The Claroty T82 research team released a blog last week demonstrating a newly identified SQL injection in JSON based SQL and how this bypasses many name brand WAF vendors.

While we have had custom patterns available via the Barracuda support teams earlier, we also released an update to our attack signature definitions to explicitly capture these attacks.

In addition, today we are rolling out these new attack definitions to all our WAF-as-a-Service customers.

For further information, please see the article on Barracuda Campus. If you have any questions or experience any false positives as a result, please contact Barracuda Support via the usual channels.