Security Boulevard

MARCH 1, 2022

Salt Security today released the latest findings of its bi-annual report on API security trends. Empirical data from the Salt Security SaaS cloud platform shows a 681% increase in attack traffic compared to a 321% increase in overall API call volume.

Big data 97

Big data Risk Data collection Authentication 97

Security Boulevard

JANUARY 18, 2024

All of these applications are powered by and rely on APIs to function. APIs are essential to bridging critical connections in transformation projects, microservice driven app modernizations, AI powered systems, mobile and web applications and much more. In these scenarios API sprawl is too risky.

Risk 57

Risk Government Artificial Intelligence Threat Detection 57

Security Affairs

AUGUST 3, 2023

Researchers discovered a bypass for a recently fixed actively exploited vulnerability in Ivanti Endpoint Manager Mobile (EPMM). Rapid7 cybersecurity researchers have discovered a bypass for the recently patched actively exploited vulnerability in Ivanti Endpoint Manager Mobile (EPMM). and below). and below). and below of the product.”

Mobile 97

Mobile Authentication Internet Internet 97

Malwarebytes

DECEMBER 11, 2023

Every day, nearly 70 brand-new vulnerabilities are discovered in software products around the world. But with little guidance beyond “critical” classifications—and with the potential for non-critical vulnerabilities to still be exploited for devastating malware attacks—resource-constrained IT organizations need help.

Software 74

Software Media Authentication Internet 74

Security Boulevard

AUGUST 3, 2022

Researchers Find 3,200 Apps Exposing Twitter API Keys, Cite ‘BOT Army’ Threat. Twitter API. The Twitter API provides direct access to a Twitter account and OAuth tokens are used by the Twitter API for authentication. It works over HTTPS and authorizes devices, APIs, servers, and applications. . The vulnerability.

Mobile 98

Mobile Authentication Accountability Identity Theft 98

Security Affairs

OCTOBER 18, 2022

Video messaging company Zoom fixed a high-severity vulnerability, tracked as CVE-2022-28762, in Zoom Client for Meetings for macOS. When the camera mode rendering context is enabled as part of the Zoom App Layers API by running specific Zoom Apps, a local debugging port is opened by the client. Impacted versions range between 5.10.6

Hacking 106

Hacking Information Security 106

Krebs on Security

NOVEMBER 21, 2018

The problem stemmed from an authentication weakness in a USPS Web component known as an “application program interface,” or API — basically, a set of tools defining how various parts of an online application such as databases and Web pages should interact with one another. 20 by the USPS is available here as a text file.

Accountability 258

Accountability Authentication Identity Theft Advertising 258

Centraleyes

FEBRUARY 25, 2024

This includes addressing risks such as Broken Object Level Authorization (OWASP API1) and Security Misconfigurations (OWASP API8), where improper configurations may lead to unauthorized access or vulnerabilities. The dynamic nature of cloud infrastructure demands agile patch management to address vulnerabilities promptly.

Risk 52

Risk Encryption Social Engineering Authentication 52

Security Boulevard

DECEMBER 15, 2021

Finding attackable open source vulnerabilities in JS applications with an intelligent SCA approach. This also means that securing open source dependencies and fixing open source vulnerabilities became an important part of software security. Is the vulnerable library used by the application in any way?

Software 144

Software Security Intelligence Accountability Technology 144

Security Boulevard

JANUARY 26, 2024

As someone who has worked in cybersecurity for over two decades, Salt’s existing brand recognition and leadership in the API security market was also undeniable. There is a Very Large and Serious Customer Problem to be Solved One of the things that was surprising to me was just how big the API security problem is.

Marketing 57

Marketing Education Risk Technology 57

McAfee

NOVEMBER 14, 2021

In this blog, we take a deeper dive into cloud security topics from these predictions focusing on the targeting of API services and apps exploitation of containers in 2022. 5G and IoT Traffic Between API Services and Apps Will Make Them Increasingly Lucrative Targets. billion by 2026.

IoT 102

IoT Risk Marketing Software 102

eSecurity Planet

JUNE 22, 2023

Dynamic Application Security Testing (DAST) combines elements of pentesting, vulnerability scanning and code security to evaluate the security of web applications. The cyber security team adopts the role of a simulated hacker and expertly scrutinizes the application’s defenses, thoroughly assessing its vulnerability to potential threats.

