On May 5, 2022, MITRE published CVE-2022-1388, an authentication bypass vulnerability in the BIG-IP modules affecting the iControl REST component. The vulnerability was assigned a CVSSv3 score of 9.8 The vulnerability was discovered internally by the F5 security team and there is no evidence of whether it’s exploited publicly. There is no publicly available proof of concept at the time of writing this blog post. Newly discovered BIG-IP vulnerability affects the following product and versions:…
Fuzz testing, regularly known as fuzzing, is a product testing procedure that incorporates embedding flawed or arbitrary information (FUZZ) into a product framework to recognize coding issues and security issues. Fuzz testing involves infusing information into a framework utilizing robotized or semi-computerized procedures and investigating the framework for different exemptions, for example, framework crashes or implicit code disappointment. Brief History Fuzz testing was created at the University of Wisconsin Madison in 1989 by Professor Barton…
Wallarm has rolled out the update to detect and mitigate CVE-2021-44228. No additional actions are required from the customers Attempts at exploitation will be automatically blocked in a blocking mode When working in a monitoring mode, consider creating a virtual patch Log4Shell A 0-day exploit in the Java core library log4j was discovered that results in Remote Code Execution (RCE) by simple 1-line exploit with JNDI URL. Given how ubiquitous this library is, the impact…
We all know how it’s convenient to use tools like Sentry or Datadogs for JavaScript events monitoring. It allows to catch errors in real-time, organize and manage issues resolution process, and genuinely shift left operations to developers. But Wallarm security experts warn of dangerous patterns to use such tools integrated into UI since it can cause private data-stealing from authenticated users in an almost invisible way. This article will explain how it could happen and…
Attacks against known vulnerabilities are one of the most common security risks. Have you seen an updated OWASP Top-10? A risk that used to be A09 Using Components with Known Vulnerabilities is now titled A06:2021-Vulnerable and Outdated Components. This category moved up to #06 from #9 in 2017. We highlighted this in our OWASP Top 10 2021 proposal that we published earlier this year. We all know: patch management is hard. For many reasons: backward…
Wallarm API Firewall is a free light-weighted API Firewall that protects your API endpoints in cloud-native environments with API schema validation. Wallarm API Firewall relies on a positive security model allowing calls that match a predefined API specification, while rejecting everything else. Wallarm API Firewall is available as a Docker container (with 15M+ pulls to date). You can run the API Firewall Docker container through docker-compose or in Kubernetes. For instructions on launching a sample…
