Category

Network Security

Category

On May 10, 2022, and May 11, 2022, CVE-2022-1352 CVE-2021-1431, and CVE-2022-1545 were fixed and published on Gitlab-ORG public repository. There are no technical details or exploits yet, but according to the high-level description and titles, they gonna be critical Gitlab API vulnerabilities that affect data privacy and service availability.  Two of these security issues were reported by the HackerOne bug bounty program, but reports are not disclosed to the public yet. We recommend checking…

On May 5, 2022, MITRE published CVE-2022-1388, an authentication bypass vulnerability in the BIG-IP modules affecting the iControl REST component. The vulnerability was assigned a CVSSv3 score of 9.8 The vulnerability was discovered internally by the F5 security team and there is no evidence of whether it’s exploited publicly. There is no publicly available proof of concept at the time of writing this blog post. Newly discovered BIG-IP vulnerability affects the following product and versions:…

Introduction Are you an organization that manages or hosts a huge pool of resources on remote locations/servers? Well, host-based authority-validation technique is the most-suited way to manage the access and control rights related to your hardware and applications. Once implemented, this identity verification method applies to all the users.  Do not know much about this method? No worries. Detailed insights about the host-based process are provided the next. A Quick Glimpse of Host-Based Authentication…

Introduction Testing the restriction of your Web laborer incorporates pushing legitimately greater measures of traffic to it. You can either get delivered traffic or catch as of late experienced traffic and replay it at a higher concurrence than truly happened. There are organizations that can give load testing traffic to you. You should play out an extent of circumstances. Weight testing isn’t just about checking whether your Web specialist can deal with affiliation requests at…

Wallarm has rolled out the update to detect and mitigate CVE-2021-44228. No additional actions are required from the customers Attempts at exploitation will be automatically blocked in a blocking mode When working in a monitoring mode, consider creating a virtual patch Log4Shell A 0-day exploit in the Java core library log4j was discovered that results in Remote Code Execution (RCE) by simple 1-line exploit with JNDI URL. Given how ubiquitous this library is, the impact…

Security probably would not be too interesting to you at all if you were a liquor store, restaurant, or work in similar sectors of the economy. However, security should definitely be a front-row concept if you are a start-up in the technology space or a business that depends on technology for success. Generally, suppose you are running a B2B (Business to Business) organization or a B2C (Business to Consumer) where you have to interact with…