Articles

API Security Weekly: Issue #105

,

This week, we take a look at API vulnerabilities in HashiCorp Vault, Azure App Services, and more. There is also an introductory video on finding information disclosure in JSON and XML API responses, and another cheat sheet and a webinar on OWASP API Security Top 10.

Vulnerability: HashiCorp Vault

Felix Wilhelm from Google’s Project Zero has written a very detailed write-up on an authentication bypass he found in the Amazon Web Services (AWS) and Google Cloud Platform (GCP) integration of HashiCorp Vault. As a central storage of credentials, Vault makes an attractive target for attackers, and therefore a vulnerability in it is also very bad news. Looking for the silver linings, this attack was definitely quite advanced, and thus not easily exploitable.

Source de l’article sur DZONE

/par

Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites

, , ,

Attention WordPress users! Your website could easily get hacked if you are using « Ultimate Addons for Beaver Builder, » or « Ultimate Addons for Elementor » and haven’t recently updated them to the latest available versions. Security researchers have discovered a critical yet easy-to-exploit authentication bypass vulnerability in both widely-used premium WordPress plugins that could allow
Source de l’article sur The Hacker News

/0 Commentaires/par