Security News

Week in review: MS Exchange zero-days exploited, AD attack paths, developing secure APIs
2022-10-02 09:00

Introducing the book: Project Zero TrustIn this Help Net Security video interview, George Finney, CSO at Southern Methodist University, talks about his latest book - "Project Zero Trust: A Story about a Strategy for Aligning Security and the Business". How the CIO's relationship to IT security is changingIn this Help Net Security video, Joe Leonard, CTO at GuidePoint Security, illustrates how the role of the CIO is changing as cybersecurity priorities and responsibilities are creeping into the job description.

The holy trifecta for developing a secure API
2022-09-28 05:00

It's hard to write good API specifications, and since most API gateways use them as IAC, they should be carefully checked for common mistakes. Writing an API that sticks to the original design is extremely difficult, and it must be validated because it differs from the original spec in some places.

An expert guide to securing APIs
2022-09-26 09:50

The application programming interface has been around pretty much as long as computing itself, but it's perhaps only since the early years of the millennium that its use exploded with a mass shift to web applications. So much so that many of the most popular applications we all use on a daily basis would stall without them.

What could be the cause of growing API security incidents?
2022-09-22 03:30

Noname Security announced the findings from its API security report, "The API Security Disconnect - API Security Trends in 2022", which revealed a rapidly growing number of API security incidents, concerning lack of API visibility, and a level of misplaced confidence in existing controls. 76% of respondents have suffered an API security incident in the last 12 months, with these incidents primarily caused by Dormant/Zombie APIs, Authorization Vulnerabilities, and Web Application Firewalls.

Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies
2022-09-16 10:58

Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware. The Kinsing actors have also been involved in campaigns against container environments via misconfigured open Docker Daemon API ports to launch a crypto miner and subsequently spread the malware to other containers and hosts.

Bad bots are coming at APIs! How to beat the API bot attacks?
2022-09-12 04:00

How can you protect your APIs from bots and bot attacks? Keep reading to learn effective ways for API bot detection and protection. Why is the risk of bot cyberattacks on APIs so high and common? 40% of organizations reported that more than half of their applications are exposed to third-party services or the internet owing to APIs.

6 Top API Security Risks! Favored Targets for Attackers If Left Unmanaged
2022-09-09 13:30

Paying attention to your API calls is important to avoid passing duplicate or repeated requests to the API. When two deployed APIs try to use the same URL, it can cause repetitive and redundant API usage problems. DDoS API attacks target not only your servers where the APIs are running but also each API endpoint.

API security incidents occur at least once a month
2022-08-23 03:30

Postman released the results of its 2022 State of the API Report, which surveyed more than 37,000 developers and API professionals on a range of topics, including their organizations' priorities, how they get their work done, and where they see the industry going. API investments to remain strong, despite economic headwinds: Investments in APIs will increase or stay the same over the next 12 months, said 89% of global respondents.

Businesses lack visibility into run-time threats against mobile apps and APIs
2022-08-04 08:00

A new report from Osterman Research codifies the increasing dependence of businesses upon their mobile apps, and reveals a jarring disconnect between the strategic importance of apps versus the level of focus and resources applied to protect organizational apps against runtime threats. This Help Net Security video reveals how run-time security threats against mobile apps and APIs continue to inflict damage on organizations.

Bot army risk as 3,000+ apps found spilling Twitter API keys
2022-08-02 14:45

Want to build your own army? Engineers at CloudSEK have published a report on how to do just that in terms of bots and Twitter, thanks to API keys leaking from applications. Researchers at the company say they've uncovered 3,207 apps leaking Twitter API keys, which can be used to gain access to or even entirely take over Twitter accounts.