Security News

The MountLocker ransomware operation now uses enterprise Windows Active Directory APIs to worm through networks. In March 2021, a new group ransomware group emerged called 'Astro Locker' that began using a customized version of the MountLocker ransomware with ransom notes pointing to their own payment and data leak sites.

Amazon Web Services announced AWS App Runner, a fully managed container application service that makes it easier and faster for customers to build, deploy, and run containerized web applications and APIs with just a few clicks. Customers simply provide their source code, container image, or deployment pipeline and AWS App Runner builds and deploys the web application or API, load balances network traffic, scales capacity up or down based on demand, monitors application health, and encrypts traffic by default.

Headlining the new features are support for design-first API methodology and versioning that make it easy for technical and non-technical users to quickly create new applications around specific APIs; anomaly detection and memory management capabilities that automatically and proactively identify issues, improving platform resilience; and enhancements to Kubernetes-based elastic scaling capabilities that enable organizations to dynamically scale platform resources to meet spike increases in workload demands. New advanced API management capabilities incorporated in the release add tools and support for API developers who prefer to take a "Design-first" approach to API creation.

Cequence Security announced the release of API Sentinel 2.0, adding powerful features that will help organizations strengthen their runtime API protections by "Shielding the right" - a necessary step that is often minimized while implementing "Shift left" DevOps initiatives. Encouraging security collaboration: A broad set of APIs facilitates collaborative efforts between development and security teams by identifying critical security gaps that require remediation, while reducing the administrative overhead so they can spend more time innovating.

Pen Test Partners security researcher Jan Masters had discovered that a bug allowed anyone to scrape users' private account data right off Peloton's servers, regardless of their profiles being set to private. As Masters said in a post about the glitch, the leaky API was allowing any user, along with any random internet passersby, to make an unauthenticated request for account data to the API without the API making sure that they had any right to the data.

CloudVector enables customers to discover, monitor, and protect all API traffic in any environment from exploits and breaches. "As a pioneer in modern API security, Imperva protects our customers from the risks associated with the mis-use of APIs via exposures or attacks, and the exfiltration of sensitive data."

It's the data that is critical to insurance that is driving the push for more API usage. From a business perspective, APIs are powering omnichannel capabilities that are increasingly important to ensure policyholders, agents, brokers and partners can consume data and insights during key processes in a way that suits them best.

A researcher is claiming that the credit scores of almost every American were exposed through an API tool used by the Experian credit bureau, that he said was left open on a lender site without even basic security protections. Demirkapi was surprised and decided to take a peek at the code, which showed that an connection to an Experian API was behind the tool, he said.

Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Peering at the code behind this lookup page, he was able to see it invoked an Experian Application Programming Interface or API - a capability that allows lenders to automate queries for FICO credit scores from the credit bureau.

New Microsoft Graph APIs released today in public preview allow developers and IT professionals to manage Windows 10 updates and expedite Windows 10 security updates in enterprise environments. "By connecting deployment service capabilities with Microsoft Graph, app developers can easily build rich update management tools and extend these experiences with contextual user data," Microsoft Principal Program Manager David Mebane explained.