Security News

The attack technique is script-based and dubbed "Autom", because it exploits the file "Autom.sh". Attackers have consistently abused the API misconfiguration during the campaign's active period, however the evasion tactics have varied - allowing adversaries to fly under the radar, wrote Aquasec's research arm Team Nautilus in a report published Wednesday.

Web app attacks against UK businesses have increased by 251% since October 2019, putting both organizations and consumers at risk, an Imperva reserach reveals. In a study of nearly 4.7 million web application-related cyber security incidents, Imperva Research Labs finds that attacks are increasing, on average, by 22% each quarter.

Protecting mobile applications and APIs against automated threats is a top priority for online commerce businesses, according to data from a study published by DataDome. Focusing on mobile application and API protection Two-thirds of respondents report that focusing on mobile application and API protection is a key priority for the next 12 months.

A suspected Iranian state-supported threat actor is deploying a newly discovered backdoor named 'Aclip' that abuses the Slack API for covert communications. Slack is an ideal platform for concealing malicious communications as the data can blend well with regular business traffic due to its widespread deployment in the enterprise.

You don't have to log into the network to use the phone - it happens in the background via the SIM. Moreover, the mobile subscriber identity is one of the most widely used forms of digital identity. Firstly, it merely proves the user has access to a phone number, potentially through social engineering, not possession of a physical security token / device.

Jason Kent, hacker-in-residence at Cequence, found a way to exploit a Toyota API to get around the hassle of car shopping in the age of supply-chain woes. First, some background: Many outlets have widely reported that manufacturers are putting 99 percent of a vehicle together, parking it in a lot somewhere and assuming the missing parts, like computer chips, will be available soon and they'll be able to make the engines run so the vehicles can be sold.

Cisco's Vijoy Pandey has tools and tips to help businesses get visibility into their APIs. APIs are responsible for taking some of the most valuable data that an organization uses and sending that data, when requested, to another application using the API to decode that data in a way the app can understand and return to its user.

The following article is based on a webinar series on enterprise API security by Imvision, featuring expert speakers from IBM, Deloitte, Maersk, and Imvision discussing the importance of centralizing an organization's visibility of its APIs as a way to accelerate remediation efforts and improve the overall security posture. In these organizations, it is imperative to have a centralized API location with deployment into each of these locations, to ensure greater visibility and better management of API-related business activities.

In this Help Net Security interview, Tal Steinherz, CTO at Wib, talks about the importance of API security awareness and how to tackle numerous thretas that are plaguing it. API security is widely being considered, yet breaches continue to plague many organizations.

The new visibility challenge, with so much core business depending on interconnecting processes and data via APIs, requires that companies need to know what APIs they expose externally and internally and how they should behave. Traditional tools, such as WAFs and API Gateways were built for a different purpose and lack the ability to discover APIs and provide a complete inventory of them.