The power of a WAF against vulnerabilities

3D gráfico render de cubos naranjas y azules sobrepuestos entre sí

The INCIBE (Spanish acronym for Instituto Nacional de Ciberseguridad, National Institute of Cybersecurity) has published a notice this week due to a serious vulnerability detected in WordPress. This has resulted in a cross-site scripting (XSS) attack, in which cyber attackers can inject malicious codes into a specific website and then infect its visitors. This maneuver is not something that the visitor can notice, which makes it incredibly dangerous.

There’s also another vulnerability in the WordPress Advanced Custom Fields plugin, that has affected over 2 million users globally. The CMS has already published a new version with updated security features, so the first thing that any site with vulnerable WordPress versions has to do is update their current version to the new 6.2.1.

THE IMMEDIACY IN THE EXPLOITATION OF VULNERABILITIES

These two situations are particularly interesting because they reflect the way in which threats work today. Attackers started their activity within the first 24 hours after the publication of the WordPress exploit’s proof of concept (PoC).

The trend is very clear: to increase the vulnerability exploits rate, and for these to happen at a higher speed each time. Cyber attackers acted in the first few hours after the announcement was made, so the time frame to react is very small.

Having real-time observation tools that also have the ability to mitigate these attacks becomes key in order to guarantee the security of web applications.

WAF: IMMEDIATE PROTECTION

We’ve explained previously how the WAF technology works. It’s a solid security ecosystem that protects sites and APIs from application attacks and the exploitation of vulnerabilities by analyzing traffic in real time, searching for malicious requests and security risks.

This visibility allows us to react immediately against threats, even in new cases like the ones we’ve described before.

TRANSPARENT EDGE’S WAF

Our WAF goes above and beyond and protects you in real time, without the need of defining rules, and guaranteeing minimum latency, while at the same time protecting the web applications against typical attacks such as SQL injection, XSS, CSRF, and others.

Of course, the Transparent Edge clients that have hired this solution are protected against the two vulnerabilities detected in WordPress that have kicked off this post.