Security News

Approximately 400,000 users of Scoolio, a student community app widely used in Germany, had sensitive information exposed due to an API flaw in the platform. Scoolio is a German student community app that aims to build better time management skills, tutoring, homework planning, and group chats to network with peers.

Often, API security is relegated to an afterthought in the rush to bring them to market, with many organizations relying on traditional network security solutions that are not designed to protect the wide attack surface that APIs can introduce. "From broken authentication and injection flaws, to simple misconfigurations, there are numerous API security concerns for anyone building an internet-connected application," said Steve Ragan, Akamai security researcher and author of the State of the Internet / Security report.

Security firm Sonatype on Wednesday said it had spotted two related malicious NPM libraries that were named so they might be mistaken for a popular legitimate module that serves as a Roblox API wrapper. Js, a Roblox game API wrapper available on NPM and as a standalone download. Roblox is a gaming platform with more than 40 million daily active users.

I was analyzing one of my customer's API traffic the other day and I noticed something odd about the devices that were using the mobile application API. I found standard browsers like Firefox and Chrome hitting API endpoints that should only be touched by their mobile-application communication. On a mobile application, the development staff will create a user agent for their application.

An alarming 32% of sample domains containing the names of the 10 most-impersonated brands have been found malicious by WhoisXML API researchers. Domain Brand Monitor detected 182 ways by which "Amazon" can be misspelled.

App developers have once again been accused of having butterfingers when it comes to API keys, leaving millions of mobile app users at risk of exposing their personal and payment data. "But like so much of cybersecurity, it's a could-a, should-a situation:"CloudSEK has observed that a wide range of companies - both large and small - that cater to millions of users have mobile apps with API keys that are hardcoded in the app packages," according to CloudSEK researchers Arshit Jain and Sai Ahladini Tripathy.

Shadow APIs can also be present when applications are not properly decommissioned, leaving APIs accessible and vulnerable to attack. Because you can't protect what you can't see, it is imperative that you discover, catalog, and bring your shadow APIs under governance before they are discovered by bad actors and exploited.

Hackers can easily access devices through mobile apps. Mobile app security threats have arisen over the years.

Whether the app is on your mobile device, entertainment system or garage door, APIs are what developers use to make applications function. Some background on what makes APIs such a security concern.

As companies nudge their staff to return to communal workspaces, many workers don't actually want to - more than 50 percent of employees would rather quit, according to research by EY. While HR teams worry over the hearts and minds of staff, IT security professionals have a different battle plan to draft - how to make the new normal of the hybrid workplace secure. In a hybrid workplace, a Zero Trust strategy means ever-tightening security.