CSOonline

SSRF attacks explained and how to defend against them

Server-side request forgery (SSRF) attacks consist of an attacker tricking the server into making an unauthorized request. The name itself implies that a request that should have otherwise been made ...
CSOonline

Azure API Management flaws highlight server-side request forgery risks in API development

Microsoft recently patched three vulnerabilities in its Azure API Management service, two of which enabled server-side request forgery (SSRF) attacks that could have allowed hackers to access internal ...
Dark Reading

Microsoft Patches 4 SSRF Flaws in Separate Azure Cloud Services

Microsoft has fixed vulnerabilities in four separate services of its Azure cloud platform, two of which could have allowed attackers to perform a server-side request forgery (SSRF) attack — and thus ...
Bleeping Computer

Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials

A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to extract EC2 Metadata, which could include Identity and Access Management ...
Threat Post

Microsoft Azure Flaws Open Admin Servers to Takeover

Two flaws in Microsoft’s cloud-based Azure App Services could have allowed server-side forgery request (SSFR) and remote code-execution attacks. Researchers have disclosed two flaws in Microsoft’s ...