Security News

A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. The.NET version of Bouncy Castle alone has been downloaded over 16,000,000 times, speaking to the seriousness of vulnerabilities in Bouncy Castle, a library relied on by developers of mission-critical applications.

API security platform provider Salt Security announced on Tuesday that it has raised $30 million in Series B funding led by Sequoia Capital, with participation from existing investors Tenaya Capital, S Capital VC, and Y Combinator. Founded in 2016 by Michael Nicosia, and Roey Eliyahu, Salt Security has developed an API Protection Platform that uses big data and artificial intelligence to find and monitor APIs.

Spamhaus Technology releases its Intelligence API. This is the first time Spamhaus has released its extensive threat intelligence via API, providing enriched data relating to IP addresses exhibiting compromised behaviour. Available free of charge, developers can readily access enhanced data that catalogues IP addresses compromised by malware, worms, Trojan infections, devices controlled by botnets, and third party exploits, such as open proxies.

CynergisTek announced the launch of their API Sentry service, developed specifically for healthcare organizations to manage the risks associated with the use of APIs within their environment. Organizations have rapidly adopted APIs to accelerate the secure exchange of electronic health records, and market research has linked the uptick of API use in healthcare to growing use of apps and wearables prescribed by medical providers and remote patient monitoring.

Palo Alto Networks security researchers identified more than 20 Amazon Web Services APIs that can be abused to obtain information such as Identity and Access Management users and roles. The same attack could be leveraged to abuse 22 APIs across 16 different AWS services to obtain the roster of an account, get a glimpse into an organization's internal structure, and leverage the information to launch targeted attacks against specific individuals.

McAfee announced the launch of MVISION Marketplace, MVISION API and MVISION Developer Portal, part of the MVISION platform that will allow customers to quickly and easily integrate McAfee and trusted Security Innovation Alliance partner applications as well as privately developed applications within their current security environment. The newly launched open API framework enables organizations to respond faster to threats while reducing total cost of operations by automating MVISION Platform capabilities and integrating with their IT and security operations.

Kasada, provider of the only online traffic integrity solution that accurately detects and defends against bot attacks, announced the introduction of Kasada API, which protects an organization's web and mobile APIs from automated botnet attacks and targeted fraud. "By delivering Kasada API, we are providing our customers with a holistic line of defense that not only mitigates current attacks but also deters future ones."

You've probably run into a major problem when trying to scrape Google search results. This article examines how to overcome Google web scraping issues without changing proxy servers.

CloudVector announced the availability of CloudVector Enterprise Edition, which enhances its pioneering API discovery capability with AI-enabled monitoring and security functionality. Key features of CloudVector Enterprise Edition AI-enabled approach to API protection - CloudVector applies machine learning and deep learning to automate the continuous discovery of all APIs, monitoring of anomalies, and security enforcement.

Ubiq Security announced the launch of its API-based encryption platform for developers. Ubiq has eliminated the traditional complexities of encryption, allowing developers and information security teams - even those without encryption or cryptography expertise - to integrate data encryption directly into applications in minutes, with nothing more than a few lines of code and two API calls.