Security News

Twitter Says Bug Leading to API Key Leak Patched
2020-09-28 08:52

Twitter last week started sending emails to developers to inform them of a vulnerability that might have resulted in the disclosure of developer information, including API keys. Designed to provide developers using the Twitter platform and APIs with access to documentation, community discussion, and other type of information, the portal also offers app and API key management functionality.

Volterra​ VoltMesh provides distributed networking and security for cloud-native, API-centric apps
2020-09-04 00:30

Volterra​ announced new capabilities for its VoltMesh service to provide globally distributed networking and security for cloud-native, API-centric applications. The Gartner report Ensure Your API Management Solution Supports Modern API Trends Such as Microservices and Multicloud states, "Gartner's 2019 API Strategy and Usage Survey found that 45% of surveyed organizations reported using microservices architecture to build APIs".

GrammaTech Releases Open Source API Security Tool
2020-08-26 15:31

Application security testing company GrammaTech announced on Wednesday that it has released an open source tool designed to detect API usage errors. The tool, named SWAP Detector, was developed as part of a research project sponsored by the U.S. Department of Homeland Security and GrammaTech says it can be highly useful for DevOps application security testing.

Swap Detector: Open source tool for detecting API usage errors
2020-08-26 12:55

GrammaTech has released Swap Detector, an open source tool that enables developers and DevOps teams to identify errors due to swapped function arguments, which can also be present in deployed code. API usage errors are a common source of security and reliability vulnerabilities.

APIs Are the Next Frontier in Cybercrime
2020-08-24 12:00

Most APIs have /API/V1/login as an authentication endpoint. With all the possible activity in view, I can search for common misconfigurations or APIs that don't protect user data correctly.

ThreatConnect integrates its TIP and SOAR platform with Microsoft Graph Security API
2020-08-19 23:30

ThreatConnect announced that it has joined the Microsoft Intelligent Security Association and will integrate Microsoft solutions with the ThreatConnect Threat Intelligence and Security Orchestration Automation and Response Platform using the Microsoft Graph Security API. This integration allows ThreatConnect clients to connect with nearly any piece of Microsoft technology, including Azure Sentinel, O365, and Microsoft Defender ATP, using the Microsoft Graph Security API. The integration allows clients to retrieve alerts, perform data enrichment, gain relevant threat intelligence, and carry out incident response actions. The Microsoft Graph Security API is a single interface that connects to Microsoft security products.

Citrix Web App and API Protection: Security for apps and APIs in the multi-cloud
2020-07-31 00:30

Citrix Web App and API Protection is a new, cloud-delivered service that provides comprehensive security for applications and APIs in multi-cloud environments. "The flexible models for work and multi-cloud application deployment that companies must now support have greatly expanded the attack surface that IT needs to defend," said Mihir Maniar, Vice President of Product Management, Networking, Citrix.

Undetectable Linux Malware Targeting Docker Servers With Exposed APIs
2020-07-28 06:24

Cybersecurity researchers today uncovered a completely undetectable Linux malware that exploits undocumented techniques to stay under the radar and targets publicly accessible Docker servers hosted with popular cloud platforms, including AWS, Azure, and Alibaba Cloud. According to the latest research Intezer shared with The Hacker News, an ongoing Ngrok mining botnet campaign scanning the Internet for misconfigured Docker API endpoints and has already infected many vulnerable servers with new malware.

Undetectable Linux Malware Targeting Docker Servers With Exposed APIs
2020-07-28 06:24

Cybersecurity researchers today uncovered a completely undetectable Linux malware that exploits undocumented techniques to stay under the radar and targets publicly accessible Docker servers hosted with popular cloud platforms, including AWS, Azure, and Alibaba Cloud. According to the latest research Intezer shared with The Hacker News, an ongoing Ngrok mining botnet campaign scanning the Internet for misconfigured Docker API endpoints and has already infected many vulnerable servers with new malware.

RtBrick extends cloud-native approach to telco networks by offering two new APIs into its software
2020-07-10 00:45

RtBrick has extended its cloud-native approach to telco networks by offering two new APIs into its software. RtBrick is already known for pioneering a radical new approach to carrier networks, by disaggregating MPLS routing systems.