We’re releasing a major improvement to our Advanced API Security solution: enhanced detection of GraphQL-specific attacks. This new Wallarm capability allows users to configure customized GraphQL security policies, limiting query complexity to prevent undue resource consumption or performance degradation. It also includes measures to limit excessive disclosure of information about the structure of your GraphQL APIs. This update ensures that security teams have complete control over their modern API estate and can swiftly respond to emerging threats.

To use GraphQL security policies, you must update your Wallarm node to the latest version (4.10.4 or above). You can find more detailed information about this feature in our documentation.

At Wallarm, we love customer feedback and based on that feedback we’ve made a few improvements to the details we show for API endpoints in the API Discovery interface. Wallarm’s API Discovery capability provides a complete inventory of your APIs and endpoints, along with security posture assessment and details about the supported parameters and headers seen in requests. We’ve enhanced the details displayed with the following improvements. 

Response Schema (requires node 4.10.2)

In deployments where Wallarm can collect responses, we now parse and display the parameters discovered in responses in addition to those discovered in the requests, giving you greater visibility into how your APIs and endpoints interact. 

Sensitive Data Detection in Responses (requires node 4.10.2)

We’re applying the same logic for identifying parameters that expose sensitive data to the response parameters as we do for the request parameters, expanding your ability to identify where sensitive data is used in your APIs.

Improved Display of Headers

For usability, we previously filtered out some headers from display. We’ve now updated the UI to separate headers and other parameters into collapsible lists so that we can easily display all the headers without compromising usability.

For more information about the details provided in API Discovery, see the documentation. 

We are excited to announce the release of the latest update to Wallarm Node, version 4.10.4, which is now available for installation.

This update includes several performance improvements that enhance your overall experience with our software.
Key updates in this version include:

• Added support for API Specification Enforcement (Coming Soon!)
• Added support for GraphQL API Protection (Coming Soon!)
• Added support for NGINX v1.25.4

Previous updates 4.10.3 and 4.10.2 introduced:

• Internal improvements for higher reliability and security, including better synchronization between the filtering node and Wallarm Cloud, and reducing overall node memory usage.

• Fixed vulnerabilities:

  • CVE-2021-43809
  • CVE-2023-48795

We have also upgraded 4.8.9 performance for Nginx Ingress reducing CPU resources consumption by half.

These changes reflect our ongoing commitment to quality and customer satisfaction.

For detailed information and instructions, please refer to our documentation.

We've updated the Wallam platform to support filtering for 282 additional known vulnerabilities in the Attacks section.

When Wallarm detects an attack, the platform attempts to identify whether the attack is attempting to exploit a known vulnerability (CVE) in a specific software component. The decision is made based on the request structure, malicious payload, parameter names, metadata, and more. The updates released in Q1 2024 included new attribution rules for 282 vulnerabilities (CVEs), the majority of which are notable, recent, or widely exploited vulnerabilities observed among all Wallarm traffic. 

Wallarm users are able to find exploitation attempts of a specific vulnerability by simply typing the CVE identifier in the “CVEs and Exploits” search field in the Attacks section of the Wallarm Console.

Searching for a specific vulnerability allows users to identify attacks on their infrastructure using recently published exploits. It may also be useful for conducting a retrospective analysis during the incident investigation process.

The following example demonstrates searching for exploitation of Auth Bypass in TeamCity (CVE-2024-27198).

As of this update, Wallarm users are currently able to search for 1505 vulnerabilities.

On Friday April 12, Palo Alto disclosed that some versions of PAN-OS are not only vulnerable to remote code execution, but that the vulnerability has been actively exploited to install backdoors on Palo Alto firewalls. A patch is expected to be available on April 14th.The advisory from Palo Alto is here. The CISA advisory is here. Palo Alto has marked this vulnerability as critical and NVD has scored it a 10.0 with CVSSv3. 

Wallarm currently detects attacks against this vulnerability with no additional configuration required. Wallarm will block these attacks as long as the filtering nodes are configured in blocking mode. Wallarm users who have protected their Palo Alto devices with Wallarm nodes can search for these attacks either by filtering for the CVE ID using the “CVEs and Exploits” filter or by filtering for their vulnerable Palo Alto devices and the attack type “RCE.” 

Customers can also search their Palo Alto logs for requests to /api with an XML body containing <cmd code="ping">. 