Software 79

Software Cyber Attacks Hacking Risk 79

eSecurity Planet

MAY 19, 2023

Application security tools and software solutions are designed to identify and mitigate vulnerabilities and threats in software applications. It specializes in detecting and preventing the exposure of API keys, credentials, certificates and other confidential data.

Software 90

Software Risk Encryption Marketing 90

NetSpi Executives

SEPTEMBER 5, 2023

Our Infrastructure Security Assessment tests the surrounding infrastructure around your model. Our Infrastructure Security Assessment tests the surrounding infrastructure around your model. If you would like to learn more about our AI/ML Pentesting, check out our data sheet , or contact us for a demo.

Penetration Testing 52

Penetration Testing Risk Network Security Technology 52

Cisco Security

AUGUST 30, 2021

The connective tissue making this data exposure possible was an Application Programming Interface or API. An API enables two pieces of software to communicate with each other. Each of these workflows is more than likely using an API and has a distinct “interface” or way in which you achieve a particular task.

Software 107

Software Authentication Risk Encryption 107

Security Affairs

DECEMBER 21, 2021

The Google Open Source Team scanned the Maven Central Java package repository and found that 35,863 packages (8% of the total) were using versions of the Apache Log4j library vulnerable to Log4Shell exploit and to the CVE-2021-45046 RCE. How long will it take for this vulnerability to be fixed across the entire ecosystem?

Hacking 144

Hacking Accountability Software Information Security 144

Pen Test

NOVEMBER 7, 2023

Even before a developer writes their initial code, including for instance, an API call to AWS, it’s quite likely that there is already a Jira ticket assigned to that developer, specifying which AWS account to utilize. On top of that, there might be a software documentation page on Confluence outlining the software’s cloud integration.

Passwords 115

Passwords Software Engineering Government 115

Cisco Security

NOVEMBER 15, 2022

users who are maturing their risk-based vulnerability management program is Kenna.VM The Cisco Kenna team is excited to release a new tier of the Kenna Security platform designed specifically for customers or prospects that have reached a point of maturity in which they can and want to do more with their vulnerability management program.

Risk 79

Risk Software 79

SecureWorld News

AUGUST 22, 2023

CyCognito has released its semi-annual State of External Exposure Management Report , revealing a staggering number of vulnerable public cloud, mobile, and web applications exposing sensitive data, including unsecured APIs and personally identifiable information (PII).

Mobile 88

Mobile Penetration Testing Backups Data breaches 88

LRQA Nettitude Labs

JANUARY 25, 2024

This approach involves identifying potential threats and vulnerabilities early, ensuring that the design of the system inherently mitigates these risks. Apply data controls for external APIs. Assess training dataset characteristics like size, quality, and diversity. Implement scanning and isolation for third-party models.

Risk 52

Risk Accountability Cybersecurity Artificial Intelligence 52

SecureWorld News

AUGUST 7, 2023

To combat such threats effectively, we must adopt a proactive approach to security, constantly anticipating and countering potential vulnerabilities through continuous monitoring and robust safeguards. He further describes how Chat GPT is a third-party service provider and should be strictly governed and managed as other third-party APIs.

Technology 89

Technology Risk Government Engineering 89

CyberSecurity Insiders

APRIL 14, 2023

This occurs frequently on penetration and vulnerability test reports that I’ve had to assess. Methodology First off is a methodology which matches the written policies and procedures of the entity seeking the assessment. Credentialed internal vulnerability scans are also required by PCI DSS 4.0 requirement 11.3.1.2.

Penetration Testing 102

Penetration Testing DNS Passwords Accountability 102

Security Affairs

JUNE 16, 2022

Researchers disclosed a remote code execution vulnerability, tracked as CVE-2022-25845, in the popular Fastjson library. Cybersecurity researchers from JFrog disclosed details of a now patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution.

Hacking 88

Hacking Cybersecurity Information Security 88

Security Boulevard

AUGUST 2, 2022

It’s no secret that APIs are at the core of every modern application, and that makes them an enormously enticing attack target. Unfortunately, most organizations are unprepared to protect this ever-expanding attack surface, according to findings from the fourth edition of the Salt Labs pioneering “State of API Security” report.

Big data 52

Big data Risk Data breaches Authentication 52

The Last Watchdog

AUGUST 4, 2021

Criminal hacking rings are carrying out big sweeps , 24X7, hunting for well-known application vulnerabilities that they can manipulate to breach company networks. Bad actors are finding ever more efficient ways to scan all public facing web apps and mobile apps, non-stop, for a long list of known app vulnerabilities.

