Security News

Organizations of all sizes from a wide range of industries plan to join the API economy this year, and API testing and security were top concerns among survey respondents. Participation in the API economy is a priority across industries: Overall, 58% of executives said participating in the API economy was a top priority for their organization.

Experts have long worried about the security risks associated with the widespread use of APIs, with Gartner writing in a report that by 2022, API abuse will become the most common attack seen by security teams. Salt Security's "The State of API Security - Q1 2021" confirms many of those fears, finding that of the nearly 200 enterprise security officials surveyed, 91% experienced an API security incident last year.

66% of organizations admit to having slowed the rollout of a new application into production because of API security concerns, a Salt Security report reveals. "In today's digital economy, APIs are the direct gateway to organizations' most critical data and assets. Built to enable customers and partners, these APIs create risk by also providing a path for attackers to follow. As APIs have grown in volume and functionality, they've made ever more attractive targets for hackers, driving up the number and sophistication of API attacks," said Roey Eliyahu, CEO at Salt Security.

It may be at an early stage, but we can already see that future, as, all over the world, the banking community moves to embrace open banking. Adrian Mountstephens, business development, payments and banking at Equinix, says that in fact the entire digital future of banking is linked to APIs.

IPinfo announced the availability of its Privacy Detection API. This API detects various methods used to mask a user's true IP address, including VPN detection, proxy detection, tor usage, or a connection via a hosting provider, which could potentially be used to tunnel traffic and mask the true IP address. IPinfo performs custom full internet-wide scans to detect almost 10 million active VPNs. This is combined with data on public SOCKS and HTTP proxies, tor exit nodes, and its own IP usage type classification to determine which IP ranges belong to hosting providers.

A three-year-old attack technique to bypass Google's audio reCAPTCHA by using its own Speech-to-Text API has been found to still work with 97% accuracy. ReCAPTCHA is a popular version of the CAPTCHA technology that was acquired by Google in 2009.

ReCaptcha is Google's name for its own technology and free service that uses image, audio or text challenges to verify that a human is signing into an account. Google recently started charging for larger reCAPTCHA accounts.

When organizations use APIs - the next frontier in cybercrime - to engage with third parties, it's crucial they understand the associated security exposure they're introducing. At the same time, they're offloading this data to a potential unsecured third party.

The new nOps API integration provides a seamless experience for AWS Partners to execute these AWS Well-Architected Framework Reviews. With the new integration, nOps partners can easily share information created by nOps during an AWS Well-Architected Framework Review with the AWS Well-Architected Tool for AWS program reporting requirements.

A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. The.NET version of Bouncy Castle alone has been downloaded over 16,000,000 times, speaking to the seriousness of vulnerabilities in Bouncy Castle, a library relied on by developers of mission-critical applications.