In March, Wallarm issued a significant update of our detection rules for multiple attack types. The most impactful improvements were aimed at detection of Remote Code Execution, Local File Exclusion, Server Side Template Injections and Command Injection attacks.

In addition, new indicators of Out-of-Band (OOB/OAST) attack techniques were added to the product.

The update also included detection of the critical, widely-exploitable vulnerabilities listed below:

• Server-Side Request Forgery in NextJS
• Auth Bypass in TeamCity (CVE-2024-27198)
• Auth Bypass in TeamCity (CVE-2024-27199)
• Arbitrary File Read Vulnerability Leading to RCE in Jenkins (CVE-2024-23897)
• Authentication Bypass in Fortra GoAnywhere MFT (CVE-2024-0204)
• OS Command Injection in MajorDoMo  (CVE-2023-50917)
• Account Takeover via Password Reset in GitLab (CVE-2023-7028)
• Remote Code Execution in Apache OFBiz (CVE-2023-51467)
• Adobe ColdFusion WDDX Deserialization Gadgets (CVE-2023-44353)
• Adobe ColdFusion Pre-Auth RCE (CVE-2023-29300)
• Remote Code Execution in Juniper(CVE-2023–36845)
• Authentication Bypass in Ivanti ICS (CVE-2023-46805)

We highly recommend that customers validate whether these components are used in their infrastructure and update them to the latest versions.

We’ve updated Wallarm’s user management function with the ability to invite a new user via an invitation link. This new capability allows administrators to produce an invitation link that can be shared with unregistered users so they can sign up for their specific client. 

If provided, the link will populate the user’s email address automatically, and create a user within the client once the new user has submitted their name and password. Additionally, the link can be set with an expiration time and specific user role as well. The invite by link functionality is also available via the Wallarm API for automation use cases. 

We are excited to introduce our latest new feature: NIST CSF 2.0 Dashboards for the Wallarm platform. These dashboards offer a high-level overview of Wallarm security controls that comply with the NIST CSF version 2.0, empowering teams to effectively assess the security level of their APIs. Utilizing the NIST Cybersecurity Framework, our product now delivers comprehensive insights into your security posture, aligning with industry standards and best practices. This feature is designed to guide you through identifying, protecting, detecting, and responding to cybersecurity threats, ensuring a resilient infrastructure. Leverage this new dashboard to assess and improve your API and application security controls.

You can find more detailed information about this feature in our documentation.

Following a successful release of our 4.10 node including several version upgrades and a real-time credential stuffing detection, we are now excited to announce the first update.

This update addresses a number of minor vulnerability findings related to our Docker image and provides support for future feature releases. In this node update, the following vulnerability findings were addressed: CVE-2020-36327, CVE-2023-37920, CVE-2021-41816, CVE-2021-33621, CVE-2021-41819, CVE-2021-41817, CVE-2020-14343, CVE-2021-31799, CVE-2021-28965, CVE-2023-28755, CVE-2020-25613

For detailed information and instructions, please refer to our documentation.

In the ever-evolving landscape of cybersecurity, we're thrilled to announce an addition to the Wallarm arsenal: Credential Stuffing detection. Criminals are deploying automated bots using stolen credentials that aim to exploit overlapping logins across services. Users' tendency to reuse passwords makes businesses susceptible to this type of unauthorized access, fraud, and trust erosion. As digital footprints expand, defending against Credential Stuffing is now a business imperative.

Wallarm offers multiple means to detect credential stuffing, including detection of brute force attempts and behavioral detection with API Abuse Prevention. The new credential stuffing detection feature gives security analysts even more control. Every instance of a known-compromised credential in use can now be spotted. Users can: 

• Configure specific authentication endpoints for credential stuffing monitoring.
• Leverage recommendations from API Discovery to automatically identify endpoints used for authentication. 
• Configure triggers and notifications for credential stuffing events.

Wallarm, supported by a massive database of over 850 million compromised passwords, helps organizations quickly identify when user accounts have been compromised. This new feature expands Wallarm’s ability to protect against credential stuffing.

As businesses expand their online footprint, encompassing both WebApps and APIs, the need for a robust defense against Credential Stuffing has never been more crucial. Wallarm doesn't just meet this need; it exceeds expectations. 

Credential Stuffing detection is available with the Advanced API Security subscription and in brand new Wallarm node 4.10. You can find more detailed information about this feature in our documentation.