SQL Injection Using JSON

SQL Injection Using JSON

Security researchers have developed a generic SQL injection technique that bypasses multiple web application firewalls (WAFs). Allowing potential attackers to easily hide their malicious payloads.  Since the vendors are failing…
SonicWall Addresses Critical Injection Flaw

SonicWall Addresses Critical Injection Flaw

SonicWall addressed a critical SQL injection vulnerability, tracked as  CVE-2022-22280 with CVSS score 9.4, in Analytics On-Prem and Global Management System (GMS) products. Improper Neutralization of Special Elements used in an…
Google Cloud Armor – New Feature sets

Google Cloud Armor – New Feature sets

Google Cloud is adding new Cloud Armor’s capabilities for fending cyberattacks against its cloud customers. Attackers use advanced comprehensive techniques, like volumetric DDoS attacks, bot attacks and application programming interface abuse…

BIG-IP Fixes Critical Vulnerabilities

BIG-IP F5 has fixed more than a dozen high-severity vulnerabilities part of its monthly patch delivery cycle in its networking device, one of them being elevated to critical severity under…
Fortinet Command Injection Vulnerability

Fortinet Command Injection Vulnerability

An authenticated attacker could execute arbitrary commands as the root user on the underlying system via the SAML server configuration page. The vulnerability impacts Fortinet FortiWeb versions 6.3.11 and earlier, an authenticated…
BOT Protection On Azure WAF
Posted inAzure Security

BOT Protection On Azure WAF

Microsoft has announced that the WAF bot protection feature has reached general availability on Azure Application Gateway starting this week. Azure WAF is a cloud-native service designed to protect customers' web…