Product Changelog

Wallarm has added rules for detecting exploitation of a critical Server-Side Template Injection (SSTI) vulnerability in Confluence Data Center and Server (CVE-2023-22527). The vulnerability allows an unauthenticated attacker to inject OGNL expressions into the Confluence instance and, thus, execute arbitrary code in the system. Since the nuclei template for vulnerability detection was published, we have observed multiple scanning attempts in client infrastructure. 

We highly recommend upgrading the Confluence Data Center and Server as soon as possible. If your confluence installation is exposed to the Internet, we highly recommend detaching the system from the Internet as soon as possible and checking the server for malicious Indicators-of-Compromise. 

Wallarm clients can also utilize and configure the platform's Virtual Patch functionality to block the exploitation attempts if nodes are configured in monitoring (not-blocking) mode. 

References:

NVD NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-22527 

Vendor’s Advisory: https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html

Vendor’s FAQ: https://confluence.atlassian.com/kb/faq-for-cve-2023-22527-1332810917.html

Nuclei Template: https://github.com/projectdiscovery/nuclei-templates/pull/8982?ref=blog.projectdiscovery.io 

We're thrilled to unveil a new feature in our API Security platform, the ability to receive notifications about detected Shadow, Zombie, and Orphan APIs. 

These Rogue APIs pose a significant risk to your organization. They could be Shadows hiding in plain sight, Zombies consuming resources, or Orphans left unattended. Rogue APIs can expose sensitive data, hog bandwidth, and leave your application vulnerable.

 Starting now, you can receive notifications about the newly detected Rogue APIs directly in your SIEM, SOAR, Log management system, or even your favorite messaging app. In each notification you can find all the necessary information, like the API host where the threat was spotted, the API specification used, and more.

Stay one step ahead of potential threats with our Rogue API Notifications feature! Your APIs deserve the best defense, and we're here to deliver.

You can find more information about this functionality in our documentation.

We've got some exciting news that's easy on the eyes – literally! Say hello to our brand new Dark Theme feature, a sleek and comfortable visual option now available in Wallarm. We know those long hours spent safeguarding digital realms can be tough on your eyes, so we've designed this theme with you in mind. It's not just about the cool, modern look; it's about reducing eye strain and making your experience with our product more comfortable, especially during those late-night monitoring sessions.

Simply click on your user profile icon in the upper right corner of the user interface to switch between light and dark themes. The Dark Theme offers a visually appealing interface with subtle contrasts and dark tones, significantly reducing screen glare. We believe this small change can make a big difference in your daily routine, enhancing focus and reducing fatigue. As always, your feedback is invaluable – let us know how this new feature works for you.

Wallarm has added rules for detecting exploitation of a Remote Code Execution vulnerability in Apache Struts2 (CVE-2023-50164). Wallarm clients are now able to observe any detected exploitation attempts by searching for CVE-2023-50164 in the Events/Attacks section.

About the vulnerability

This vulnerability exists in the framework’s handling of file upload parameters which can be abused to upload a malicious file, such as a web shell. Successful exploitation provides the ability to execute arbitrary code on the server. The vulnerability has a 9.8 CVSS Score (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 

The vulnerability can be exploited by unauthenticated, remote attackers and doesn’t require advanced technical knowledge. Public exploits for the vulnerability have been published on GitHub (exploit#1 and exploit#2).

Due to the prevalence of the Apache Struts2 framework across enterprise infrastructure and its public exposure on Internet-facing web servers, the vulnerability is being actively exploited and has received significant attention in the cybersecurity community. Just days after publishing, it became clear that this vulnerability would be one of the most popular and noticeable vulnerabilities of the year. 

It is highly recommended that organizations update the Apache Struts2 framework as soon as possible (vulnerable versions range from 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0). 

In the realm of cybersecurity, the struggle is intrinsically imbalanced. Attackers need only to find a single weak point to compromise defenses, often using automated tools to pinpoint critical vulnerabilities quickly. This highlights the need for security teams to anticipate threats from a hacker's perspective and proactively anticipate and prepare for potential threats.

We are excited to introduce API Attack Surface Management (AASM), a revolutionary set of capabilities designed to empower organizations to enumerate, assess, and manage the public-facing aspects of their APIs. AASM addresses the unseen risks associated with the proliferation of APIs in modern application delivery and integration, including the risks of API leaks.

API leaks pose a significant security risk, potentially exposing sensitive information and leading to data breaches. Wallarm proactively safeguards against such risks by detecting and alerting on API secrets inadvertently leaked across public platforms like GitHub, Postman collections, SwaggerHub, and more. As an integral component of the Wallarm App and API Security platform, AASM can strengthen your security and allow you to easily block detected leaks using WAAP or the Advanced API Security solution. 

