Security News

Third-Party APIs: How to Prevent Enumeration Attacks
2020-12-23 17:11

When organizations use APIs - the next frontier in cybercrime - to engage with third parties, it's crucial they understand the associated security exposure they're introducing. At the same time, they're offloading this data to a potential unsecured third party.

nOps brings API integration with AWS Well-Architected Tool to support AWS Well-Architected Reviews
2020-12-18 01:30

The new nOps API integration provides a seamless experience for AWS Partners to execute these AWS Well-Architected Framework Reviews. With the new integration, nOps partners can easily share information created by nOps during an AWS Well-Architected Framework Review with the AWS Well-Architected Tool for AWS program reporting requirements.

Bouncy Castle fixes crypto API authentication bypass flaw
2020-12-17 15:26

A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. The.NET version of Bouncy Castle alone has been downloaded over 16,000,000 times, speaking to the seriousness of vulnerabilities in Bouncy Castle, a library relied on by developers of mission-critical applications.

Bouncy Castle fixes cryptography API authentication bypass flaw
2020-12-17 15:26

A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. The.NET version of Bouncy Castle alone has been downloaded over 16,000,000 times, speaking to the seriousness of vulnerabilities in Bouncy Castle, a library relied on by developers of mission-critical applications.

API Security Firm Salt Security Raises $30 Million in Series B Funding
2020-12-08 18:11

API security platform provider Salt Security announced on Tuesday that it has raised $30 million in Series B funding led by Sequoia Capital, with participation from existing investors Tenaya Capital, S Capital VC, and Y Combinator. Founded in 2016 by Michael Nicosia, and Roey Eliyahu, Salt Security has developed an API Protection Platform that uses big data and artificial intelligence to find and monitor APIs.

Spamhaus Intelligence API: Free threat intelligence data for security developers
2020-12-03 03:00

Spamhaus Technology releases its Intelligence API. This is the first time Spamhaus has released its extensive threat intelligence via API, providing enriched data relating to IP addresses exhibiting compromised behaviour. Available free of charge, developers can readily access enhanced data that catalogues IP addresses compromised by malware, worms, Trojan infections, devices controlled by botnets, and third party exploits, such as open proxies.

CynergisTek API Sentry: Helping healthcare organizations manage API-related risks
2020-11-23 02:00

CynergisTek announced the launch of their API Sentry service, developed specifically for healthcare organizations to manage the risks associated with the use of APIs within their environment. Organizations have rapidly adopted APIs to accelerate the secure exchange of electronic health records, and market research has linked the uptick of API use in healthcare to growing use of apps and wearables prescribed by medical providers and remote patient monitoring.

Researchers Find Tens of AWS APIs Leaking Sensitive Data
2020-11-18 19:15

Palo Alto Networks security researchers identified more than 20 Amazon Web Services APIs that can be abused to obtain information such as Identity and Access Management users and roles. The same attack could be leveraged to abuse 22 APIs across 16 different AWS services to obtain the roster of an account, get a glimpse into an organization's internal structure, and leverage the information to launch targeted attacks against specific individuals.

McAfee’s open API framework enables orgs to respond faster to threats while reducing cost
2020-11-16 03:00

McAfee announced the launch of MVISION Marketplace, MVISION API and MVISION Developer Portal, part of the MVISION platform that will allow customers to quickly and easily integrate McAfee and trusted Security Innovation Alliance partner applications as well as privately developed applications within their current security environment. The newly launched open API framework enables organizations to respond faster to threats while reducing total cost of operations by automating MVISION Platform capabilities and integrating with their IT and security operations.

New Kasada API protects from botnet attacks and targeted fraud
2020-11-11 02:30

Kasada, provider of the only online traffic integrity solution that accurately detects and defends against bot attacks, announced the introduction of Kasada API, which protects an organization's web and mobile APIs from automated botnet attacks and targeted fraud. "By delivering Kasada API, we are providing our customers with a holistic line of defense that not only mitigates current attacks but also deters future ones."