Security News
Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware. The Kinsing actors have also been involved in campaigns against container environments via misconfigured open Docker Daemon API ports to launch a crypto miner and subsequently spread the malware to other containers and hosts.
How can you protect your APIs from bots and bot attacks? Keep reading to learn effective ways for API bot detection and protection. Why is the risk of bot cyberattacks on APIs so high and common? 40% of organizations reported that more than half of their applications are exposed to third-party services or the internet owing to APIs.
Paying attention to your API calls is important to avoid passing duplicate or repeated requests to the API. When two deployed APIs try to use the same URL, it can cause repetitive and redundant API usage problems. DDoS API attacks target not only your servers where the APIs are running but also each API endpoint.
Postman released the results of its 2022 State of the API Report, which surveyed more than 37,000 developers and API professionals on a range of topics, including their organizations' priorities, how they get their work done, and where they see the industry going. API investments to remain strong, despite economic headwinds: Investments in APIs will increase or stay the same over the next 12 months, said 89% of global respondents.
A new report from Osterman Research codifies the increasing dependence of businesses upon their mobile apps, and reveals a jarring disconnect between the strategic importance of apps versus the level of focus and resources applied to protect organizational apps against runtime threats. This Help Net Security video reveals how run-time security threats against mobile apps and APIs continue to inflict damage on organizations.
Want to build your own army? Engineers at CloudSEK have published a report on how to do just that in terms of bots and Twitter, thanks to API keys leaking from applications. Researchers at the company say they've uncovered 3,207 apps leaking Twitter API keys, which can be used to gain access to or even entirely take over Twitter accounts.
Researchers have uncovered a list of 3,207 apps, some of which can be utilized to gain unauthorized access to Twitter accounts. "Out of 3,207, 230 apps are leaking all four authentication credentials and can be used to fully take over their Twitter Accounts and can perform any critical/sensitive actions," the researchers said.
Cybersecurity researchers have uncovered a set of 3,207 mobile apps that are exposing Twitter API keys to the public, potentially enabling a threat actor to take over users' Twitter accounts that are associated with the app. The discovery belongs to cybersecurity firm CloudSEK, which scrutinized large app sets for potential data leaks and found 3,207 leaking a valid Consumer Key and Consumer Secret for the Twitter API. When integrating mobile apps with Twitter, developers will be given special authentication keys, or tokens, that allow their mobile apps to interact with the Twitter API. When a user associates their Twitter account with this mobile app, the keys also will enable the app to act on behalf of the user, such as logging them in via Twitter, creating tweets, sending DMs, etc.
A new report from Osterman Research codifies the increasing dependence of businesses upon their mobile apps, and reveals a jarring disconnect between the strategic importance of apps versus the level of focus and resources applied to protect organizational apps against runtime threats. Poor visibility into security threats against mobile apps.
July may positively disrupt and adrenalize the old-fashioned Dynamic Application Security Scanning market, despite the coming holiday season. The pathbreaking innovation comes from ImmuniWeb, a global application security company, well known for, among other things, its free Community Edition that processes over 100,000 daily security scans of web and mobile apps.