Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Apache HugeGraph-Server, a popular open-source graph database tool, has been found to have a critical security vulnerability tracked as CVE-2024-27348. The vulnerability allows remote code execution (RCE), giving attackers the ability to execute arbitrary commands on vulnerable servers. This blog explores the details of this vulnerability, its impact, and the necessary mitigation steps to protect affected systems.

As the importance of APIs continues to grow and API traffic accelerates, ensuring their secure functionality is no longer an option—it is a necessity. Just think about recent hacks like the ones at T-Mobile and Finsify’s Money Lover app – which left millions of users exposed and vulnerable. As cyber threats evolve faster than ever, the quest for the perfect API security solution becomes a mission. With so many options, how do you know which fits your needs?

Over 100,000 websites fell victim to a recent web supply chain attack through the Polyfill JavaScript library. This incident underscores significant vulnerabilities in third-party script integration across the web. This article covers what Polyfill does, why it’s now a threat, and the steps you should take if your website relies on it.

Our latest application security report shows a significant rise in bot attacks, jumping from 59.4 million in Q1 2023 to 147 million in Q1 2024—a 147% increase. These automated programs can disrupt services, compromise sensitive data, and threaten the integrity of online operations. To effectively mitigate these risks, businesses must adopt a robust bot protection solution.

The cloud offers unparalleled flexibility and scalability, from data storage to maintaining an online presence. However, this increased reliance on cloud infrastructure also brings heightened risks, particularly from DDoS attacks. Recent incidents underscore the urgent need for robust DDoS protection. For instance, the HTTP/2-based DDoS attack peaked last August, reaching over 398 million requests per second.

An application layer DDoS attack, also known as a Layer 7 (L7) DDoS attack, targets the application layer of the OSI model. This type of DDoS attack focuses on disrupting specific functions or features of a website or online service. Layer 7 attacks leverage loopholes, vulnerabilities, or business logic flaws in the application layer to orchestrate the attacks. Here are the key characteristics and methods: Examples of L7 attacks are Slowloris, GET/POST Floods, etc.

If your device suddenly behaves like a re-animated zombie, it might be under a botnet attack. Botnet attacks, also known as zombie armies, involve hijacking internet-connected devices infected with malware, controlled remotely by a single hacker. These attacks can reach immense scales, as demonstrated by an incident where 1.5 million connected cameras were exploited to overwhelm and take down a journalist’s website.

In 2021, Amazon suffered a financial setback of around $34 million due to a one-hour system outage that led to a considerable loss in sales. Meta suffered a loss of nearly $100M because of Facebook’s 2021 outage. The consequences of downtime can be severe, and businesses of all sizes and governments can be affected. A DDoS attack can bring a business to a complete standstill for hours, leading to a substantial loss in revenue.

Have you ever wanted to fine-tune the configuration of your Bot Management? With self-service rules, you get finer control over bot scoring and customize it according to user behavior on your applications. In this blog, we will cover three use cases that will explain how to use this feature.

Servers host applications and services; therefore, they are the center of all web, mobile, and API applications. These origin servers are under constant attack as hackers run probes to exploit open vulnerabilities and launch large-scale DDoS attacks that could bring down the entire infrastructure. Therefore, ensuring availability and protecting the integrity of origin servers is paramount. This article will cover what, why, and how of origin protection.