Security News

66% of organizations admit to having slowed the rollout of a new application into production because of API security concerns, a Salt Security report reveals. "In today's digital economy, APIs are the direct gateway to organizations' most critical data and assets. Built to enable customers and partners, these APIs create risk by also providing a path for attackers to follow. As APIs have grown in volume and functionality, they've made ever more attractive targets for hackers, driving up the number and sophistication of API attacks," said Roey Eliyahu, CEO at Salt Security.

It may be at an early stage, but we can already see that future, as, all over the world, the banking community moves to embrace open banking. Adrian Mountstephens, business development, payments and banking at Equinix, says that in fact the entire digital future of banking is linked to APIs.

IPinfo announced the availability of its Privacy Detection API. This API detects various methods used to mask a user's true IP address, including VPN detection, proxy detection, tor usage, or a connection via a hosting provider, which could potentially be used to tunnel traffic and mask the true IP address. IPinfo performs custom full internet-wide scans to detect almost 10 million active VPNs. This is combined with data on public SOCKS and HTTP proxies, tor exit nodes, and its own IP usage type classification to determine which IP ranges belong to hosting providers.

A three-year-old attack technique to bypass Google's audio reCAPTCHA by using its own Speech-to-Text API has been found to still work with 97% accuracy. ReCAPTCHA is a popular version of the CAPTCHA technology that was acquired by Google in 2009.

ReCaptcha is Google's name for its own technology and free service that uses image, audio or text challenges to verify that a human is signing into an account. Google recently started charging for larger reCAPTCHA accounts.

When organizations use APIs - the next frontier in cybercrime - to engage with third parties, it's crucial they understand the associated security exposure they're introducing. At the same time, they're offloading this data to a potential unsecured third party.

The new nOps API integration provides a seamless experience for AWS Partners to execute these AWS Well-Architected Framework Reviews. With the new integration, nOps partners can easily share information created by nOps during an AWS Well-Architected Framework Review with the AWS Well-Architected Tool for AWS program reporting requirements.

A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. The.NET version of Bouncy Castle alone has been downloaded over 16,000,000 times, speaking to the seriousness of vulnerabilities in Bouncy Castle, a library relied on by developers of mission-critical applications.

A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. The.NET version of Bouncy Castle alone has been downloaded over 16,000,000 times, speaking to the seriousness of vulnerabilities in Bouncy Castle, a library relied on by developers of mission-critical applications.

API security platform provider Salt Security announced on Tuesday that it has raised $30 million in Series B funding led by Sequoia Capital, with participation from existing investors Tenaya Capital, S Capital VC, and Y Combinator. Founded in 2016 by Michael Nicosia, and Roey Eliyahu, Salt Security has developed an API Protection Platform that uses big data and artificial intelligence to find and monitor APIs.