Security News

To help organizations protect against ransomware attacks and recover from them if they happen, NIST has published an infographic offering a series of simple tips and tactics. Collaboration between network access brokers and ransomware actors deepensIn this Help Net Security podcast, Brandon Hoffman, CISO at Intel 471, discusses about the increased collaboration between network access brokers and ransomware operators, and how they funcion it today's threat landscape.

API security firm 42Crunch has raised $17 million in a Series A funding round led by Energy Impact Partners and joined by Adara Ventures. In 2019, Gartner stated, "By 2022, API abuses will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications." Its proposed solution was, "Use a Combination of API Management and Web Application Firewalls to Protect APIs, in Conjunction with Identity Infrastructure."

Vanson Bourne surveyed 750 application security decision makers responsible for their organization's application development and security to get their perspectives on data breaches, top application security vulnerabilities, and the most important product capabilities needed to defend against multi-vector application attacks. Overall, the findings indicate that more needs to be done to protect against application security threats, particularly newer threats like bot attacks, API attacks, and supply chain attacks.

The MountLocker ransomware operation now uses enterprise Windows Active Directory APIs to worm through networks. In March 2021, a new group ransomware group emerged called 'Astro Locker' that began using a customized version of the MountLocker ransomware with ransom notes pointing to their own payment and data leak sites.

Amazon Web Services announced AWS App Runner, a fully managed container application service that makes it easier and faster for customers to build, deploy, and run containerized web applications and APIs with just a few clicks. Customers simply provide their source code, container image, or deployment pipeline and AWS App Runner builds and deploys the web application or API, load balances network traffic, scales capacity up or down based on demand, monitors application health, and encrypts traffic by default.

Headlining the new features are support for design-first API methodology and versioning that make it easy for technical and non-technical users to quickly create new applications around specific APIs; anomaly detection and memory management capabilities that automatically and proactively identify issues, improving platform resilience; and enhancements to Kubernetes-based elastic scaling capabilities that enable organizations to dynamically scale platform resources to meet spike increases in workload demands. New advanced API management capabilities incorporated in the release add tools and support for API developers who prefer to take a "Design-first" approach to API creation.

Cequence Security announced the release of API Sentinel 2.0, adding powerful features that will help organizations strengthen their runtime API protections by "Shielding the right" - a necessary step that is often minimized while implementing "Shift left" DevOps initiatives. Encouraging security collaboration: A broad set of APIs facilitates collaborative efforts between development and security teams by identifying critical security gaps that require remediation, while reducing the administrative overhead so they can spend more time innovating.

Pen Test Partners security researcher Jan Masters had discovered that a bug allowed anyone to scrape users' private account data right off Peloton's servers, regardless of their profiles being set to private. As Masters said in a post about the glitch, the leaky API was allowing any user, along with any random internet passersby, to make an unauthenticated request for account data to the API without the API making sure that they had any right to the data.

CloudVector enables customers to discover, monitor, and protect all API traffic in any environment from exploits and breaches. "As a pioneer in modern API security, Imperva protects our customers from the risks associated with the mis-use of APIs via exposures or attacks, and the exfiltration of sensitive data."

It's the data that is critical to insurance that is driving the push for more API usage. From a business perspective, APIs are powering omnichannel capabilities that are increasingly important to ensure policyholders, agents, brokers and partners can consume data and insights during key processes in a way that suits them best.