Security News

Nearly every software application and mobile application uses, or is, an API. Attackers are increasingly focused on APIs and this focus pays off in the form of seized data that can be parlayed into financial returns or used as malicious leverage-on brands or their customers. "APIs are a common part of enabling digital experiences in our daily lives, whether consumers realize it or not," said Gene Fay, CEO of ThreatX. "The data gathered by our survey sheds light on how API security can affect brands and reinforces how core APIs are to peoples' lives".

Tom Hickman, Chief Product Officer, ThreatX. API security is a hot topic in the industry today, but choosing the right API security solution is proving difficult for many organizations. Protocol level: Validating the API is not being abused in terms of overutilization or quota abuse generally requires proxied inspection of API requests and potentially using an API gateway to manage API business requirements.

APIs continue to grow in importance not only with software developers but also with the leading enterprise organizations they support, as companies increasingly rely on APIs to accelerate their digital transformation efforts. To shed light on the trends that businesses encounter as they rely more heavily on APIs, RapidAPI released a report conducted by Vanson Bourne, which surveyed 300 global IT leaders and examined the current API landscape, highlighting adoption and usage trends, as well as the challenges most organizations encounter as they struggle to manage the APIs that are driving innovation and collaboration throughout the organization.

Google on Tuesday announced that it is abandoning its controversial plans for replacing third-party cookies in favor of a new Privacy Sandbox proposal called Topics, which categorizes users' browsing habits into approximately 350 topics. Subsequently, when a user visits a participating site, the Topics selects three of the interests - one topic from each of the past three weeks - to share with the site and its advertising partners.

The outage started at 2:49 PM EST and was initially caused by an issue with the application programming interface outage, preventing various services from communicating with each other. After resolving the API issue, Discord discovered a secondary issue with a database cluster, causing further problems.

Discord is suffering a 'massive outage' preventing users from logging in to the service or using voice chats. The outage started at 2:49 PM EST and was originally caused by a widespread API outage.

More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing scams and more as the result of a high-severity cross-site scripting bug discovered in the WordPress Email Template Designer - WP HTML Mail, a plugin for designing custom emails. "Combined with the fact that the vulnerability can be exploited by attackers with no privileges on a vulnerable site, this means that there is a high chance that unauthenticated attackers could gain administrative user access on sites running the vulnerable version of the plugin when successfully exploited," Chamberland said.

Researchers at browser identification company FingerprintJS recently found and disclosed a fascinating data leakage bug in Apple's web browser software. At first telling, the bug sounds both undramatic and unimportant: although it allows private data to leak between separate browser tabs that contain content from unrelated websites, the amount of data that leaks is minuscule.

While traditional application security controls remain necessary, they are not quite up to the API security challenge. There are certain basic API security practices organizations can implement to create a more resilient API security posture.

Gaming giant SEGA Europe recently discovered that its sensitive data was being stored in an unsecured Amazon Web Services S3 bucket during a cloud-security audit, and it's sharing the story to inspire other organizations to double-check their own systems. The laundry list of SEGA's potentially exposed data is nauseating - API keys, internal messaging systems, cloud systems, user data and more.