Security News

Calix announced a significant update to AXOS which expands infrastructure APIs to enable full modularity across network functions. As new services proliferate and network demand increases, the pace of new service rollouts is accelerating across markets.

Index Engines released an API-based developer's kit to support the integration of CyberSense software's analytics and reporting into third-party backup and storage platforms. CyberSense can directly index files in backup images, including Dell EMC NetWorker/Avamar, Veritas NetBackup, IBM Spectrum Protect, and Commvault without the need to rehydrate the data.

The Knight Ink vulnerability research study details findings, and also notes that the results are particularly worrisome given the increased reliance on mHealth apps during the global pandemic, which in turn is drawing threat actors to mHealth apps as an attack surface of choice. "Observers with Pew Research noted that mHealth apps are now generating more user activities than other mobile device apps such as online banking and job searching. Observers also note that patient IDs and PHI are more lucrative in dark web markets than credit card data."

Organizations of all sizes from a wide range of industries plan to join the API economy this year, and API testing and security were top concerns among survey respondents. Participation in the API economy is a priority across industries: Overall, 58% of executives said participating in the API economy was a top priority for their organization.

Experts have long worried about the security risks associated with the widespread use of APIs, with Gartner writing in a report that by 2022, API abuse will become the most common attack seen by security teams. Salt Security's "The State of API Security - Q1 2021" confirms many of those fears, finding that of the nearly 200 enterprise security officials surveyed, 91% experienced an API security incident last year.

66% of organizations admit to having slowed the rollout of a new application into production because of API security concerns, a Salt Security report reveals. "In today's digital economy, APIs are the direct gateway to organizations' most critical data and assets. Built to enable customers and partners, these APIs create risk by also providing a path for attackers to follow. As APIs have grown in volume and functionality, they've made ever more attractive targets for hackers, driving up the number and sophistication of API attacks," said Roey Eliyahu, CEO at Salt Security.

It may be at an early stage, but we can already see that future, as, all over the world, the banking community moves to embrace open banking. Adrian Mountstephens, business development, payments and banking at Equinix, says that in fact the entire digital future of banking is linked to APIs.

IPinfo announced the availability of its Privacy Detection API. This API detects various methods used to mask a user's true IP address, including VPN detection, proxy detection, tor usage, or a connection via a hosting provider, which could potentially be used to tunnel traffic and mask the true IP address. IPinfo performs custom full internet-wide scans to detect almost 10 million active VPNs. This is combined with data on public SOCKS and HTTP proxies, tor exit nodes, and its own IP usage type classification to determine which IP ranges belong to hosting providers.

A three-year-old attack technique to bypass Google's audio reCAPTCHA by using its own Speech-to-Text API has been found to still work with 97% accuracy. ReCAPTCHA is a popular version of the CAPTCHA technology that was acquired by Google in 2009.

ReCaptcha is Google's name for its own technology and free service that uses image, audio or text challenges to verify that a human is signing into an account. Google recently started charging for larger reCAPTCHA accounts.