The addition of API Attack Surface Management in Wallarm’s portfolio represents a significant advancement for our customers, fortifying their security infrastructure against evolving API threats. Experience these new capabilities firsthand by requesting a trial today.

We're excited to announce a significant update in our interface that will make your experience smoother and more intuitive. As the Wallarm platform has grown and evolved, the number of features available has reached a point where navigation can be challenging. We’ve listened to your feedback, and it's with great pleasure that we unveil our redesigned left menu, tailored to specific use cases and streamlined for ease of use.

With this update, you can focus on what's important without losing quick access to the full range of platform capabilities. The new menu is designed to guide you effortlessly to the tools and information you need, when you need them, enhancing your productivity and user experience.

For our customers with basic subscriptions, we're offering a simple way to request a free trial of Advanced API Security. This is your opportunity to explore additional features such as API Discovery, API Abuse Prevention, Automatic BOLA Protection, and API Security Testing. Gain full access to our platform's functionality without the need to install any additional components in your infrastructure.

We're committed to continuously improving and adapting our platform to meet your needs. That's why your input is invaluable and we would be delighted if you share your impressions of these changes using emojis under this post or send us your feedback.

This in-depth Q3’2023 API ThreatStatsTM report emphasizes the need for immediate strategic actions for cybersecurity practitioners to combat sophisticated emerging threats. The API ThreatStatsTM report highlights vulnerabilities not captured by traditional benchmarks frameworks like the OWASP API Top 10. While these frameworks are invaluable, they are not exhaustive.
At Wallarm, we advocate for a dynamic, real-time approach to identifying severe threats that static frameworks might miss.

Key Findings:

• 239 API vulnerabilities discovered in this past (Q3) quarter.
• 33% associated with AuthZ, AuthN and Access Control (AAA) issues.
• Breaches suffered by leading global companies highlighted in the report underscores
  the essential role of API leak prevention within corporate security planning.

Practical Steps & Actionable Recommendations 

1. Thoroughly review the Q3’2023 ThreatStats report, focusing on major API security concerns and highlights.
2. Investigate potentially overlooked CVEs relevant to your environment.
3. Start by using the OWASP API Top 10 as a foundational benchmark.
4. Prioritize and act on the pivotal findings presented in the Wallarm ThreatStats report.

Leverage Wallarm's Expertise: 

Utilize our tools and research for a comprehensive API security approach. Access detailed insights from our full Q3’2023 API Security ThreatStatsTM report or read the key highlights in the Executive Summary. Also, for personalized guidance, engage with one of Wallarm’s seasoned security experts.

We're excited to announce that Wallarm OpenAPI Security Testing is now available!

Our new solution allows you to perform dynamic vulnerability testing of APIs based on OpenAPI Specifications. Customers can use the API specification discovered with API Discovery or upload one of their own. This new testing capability is designed for easy integration via Docker, and with flexible testing policies to maximize effectiveness. Users can integrate testing directly into their CI/CD pipeline. Within the testing policies, users can configure the list of endpoints to be tested and specific vulnerabilities to be assessed in APIs, authorization, and other metadata. The test report contains information about which endpoint contains which vulnerability, including a sample request for manual validation. 

We’re excited for customers to extend their Wallarm use cases with this testing feature that allows you to more effectively eliminate API vulnerabilities from your environment. More information is available in the documentation. 

We are happy to introduce the Wallarm NGINX Ingress Controller with ARM64 support. As ARM64 architecture continues to gain prominence in server solutions, we are committed to staying at the forefront of technology to meet the evolving needs of our customers.

ARM64 architectures offer energy-efficient performance, helping organizations optimize capacity, cut compute costs, and modernize their API operations. To meet the rising demand for API security, customers seek ARM64-compatible solutions, ensuring uniform security protocols across diverse setups. Adopting a single security platform which covers both traditional x86 and ARM64 architectures lets organizations adapt to evolving needs while strengthening protection.

With Wallarm NGINX Ingress Controller now supporting ARM64 architecture, we are aligning with industry adoption and empowering our customers to leverage this cutting-edge technology for enhanced security in their API environments.

Feel free to talk with Wallarm's security experts if you'd like to learn more.

We're excited to announce that Wallarm node 4.8 is now available!

The new node’s version contains significant enhancements to our DenyList functionality, a very effective defensive measure against high-volume attacks (e.g., brute-force, path traversal, bot attacks, etc.).

In pursuit of enhancing usability and understanding of attack profiles, we gather detailed statistics about all blocked packets. Now, you can analyze not only the initial packets that led to the blocking of a particular source, but you can also see the total number of packets blocked after a source has been added to the DenyList.

This improvement will allow you to evaluate the power of attacks and more accurately analyze event statistics by various parameters. To provide a better perspective of each attack, examples of blocked packets will be preserved for every incident.

We believe this functionality will serve as a powerful tool in understanding and combating high-volume attacks. 

You can find more information about this functionality in our documentation.