We are thrilled to announce that Wallarm has clinched the sought-after 2024 Cybersecurity Excellence Award, under the category Best API Security Product. Our unwavering commitment to pioneering solutions that safeguard digital ecosystems, and fortify API security amidst the evolving cyber threat landscape, has garnered industry-wide recognition. This accolade reaffirms Wallarm's position at the forefront of cybersecurity innovation, empowering businesses with confidence and resilience. "At Wallarm, we are not just keeping up with current cyber threats – we're setting the standard for proactiv ..read more

A highly concerning security loophole was recently discovered in a WordPress plugin called "Email Subscribers by Icegram Express," a popular tool utilized by a vast network of over 90,000+ websites. Officially designated as CVE-2024-2876 with a CVSS score of 9.8 (critical), the vulnerability represents a significant threat as it exposes numerous websites to potential attacks. The heart of the problem resides in a SQL injection vulnerability, a flaw that allows malicious actors to inject and execute harmful SQL queries directly into the affected WordPress databases without the need for authenti ..read more

As we have in previous editions of the ThreatStats report, we highlight the industry’s top API-related attacks and trends. New to this version, however, is a detailed analysis of API attacks targeting AI-based applications, representing a new and rapidly expanding threat vector. And while we encourage you to download the full report, here are some key observations about what you’ll find within. API threats to AI applications are clearly on the rise In Q1, we saw three potentially damaging, highly concerning potential exploits targeting APIs leveraged by AI applications. While the number may no ..read more

Wallarm introduced its ongoing Open Source API Firewall project to the world at the recently concluded Blackhat Asia 2024 conference in Singapore. The open-source API Firewall by Wallarm is a free, lightweight API Firewall designed to protect REST and GraphQL API endpoints across cloud-native environments using API schema validation. By relying on a positive security model, our API Firewall only allows calls that match a predefined API specification while rejecting everything else. At the event, our in-house expert Nikolay Tkachenko (Research Engineer @ Wallarm) showcased the latest developmen ..read more

A severe command injection vulnerability in the GlobalProtect Gateway feature of PAN-OS versions 10.2, 11.0, and 11.1 underscores the critical importance of API security in devices at the frontline of network connections. This vulnerability, identified as CVE-2024-3400, allows unauthorized users to execute commands as the system administrator, significantly threatening the security of critical infrastructure. The issue, rated with the maximum severity score of 10 out of 10, was discovered during routine operations and specifically affects systems with both GlobalProtect gateway and device tele ..read more

APIs (Application Programming Interfaces) have proliferated widely, which increases their susceptibility to various vulnerabilities. In the realm of web applications, prime examples that stand out are SOAP (Simple Object Access Protocol) and Representational State Transfer (REST) APIs. Due to their inherent complexity and the dynamic nature of software ecosystems, common vulnerabilities include inadequate authentication mechanisms and injection attacks such as SQL injection or cross-site scripting (XSS). At Wallarm, we've been addressing API leaks for years, gaining deep insights into their c ..read more

Spoutible, the rapidly growing social media platform known for its commitment to fostering a safe, inclusive, and respectful online community, has taken a significant step forward in its mission to ensure user safety, security and data integrity. Recognizing the critical importance of robust API security in today’s digital age, Spoutible is excited to announce a strategic partnership with Wallarm, a leader in API and Application security. "Wallarm is already integrated at Spoutible, enhancing API security while reinforcing the company’s overall security posture." Christopher Bouzy, CEO Spoutib ..read more

“If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it.” - Tim Cook, CEO of Apple Inc. The entire digital landscape has evolved into a behemoth of sorts as the number of online attacks targeting individuals, businesses, and governments has risen steadily. And it’s not just money and cryptocurrencies they’re after. Customer or user data has evolved into a powerful tool for businesses to make crucial decisio ..read more

All industries are at risk of credential stuffing and account takeover (ATO) attacks. However, some industries are at a greater risk because of the sensitive information or volume of customer data they possess. While cyber-attacks come in all forms and techniques, credential stuffing involves an interconnected network where cyber criminals access critical customer information from one site and then go on to launch account takeover (ATO) attacks on different sites by stuffing information into login fields and password retrieval forms. Account takeover and fraud can directly result from success ..read more

“If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it.” - Tim Cook, CEO of Apple Inc. The entire digital landscape has evolved into a behemoth of sorts as the number of online attacks targeting individuals, businesses, and governments has risen steadily. And it’s not just money and cryptocurrencies they’re after. Customer or user data has evolved into a powerful tool for businesses to make crucial decisio ..read more