What happened

• We were looking to improve Integrates’ session management to allow concurrency between our mobile app and web. After introducing this change, new sessions were not handled properly due to a missing attribute.

What we’ve done

• After identifying the problem with our error tracking tools and some reports from our users, we’ve committed the fix.

What the impact was

• There were approximately 70 unsuccessful login attempts from 9:00 A.M. to 9:30 A.M. (30 minutes in total).

What we are doing to help

• We created an issue to review and work towards removing production-only behaviors to avoid this kind of problem.

What happened

• We are currently renaming some of Integrates’s URLs.
• After introducing this change, evidence stopped loading.

What we’ve done

• We noticed the issue today, Aug 5, at 14:49, and committed the fix at 15:20.

What the impact was

• Evidence was not loading due to the /organizations URL name change.

What we are doing to help

• We are improving our tests in order to cover all the scenarios related to the URL path—open issue.

Integrates provides you with information about the current security status of all your company’s applications, and now we update the charts. These new analytics show you the security status and trends of your systems.

Also, if Forces is active, you get access to a Docker container built to specifically verify the status of security findings discovered in your system.

All these features are the product of a team effort. You can be part of it and create new elements by joining the Fluid Attacks Community or sending your comments to help@fluidattacks.com.

In the last days, we released a brand-new chart view, leaving behind performance issues and putting new charts and a universe of possibilities on the table.

I hope that you enjoy it!

Now we are releasing unprecedented functionality. You can schedule an email or download a chart report (daily/weekly/monthly) from today.

This functionality is available both in groups and organizations. You can get a report for a specific group or your entire organization.

You will find these buttons at the bottom of the charts tab.

I almost forget it. The email will be sent

• daily at 11 AM GMT,
• weekly on Mondays at 11 AM GMT, or
• monthly on the first day of the month at 11 AM GMT.

Please feel free to use it!

The format of the technical XLS report has changed on Integrates. You can request this report the same way as before, by going to Project -> Findings -> Reports.

Now, this XLS report includes all the project’s vulnerabilities instead of just the findings.
Each row represents a vulnerability, including all the data listed below:

• Where
• Related finding
• Status
• Severity
• CVSS v3 Metrics vector
• Pending Reattack
• Is Exploitable
• Report Date
• Close Date
• Age in days
• Treatment
• Treatment date
• Treatment justification
• Treatment expiration date
• Treatment manager

As usual, this report is delivered to your inbox along with its passphrase. The Export to CSV option from the Findings table has been removed in favor of this change.

Yesterday, we made some changes on Integrates, including the replacement of the Indicators view with the Charts view.

As part of these changes, new information was added for you to have a graphical analysis of the group's state, and the appearance of all the charts is now different.

Moreover, something may happen when you click, drag or hover over them.
I’m not going to spoil. 😉 

What happened

• In the past months we’ve been working to improve our authorization system so it becomes more flexible, allowing us to have granular control over each action a user can perform (ABAC).
• After this change was introduced, permissions within a group didn’t match if the group name wasn’t in lowercase. This has always been a backend transformation totally transparent to the user

What we’ve done

• We first received reports on May 19 and committed the fix on July 1 at 08:16 AM after investigating it for the past 3 weeks.
• We implemented a new tracking tool: LogRocket. With it, we were able to monitor our API’s responses to the affected users, which helped us identify and reproduce the problem

What’s the impact

• Some users have reported that they sometimes weren’t able to view some buttons even if they had access to a group.

What we are doing to help

• We are improving our tests and error reporting to better spot and avoid this kind of problem.

What happened

• We are currently improving our security by enforcing our session user token validations.
• After this change was introduced, API tokens were accidentally validated when they shouldn’t.

What we’ve done

• We noticed the issue today Jun 23 at 14:37 PM, and committed the fix at 15:40 PM.

What’s the impact

• Today, Jun 23, we introduced the token validation change at 13:40 PM and some users weren’t able to successfully query our API.

What we are doing to help

• We are improving our tests in order to cover all the scenarios related with that token functionality.

What happened

On June 3rd, from 6:30 PM to 7:00 PM, users experienced a performance degradation in the platform, making the browsing really slow. This occurred because one of our analysts was performing a DDoS attack on the site. At the same time, there was a failed deployment in production that halved the number of machines processing requests; half of them had the previous version of the app and were responding correctly, while the other half were stuck in a loop trying to deploy the new version which had issues. This attenuated the effect of the DDoS.

What we’ve done

After we detected the error, we immediately reverted that change, deploying a new version of Integrates without the bug, so the whole fleet was available.

What’s the impact

The incident occurred outside of working hours, so only 3 users were affected, and they experienced a really slow platform, with group information taking too long to load or not loading at all.

What we are doing to help

We are constantly performing security tests over our own platform to discover these kinds of flaws. Right now, we are working on concurrency improvements to achieve a better performance. Also, this vulnerability was reported to our developer team and will be addressed shortly

What happened

• We detected a performance degradation on large portfolios, which caused pages to have high response times and, in some cases, not to load at all.

What we’ve done

• On 2020-05-14, we decided to temporarily revoke access to these resources.

What’s the impact

• 6 users no longer have access to this resource.

What we are doing to help

• We started to add mock data to simulate scenarios with large portfolios, so that we can better understand their behavior and find solutions to improve their performance.
• We are experimenting with various design patterns that allow us to get the necessary data without degrading the performance.
• We will make the appropriate announcement once we enable these features again.