Category

Network Security

Category
WallarmNetwork Security
how uber was hacked in 2022
In API Security

How Uber was hacked in 2022

4 Mins Read

What happened? The first information about the incident was issued yesterday, September 15th, 2022. We know that a hacker called “Tea Pot” successfully accessed Uber infrastructure and critical cloud services such as AWS, Slack, Google Workspace, and others.  Most likely, Uber understood what had happened after this message was posted to their corporate Slack from the hacker itself: Source: https://www.theverge.com/2022/9/16/23356213/uber-hack-teen-slack-google-cloud-credentials-powershell The community became aware of this incident from a public message posted by a hacker on…

Read More
gitlab vulnerabilities
In API Security

Three new API exploits causes GitLab data privacy and availability issues

4 Mins Read

On May 10, 2022, and May 11, 2022, CVE-2022-1352 CVE-2021-1431, and CVE-2022-1545 were fixed and published on Gitlab-ORG public repository. There are no technical details or exploits yet, but according to the high-level description and titles, they gonna be critical Gitlab API vulnerabilities that affect data privacy and service availability.  Two of these security issues were reported by the HackerOne bug bounty program, but reports are not disclosed to the public yet. We recommend checking…

Read More
F5 Big-IP vulnerabilities
In API Security

CVE-2022-1388: Critical security vulnerabilities in F5 Big-IP allows attackers to execute arbitrary code

2 Mins Read

On May 5, 2022, MITRE published CVE-2022-1388, an authentication bypass vulnerability in the BIG-IP modules affecting the iControl REST component. The vulnerability was assigned a CVSSv3 score of 9.8 The vulnerability was discovered internally by the F5 security team and there is no evidence of whether it’s exploited publicly. There is no publicly available proof of concept at the time of writing this blog post. Newly discovered BIG-IP vulnerability affects the following product and versions:…

Read More
Host based authentication
In Network Security

SSH Host Based Authentication

6 Mins Read

IntroductionAre you an organization that manages or hosts a huge pool of resources on remote locations/servers? Well, host-based authority-validation technique is the most-suited way to manage the access and control rights related to your hardware and applications. Once implemented, this identity verification method applies to all the users. Do not know much about this method? No worries. Detailed insights about the host-based process are provided the next. A Quick Glimpse of Host-Based Authentication By definition, it…

Read More
ip stresser tool
In Network Security

Best IP Stresser Tool

13 Mins Read

Introduction Testing the restriction of your Web laborer incorporates pushing legitimately greater measures of traffic to it. You can either get delivered traffic or catch as of late experienced traffic and replay it at a higher concurrence than truly happened. There are organizations that can give load testing traffic to you. You should play out the extent of circumstances. Weight testing isn’t just about checking whether your Web specialist can deal with affiliation requests at…

Read More
Log4j 0day mitigation update CVE-2021-44228
In API Security

Log4j 0day mitigation update CVE-2021-44228

2 Mins Read

Wallarm has rolled out the update to detect and mitigate CVE-2021-44228. No additional actions are required from the customers Attempts at exploitation will be automatically blocked in a blocking mode When working in a monitoring mode, consider creating a virtual patch Log4Shell A 0-day exploit in the Java core library log4j was discovered that results in Remote Code Execution (RCE) by simple 1-line exploit with JNDI URL. Given how ubiquitous this library is, the impact…

Read More