Data Breach Archives

In API Security

Slack GitHub Account Hacked via Stolen Employee API Token

January 5, 2023 3 Mins Read

On December 29, 2022, Slack was alerted to suspicious activity on their GitHub account. Upon investigation, the company discovered that a limited number of employee tokens had been stolen and misused to gain access to an externally hosted repository. The threat actor had also downloaded private code repositories on December 27, but neither Slack’s primary codebase nor any customer data were included in the downloaded repositories. Upon being notified of the incident, Slack immediately invalidated…

In DevOps

Apache Solr 1,2,3,4 Kill-Chain.

May 11, 2020 6 Mins Read

One of the services Wallarm offers today are Pentest Audits. Our team has met a new challenging task at a recent project: penetration test & usage for Apache Solr V4.10.4. We want to use this blog to describe the way we have identified vulnerability & managed to execute commands with root privileges. Hope that it will help DevOps teams & sysadmins with Apache Solr deployment & to protect their data. While working on a new…

In API Security

OWASP API Top 10 Projects: Highlights and Overview

February 28, 2020 13 Mins Read

In addition to the same risks that web applications are exposed to, APIs are faced with a number of unique security risks and vulnerabilities. This blogs provides an overview of the new OWASP API Top 10 risk project.

In Researcher Corner

The hidden costs of security breaches

October 28, 2019 8 Mins Read

The real cost of a security breach to your business is larger than many imagine. On the surface there is incredible expensive to recovering from breaches. What is often also at risk is the inestimable damage to company morale, brand reputation, and operations.

In API Security

Perimeter Breaches: The attack front you’re losing

October 23, 2019 18 Mins Read

Everything is data. Defining your perimeter is nearly impossible, which makes securing it even more tricky. Old strategies are obsolete. How do we navigate and protect our boundaries in an increasingly digital world?

In API Security

WAF-Based Attacks & The Future of Security

October 18, 2019 16 Mins Read

Understand WAFs and cybersecurity. Recent WAF-based breaches with CapitalOne, Imperva, and Cloudflare offer essential lessons we can learn from where WAF technology is failing us and what can we do to improve our security.