Security News
As companies nudge their staff to return to communal workspaces, many workers don't actually want to - more than 50 percent of employees would rather quit, according to research by EY. While HR teams worry over the hearts and minds of staff, IT security professionals have a different battle plan to draft - how to make the new normal of the hybrid workplace secure. In a hybrid workplace, a Zero Trust strategy means ever-tightening security.
Postman announced its Public API Network is now the largest API hub in the world, serving 17 million users and 500,000 organizations worldwide. The Postman Public API Network is a global directory of thousands of public APIs, connecting developers around the globe and providing a central catalog of APIs built for discovery, exploration, and sharing.
ThreatX announced new API Catalog capabilities to provide enterprises with a clear view of their API's attack surface, as well as the operational health of APIs in production. ThreatX supports DevOps and Security teams by assessing traffic in real-time to reduce risk and protect critical APIs from misconfiguration, DDoS, BOT attacks and malicious use.
How to develop a skilled cybersecurity teamWhat skills should aspiring information security workers possess and work on? What certifications can come in handy more than others? What strategies should organizations employ to develop a well-staffed cybersecurity team? Where should they look for talent? What advice do those already working in the field have for those who want to enter it? How can secure KVM technology help eliminate security risks?John Minasyan leads Belkin's cybersecurity business unit focused on solutions to mitigate advanced threats at an operator's desk.
API security and performance are critical for engaging customers and increasing revenue, but recent news stories about security vulnerabilities that expose private data has brought the issue of API management into sharp focus. In many cases, simple failures to treat API security with respect have resulted in some significant data breaches affecting millions of users.
Researchers say there has been a massive uptick in the number of found Discord malware detections compared to last year. Because Discord is heavily trafficked by younger gamers playing Fortnite, Minecraft and Roblox, a lot of the malware floating around amounts to little more than pranking, such as the use of code to crash an opponent's game, Sophos explained.
If you wait until production to discover API vulnerabilities, you can incur substantial delays. Existing application security testing tools are generic and aim at traditional web app vulnerabilities, and can't effectively handle the business logic intricacies of an API. Because APIs don't have a UI, it is common for companies to test web, app, and mobile separately - but not the API itself.
1Password launched Events API, a new way to empower security teams with greater data visibility and actionable insights. While events have been available within 1Password for administrators previously, this new feature deepens the information available and allows events to be piped directly to tools like Splunk and other SIEM platforms to provide a holistic view that allows for correlation with other sources.
To help achieve progress on Zero Trust, there is now a new, easy way to implement continuous user verification by connecting directly to the authentication systems used by mobile operators - without the overhead of processing or storing user data. The Zero Trust model of identity verification essentially means never trusting that a returning user is whom they claim to be, regardless of their location or previous successful attempts.
Coursera states, in its Vulnerability Disclosure Program, that access control issues are a security concern. API leaks are not uncommon and have been main contributors to major security issues.