Security News
Researchers say there has been a massive uptick in the number of found Discord malware detections compared to last year. Because Discord is heavily trafficked by younger gamers playing Fortnite, Minecraft and Roblox, a lot of the malware floating around amounts to little more than pranking, such as the use of code to crash an opponent's game, Sophos explained.
If you wait until production to discover API vulnerabilities, you can incur substantial delays. Existing application security testing tools are generic and aim at traditional web app vulnerabilities, and can't effectively handle the business logic intricacies of an API. Because APIs don't have a UI, it is common for companies to test web, app, and mobile separately - but not the API itself.
1Password launched Events API, a new way to empower security teams with greater data visibility and actionable insights. While events have been available within 1Password for administrators previously, this new feature deepens the information available and allows events to be piped directly to tools like Splunk and other SIEM platforms to provide a holistic view that allows for correlation with other sources.
To help achieve progress on Zero Trust, there is now a new, easy way to implement continuous user verification by connecting directly to the authentication systems used by mobile operators - without the overhead of processing or storing user data. The Zero Trust model of identity verification essentially means never trusting that a returning user is whom they claim to be, regardless of their location or previous successful attempts.
Coursera states, in its Vulnerability Disclosure Program, that access control issues are a security concern. API leaks are not uncommon and have been main contributors to major security issues.
This means that application security has moved beyond its "Doorman" status of asking "Who's allowed in?" Nowadays, application security should assume that users are already inside the application and focus on asking, "What do we allow them to do?", "What's the expected usage?" and "How do we stop undesirable behavior?". According to Rob Cuddy, the Global Application Security Evangelist at HCL, the fundamental shift enterprises must make in their approach to application security is that securing the application perimeter from external penetration simply doesn't make sense in the era of APIs.
RtBrick has announced a new Management API for its disaggregated routing software that simplifies the integration with existing OSS and BSS systems. Analysis Mason has recognized OSS and BSS integration as one of the major industry barriers to adopting network disaggregation, for example.
SMS alone may not be secure, but mobile phone numbers tethered to a SIM card are: they're a unique pairing that is difficult to tamper with or copy. It is now possible to prevent fraud and fake accounts while seamlessly verifying mobile users using the most cryptographically secure identifier they already have - the SIM card embedded in their mobile devices.
42Crunch has announced an integration of its API security services with Postman, the API collaboration platform for developers. 42Crunch provides enterprises with continuous protection at every stage of the API lifecycle reducing the cost of DevSecOps accelerating the delivery of production ready APIs.
Akamai announces platform security enhancements to strengthen protection for web applications, APIs, and user accounts. Akamai's machine learning derives insight on malicious activity from more than 1.3 billion daily client interactions to intelligently automate threat detections, time-consuming tasks, and security logic to help professionals make faster, more trustworthy decisions regarding cyberthreats.