Security News

APIs continue to grow in importance not only with software developers but also with the leading enterprise organizations they support, as companies increasingly rely on APIs to accelerate their digital transformation efforts. To shed light on the trends that businesses encounter as they rely more heavily on APIs, RapidAPI released a report conducted by Vanson Bourne, which surveyed 300 global IT leaders and examined the current API landscape, highlighting adoption and usage trends, as well as the challenges most organizations encounter as they struggle to manage the APIs that are driving innovation and collaboration throughout the organization.

Google on Tuesday announced that it is abandoning its controversial plans for replacing third-party cookies in favor of a new Privacy Sandbox proposal called Topics, which categorizes users' browsing habits into approximately 350 topics. Subsequently, when a user visits a participating site, the Topics selects three of the interests - one topic from each of the past three weeks - to share with the site and its advertising partners.

The outage started at 2:49 PM EST and was initially caused by an issue with the application programming interface outage, preventing various services from communicating with each other. After resolving the API issue, Discord discovered a secondary issue with a database cluster, causing further problems.

Discord is suffering a 'massive outage' preventing users from logging in to the service or using voice chats. The outage started at 2:49 PM EST and was originally caused by a widespread API outage.

More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing scams and more as the result of a high-severity cross-site scripting bug discovered in the WordPress Email Template Designer - WP HTML Mail, a plugin for designing custom emails. "Combined with the fact that the vulnerability can be exploited by attackers with no privileges on a vulnerable site, this means that there is a high chance that unauthenticated attackers could gain administrative user access on sites running the vulnerable version of the plugin when successfully exploited," Chamberland said.

Researchers at browser identification company FingerprintJS recently found and disclosed a fascinating data leakage bug in Apple's web browser software. At first telling, the bug sounds both undramatic and unimportant: although it allows private data to leak between separate browser tabs that contain content from unrelated websites, the amount of data that leaks is minuscule.

While traditional application security controls remain necessary, they are not quite up to the API security challenge. There are certain basic API security practices organizations can implement to create a more resilient API security posture.

Gaming giant SEGA Europe recently discovered that its sensitive data was being stored in an unsecured Amazon Web Services S3 bucket during a cloud-security audit, and it's sharing the story to inspire other organizations to double-check their own systems. The laundry list of SEGA's potentially exposed data is nauseating - API keys, internal messaging systems, cloud systems, user data and more.

The attack technique is script-based and dubbed "Autom", because it exploits the file "Autom.sh". Attackers have consistently abused the API misconfiguration during the campaign's active period, however the evasion tactics have varied - allowing adversaries to fly under the radar, wrote Aquasec's research arm Team Nautilus in a report published Wednesday.

Web app attacks against UK businesses have increased by 251% since October 2019, putting both organizations and consumers at risk, an Imperva reserach reveals. In a study of nearly 4.7 million web application-related cyber security incidents, Imperva Research Labs finds that attacks are increasing, on average, by 22% each quarter.