Different attack types
GCP ESPv2 Hit with Critical API Authorization Bypass CVE-2023-30845
This post delves into a very impactful JWT Authentication Bypass vulnerability (CVE-2023-30845) found in ESP-v2, an open-source service proxy that provides API management capabilities using Google Service Infrastructure. This vulnerability allows malicious ...
Slack GitHub Account Hacked via Stolen Employee API Token
On December 29, 2022, Slack was alerted to suspicious activity on their GitHub account. Upon investigation, the company discovered that a limited number of employee tokens had been stolen and misused to ...
Best of 2022: New text2shell RCE vulnerability in Apache Common Texts CVE-2022-42889
Yet another RCE with a CVSS score of 9.8 out of 10 was disclosed a few hours ago. This issue looks like the same Log4shell and it seems even more dangerous since ...
How Uber was hacked in 2022
What happened? The first information about the incident was issued yesterday, September 15th, 2022. We know that a hacker called “Tea Pot” successfully accessed Uber infrastructure and critical cloud services such as ...
Two critical security flaws found in Nginx-Ingress controller
Ingress controllers allow users to configure an HTTP load balancer for applications running on Kubernetes. It’s needed to serve those applications to clients outside of the Kubernetes Cluster. It’s also configured with ...
CVE-2022-1388: Critical security vulnerabilities in F5 Big-IP allows attackers to execute arbitrary code
On May 5, 2022, MITRE published CVE-2022-1388, an authentication bypass vulnerability in the BIG-IP modules affecting the iControl REST component. The vulnerability was assigned a CVSSv3 score of 9.8 The vulnerability was ...
What Is Local File Inclusion Vulnerability?
Introduction This article clarifies what nearby record consideration (LFI) weaknesses are, including the way assailants can take advantage of them on weak web applications and what safe coding practices can assist you ...
Log4j 0day mitigation update CVE-2021-44228
Wallarm has rolled out the update to detect and mitigate CVE-2021-44228. No additional actions are required from the customers Attempts at exploitation will be automatically blocked in a blocking mode When working ...
What is a Logic Bomb?
Cyber-attacks have become a norm these days as many as 4,000 attacks are happening every day, alone in the US. Bad actors have ample ways to target it’s the victim and the ...
Invisible rat: how Sentry, Datadog, and others used by XSS and JavaScript malware
We all know how it’s convenient to use tools like Sentry or Datadogs for JavaScript events monitoring. It allows to catch errors in real-time, organize and manage issues resolution process, and genuinely ...
