into a very impactful JWT Authentication Bypass vulnerability (CVE-2023-30845) found in ESP-v2, an open-source service proxy that provides API management capabilities using Google Service Infrastructure. This vulnerability allows malicious API clients to bypass JWT authentication through crafty manipulation of the X-HTTP-Method-Override header under specific circumstances. The importance of this issue is highlighted by the significant market share commanded by the Google Cloud Platform (GCP), reported at 11% of the global cloud market…

In API Security

Slack GitHub Account Hacked via Stolen Employee API Token

January 5, 2023 3 Mins Read

On December 29, 2022, Slack was alerted to suspicious activity on their GitHub account. Upon investigation, the company discovered that a limited number of employee tokens had been stolen and misused to gain access to an externally hosted repository. The threat actor had also downloaded private code repositories on December 27, but neither Slack’s primary codebase nor any customer data were included in the downloaded repositories. Upon being notified of the incident, Slack immediately invalidated…

In API Security

New text2shell RCE vulnerability in Apache Common Texts CVE-2022-42889

October 17, 2022 2 Mins Read

Yet another RCE with a CVSS score of 9.8 out of 10 was disclosed a few hours ago. This issue looks like the same Log4shell and it seems even more dangerous since Common Texts are used more broadly. The Apache Foundation published a vulnerability in the Apache Commons Text project code and published a message to this effect in the project’s mailing list on October 13th, an official date of birth of Text4Shell vulnerability. This…

In API Security

How Uber was hacked in 2022

September 16, 2022 4 Mins Read

What happened? The first information about the incident was issued yesterday, September 15th, 2022. We know that a hacker called “Tea Pot” successfully accessed Uber infrastructure and critical cloud services such as AWS, Slack, Google Workspace, and others. Most likely, Uber understood what had happened after this message was posted to their corporate Slack from the hacker itself: Source: https://www.theverge.com/2022/9/16/23356213/uber-hack-teen-slack-google-cloud-credentials-powershell The community became aware of this incident from a public message posted by a hacker on…

In API Security

Two critical security flaws found in Nginx-Ingress controller

May 12, 2022 3 Mins Read

Ingress controllers allow users to configure an HTTP load balancer for applications running on Kubernetes. It’s needed to serve those applications to clients outside of the Kubernetes Cluster. It’s also configured with Kubernetes API to deploy objects called Ingress Resources The NGINX Ingress Controller is a production-grade Ingress controller (daemon) that runs alongside NGINX Open Source or NGINX Plus instances in a Kubernetes environment. The daemon monitors NGINX Ingress resources and Kubernetes Ingress resources to…

In API Security

CVE-2022-1388: Critical security vulnerabilities in F5 Big-IP allows attackers to execute arbitrary code

May 6, 2022 2 Mins Read

On May 5, 2022, MITRE published CVE-2022-1388, an authentication bypass vulnerability in the BIG-IP modules affecting the iControl REST component. The vulnerability was assigned a CVSSv3 score of 9.8 The vulnerability was discovered internally by the F5 security team and there is no evidence of whether it’s exploited publicly. There is no publicly available proof of concept at the time of writing this blog post. Newly discovered BIG-IP vulnerability affects the following product and versions:…