Security News

Although many financial institutions are aware of the need for API security to support their new corporate reality, they do not really know how to approach it and especially with which tools. In the API security domain, financial organizations are looking for tools that handle the whole lifecycle.

Security analysts warn of a sharp rise in API attacks over the past year, with most companies still following inadequate practices to tackle the problem. More specifically, Salt Security reports a growth of 681% of API attack traffic in 2021, while the overall API traffic increased by 321%. These stats underline that as industries adopt API solutions, attacks against them are growing disproportionally.

An Iranian geopolitical nexus threat actor has been uncovered deploying two new targeted malware that come with "Simple" backdoor functionalities as part of an intrusion against an unnamed Middle East government entity in November 2021. The attacks are said to have been orchestrated via spear-phishing messages to gain initial access, followed by taking advantage of publicly available offensive security tools and remote access software for lateral movement and maintaining access to the environment.

Nearly every software application and mobile application uses, or is, an API. Attackers are increasingly focused on APIs and this focus pays off in the form of seized data that can be parlayed into financial returns or used as malicious leverage-on brands or their customers. "APIs are a common part of enabling digital experiences in our daily lives, whether consumers realize it or not," said Gene Fay, CEO of ThreatX. "The data gathered by our survey sheds light on how API security can affect brands and reinforces how core APIs are to peoples' lives".

Tom Hickman, Chief Product Officer, ThreatX. API security is a hot topic in the industry today, but choosing the right API security solution is proving difficult for many organizations. Protocol level: Validating the API is not being abused in terms of overutilization or quota abuse generally requires proxied inspection of API requests and potentially using an API gateway to manage API business requirements.

APIs continue to grow in importance not only with software developers but also with the leading enterprise organizations they support, as companies increasingly rely on APIs to accelerate their digital transformation efforts. To shed light on the trends that businesses encounter as they rely more heavily on APIs, RapidAPI released a report conducted by Vanson Bourne, which surveyed 300 global IT leaders and examined the current API landscape, highlighting adoption and usage trends, as well as the challenges most organizations encounter as they struggle to manage the APIs that are driving innovation and collaboration throughout the organization.

Google on Tuesday announced that it is abandoning its controversial plans for replacing third-party cookies in favor of a new Privacy Sandbox proposal called Topics, which categorizes users' browsing habits into approximately 350 topics. Subsequently, when a user visits a participating site, the Topics selects three of the interests - one topic from each of the past three weeks - to share with the site and its advertising partners.

The outage started at 2:49 PM EST and was initially caused by an issue with the application programming interface outage, preventing various services from communicating with each other. After resolving the API issue, Discord discovered a secondary issue with a database cluster, causing further problems.

Discord is suffering a 'massive outage' preventing users from logging in to the service or using voice chats. The outage started at 2:49 PM EST and was originally caused by a widespread API outage.

More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing scams and more as the result of a high-severity cross-site scripting bug discovered in the WordPress Email Template Designer - WP HTML Mail, a plugin for designing custom emails. "Combined with the fact that the vulnerability can be exploited by attackers with no privileges on a vulnerable site, this means that there is a high chance that unauthenticated attackers could gain administrative user access on sites running the vulnerable version of the plugin when successfully exploited," Chamberland said.