Security News
A researcher is claiming that the credit scores of almost every American were exposed through an API tool used by the Experian credit bureau, that he said was left open on a lender site without even basic security protections. Demirkapi was surprised and decided to take a peek at the code, which showed that an connection to an Experian API was behind the tool, he said.
Big-three consumer credit bureau Experian just fixed a weakness with a partner website that let anyone look up the credit score of tens of millions of Americans just by supplying their name and mailing address, KrebsOnSecurity has learned. Peering at the code behind this lookup page, he was able to see it invoked an Experian Application Programming Interface or API - a capability that allows lenders to automate queries for FICO credit scores from the credit bureau.
New Microsoft Graph APIs released today in public preview allow developers and IT professionals to manage Windows 10 updates and expedite Windows 10 security updates in enterprise environments. "By connecting deployment service capabilities with Microsoft Graph, app developers can easily build rich update management tools and extend these experiences with contextual user data," Microsoft Principal Program Manager David Mebane explained.
New Microsoft Graph APIs released today in public preview allow developers and IT professionals to manage Windows 10 updates and expedite Windows 10 security updates in enterprise environments. "By connecting deployment service capabilities with Microsoft Graph, app developers can easily build rich update management tools and extend these experiences with contextual user data," Microsoft Principal Program Manager David Mebane explained.
Security researcher David Sopas has published a new open-source project: MindAPI, a mind map with resources for making API security research easier. "After years of using it, I decided to implement my API security research experience and apply it on something that I could share not only with the infosec community, but also with developers."
OneCloud announced the Anaplan BizApp to support Anaplan Transactional APIs, expanding the company's Anaplan integration connector. Launched in September 2020, Anaplan Transactional APIs enable users to read and write granular data, quickly zero in on the precise data they need, exactly when they need it, and deliver deeper insights into their workspaces and models.
Data Theorem introduced Cloud Secure, application-aware full stack cloud security product with attack surface management for protecting data in cloud-native apps, API services and serverless cloud functions. As Data Theorem's latest product powered by Analyzer Engine, Cloud Secure is available to identify and remediate potential data breaches found in public cloud services used to power today's modern web and mobile applications.
There are major gaps in API security based on insights from over 100 senior security leaders at large enterprises in the United States and Europe, an Imvision report reveals. With 9 out of 10 security leaders naming API security as a priority, survey results indicate a consensus among professionals that the shift to the cloud and expansive adoption of APIs have created a new layer of technology that requires dedicated attention.
Corsair M360 announced its HENOTIC API management platform. HENOTIC is engineered to deliver next-generation capabilities to companies tackling the digital integration challenges among clouds, applications, data, and infrastructure.
PlusOne Solutions launched its open Application Programming Interface for Customers looking to create a unified method for managing their Service Network compliance data and compliance programs. The PlusOne Solutions API allows for the communication of multi-layered compliance information including Contractor, sub-contractor, and contractor employee levels to ensure a full view of the network's compliance and risk information.