Mobile 214

Mobile Marketing Digital transformation Risk 214

Schneier on Security

SEPTEMBER 8, 2023

Last March, just two weeks after GPT-4 was released , researchers at Microsoft quietly announced a plan to compile millions of APIs—tools that can do everything from ordering a pizza to solving physics equations to controlling the TV in your living room—into a compendium that would be made accessible to large language models (LLMs).

Banking 235

Banking Risk Accountability Government 235

Cisco Security

FEBRUARY 28, 2022

In its Hype Cycle for Security Operations, Gartner has defined Cyber Assets Attack Surface Management (CAASM) as “an emerging technology focused on enabling security teams to solve persistent asset visibility and vulnerability challenges”. This tackles our lack of visibility concerns. This is where Secure Cloud Insights (SCI) steps in.

Technology 107

Technology Risk Engineering Encryption 107

ForAllSecure

MAY 4, 2023

We participated in B Sides last month, hosted a webinar on “How to Increase Test Coverage With Mayhem for API”, and hosted a university hackathon at UC Santa Cruz. Use Open-Source Safely: How to Uncover and Address Vulnerabilities in Open-Source Libraries Open-source libraries can be a double-edged sword for software developers.

Engineering 52

Engineering Software Risk Marketing 52

eSecurity Planet

JULY 7, 2023

Vulnerability scanning is critically important for identifying security flaws in hardware and software, but vulnerability scanning types are as varied as the IT environments they’re designed to protect. The agent gathers information and connects with a central server, which manages and analyzes vulnerability data.

Software 75

Software Authentication Risk Internet 75

eSecurity Planet

MARCH 9, 2023

To examine this broad spectrum of assets and connections, these organizations need multi-faceted tools, or a vendor that can supply integrated tools that support complex workflows and larger teams for vulnerability management, remediation, and related tasks. Results are then emailed to IT and available on the dashboard.

Penetration Testing 77

Penetration Testing IoT Engineering Risk 77

Security Boulevard

JANUARY 24, 2023

Last week, T-Mobile disclosed that the personally identifiable information (PII) of 37 million of its past and present customers had been breached in an API attack. In its SEC filing, T-Mobile called the attack "malicious" and stated that data attained through its API was done "without authorization.” Was the API known to T-Mobile?

Mobile 57

Mobile Social Engineering Engineering Government 57

Digital Shadows

JANUARY 31, 2022

Digital Shadows’ new vulnerability intelligence capability brings a unique context to CVEs. Armed with this intelligence, security teams can better prioritize their vulnerability management efforts. When new vulnerabilities are announced, speed of response is critical. Limited visibility. Ambiguous scoring.

Risk 52

Risk Cyber threats Advertising Media 52

Pen Test Partners

OCTOBER 8, 2023

Let’s start with API testing as that is relatively straight forward and very similar to iOS applications. From an assessment previously, it was identified that APIs used by the watch application can differ from ones used by the iOS application, especially if functionality is only specific to the watch.

Risk 93

Risk Engineering Encryption Authentication 93

SecureWorld News

FEBRUARY 17, 2024

This and many other vulnerabilities pose a significant risk, as they not only permit unauthorized access to individual devices but also enable hackers to infiltrate huge hospital networks and cause mass disruption through malicious software. Vulnerabilities in medical devices present significant risks, expanding the potential for breaches.

Healthcare 93

Healthcare Manufacturing Internet Internet 93

Cisco Security

OCTOBER 6, 2021

Have a back pocket security assessment methodology for any system. Take courses that teach you in-demand industry skills such network security, security operations, vulnerability assessment, incident response and some programming (for accessing APIs processing and producing basic output).

Cybersecurity 121

Cybersecurity Education Network Security 121

CyberSecurity Insiders

MARCH 29, 2023

The attacker first identified BATMs running vulnerable CAS servers and the General Bytes Cloud service by scanning the IP address space of recommended service provider DigitalOcean on ports 7777 or 443. The ability to read and decrypt API keys. million) and a small volume of Ethereum from customers running the BATMs.

Cryptocurrency 102

Cryptocurrency Marketing Authentication Passwords 102

CyberSecurity Insiders

DECEMBER 21, 2022

There are new assets, new libraries, new code, and the likelihood of new vulnerabilities increases. In reality, there’s no such thing as “in-scope” or “out-of-scope” for an attacker that might be licking their chops seeing just how vulnerable their target is. How attackers think. What your attack surface truly looks like.

Internet 131

Internet Internet Risk DNS 131