Category

Researcher Corner

Category
WallarmResearcher Corner
In API Security

Octopus Strike! Three Argo CD API Exploits In Two Weeks

2 Mins Read

Argo CD is a popular Continuous Deployment tool that enables DevOps teams to manage their applications across multiple environments. However, in the past two weeks, three critical vulnerabilities have been detected in the tool, exposing sensitive information and compromising the security of the system. In this article, we will discuss the three vulnerabilities and their impact on the system, as well as the patches and workarounds available. Let’s dive into it! The first vulnerability (CVE-2023-22736)…

Read More
In API Security

Slack GitHub Account Hacked via Stolen Employee API Token

2 Mins Read

On December 29, 2022, Slack was alerted to suspicious activity on their GitHub account. Upon investigation, the company discovered that a limited number of employee tokens had been stolen and misused to gain access to an externally hosted repository. The threat actor had also downloaded private code repositories on December 27, but neither Slack’s primary codebase nor any customer data were included in the downloaded repositories. Upon being notified of the incident, Slack immediately invalidated…

Read More
In API Security

What ChatGPT know about API Security?

3 Mins Read

There is no doubt that you heard about and seen the latest OpenAI’s brilliant called ChatGPT. It can write poems, speak many languages, answer questions, play chess, make code and impress everyone. In this post, we show a few more of how this AI model is good in cybersecurity, in particular in API Security implementations. ChatGPT is a natural language processing (NLP) model that uses large amounts of data to generate human-like responses to chat…

Read More
In API Security

Q3-2022 API ThreatStats™ Report

2 Mins Read

The latest quarterly review and analysis of API vulnerabilities and exploits is in. Our initial take had us thinking it was smooth sailing for the state of API vulnerabilities in Q3—or was it just a lull in the storm? As it turns out, it’s neither. Read on to learn more about Wallarm’s analysis of API vulnerabilities in Q3-2022—and be sure to attend our upcoming webinar on Thursday, November 10 at 11 AM PT where we’ll…

Read More
In API Security

New text2shell RCE vulnerability in Apache Common Texts CVE-2022-42889

1 Min Read

Yet another RCE with a CVSS score of 9.8 out of 10 was disclosed a few hours ago. This issue looks like the same Log4shell and it seems even more dangerous since Common Texts are used more broadly. The Apache Foundation published a vulnerability in the Apache Commons Text project code and published a message to this effect in the project’s mailing list on October 13th, an official date of birth of Text4Shell vulnerability. This…

Read More
how uber was hacked in 2022
In API Security

How Uber was hacked in 2022

2 Mins Read

What happened? The first information about the incident was issued yesterday, September 15th, 2022. We know that a hacker called “Tea Pot” successfully accessed Uber infrastructure and critical cloud services such as AWS, Slack, Google Workspace, and others.  Most likely, Uber understood what had happened after this message was posted to their corporate Slack from the hacker itself: Source: https://www.theverge.com/2022/9/16/23356213/uber-hack-teen-slack-google-cloud-credentials-powershell The community became aware of this incident from a public message posted by a hacker on…

Read More