Security News

ThreatConnect announced that it has joined the Microsoft Intelligent Security Association and will integrate Microsoft solutions with the ThreatConnect Threat Intelligence and Security Orchestration Automation and Response Platform using the Microsoft Graph Security API. This integration allows ThreatConnect clients to connect with nearly any piece of Microsoft technology, including Azure Sentinel, O365, and Microsoft Defender ATP, using the Microsoft Graph Security API. The integration allows clients to retrieve alerts, perform data enrichment, gain relevant threat intelligence, and carry out incident response actions. The Microsoft Graph Security API is a single interface that connects to Microsoft security products.

Citrix Web App and API Protection is a new, cloud-delivered service that provides comprehensive security for applications and APIs in multi-cloud environments. "The flexible models for work and multi-cloud application deployment that companies must now support have greatly expanded the attack surface that IT needs to defend," said Mihir Maniar, Vice President of Product Management, Networking, Citrix.

Cybersecurity researchers today uncovered a completely undetectable Linux malware that exploits undocumented techniques to stay under the radar and targets publicly accessible Docker servers hosted with popular cloud platforms, including AWS, Azure, and Alibaba Cloud. According to the latest research Intezer shared with The Hacker News, an ongoing Ngrok mining botnet campaign scanning the Internet for misconfigured Docker API endpoints and has already infected many vulnerable servers with new malware.

Cybersecurity researchers today uncovered a completely undetectable Linux malware that exploits undocumented techniques to stay under the radar and targets publicly accessible Docker servers hosted with popular cloud platforms, including AWS, Azure, and Alibaba Cloud. According to the latest research Intezer shared with The Hacker News, an ongoing Ngrok mining botnet campaign scanning the Internet for misconfigured Docker API endpoints and has already infected many vulnerable servers with new malware.

RtBrick has extended its cloud-native approach to telco networks by offering two new APIs into its software. RtBrick is already known for pioneering a radical new approach to carrier networks, by disaggregating MPLS routing systems.

Zyxel Networks announced the release of the latest update to its Nebula Cloud Networking Solution. The upgrade, which is available now as a free firmware release for Zyxel Nebula managed access points, switches and security gateways, incorporates key features that enhance WiFi security and enable vertical partners to incorporate the delivery of new value-add services.

Cequence Security announced the general availability of Cequence API Sentinel, a runtime API security solution that delivers continuous run-time API visibility, shadow API discovery, risk analysis, and conformance assessment. "The addition of API Sentinel to the Cequence Application Security Platform extends our API protection beyond automated bot attacks and API abuse to include discovery of API risks introduced by shadow publication, coding or non-conformance errors," said Ameya Talwalkar, co-founder and chief product officer of Cequence Security.

API security startup Salt Security has raised $20 million in a Series A funding round led by Tenaya Capital. "The majority of API traffic is for custom applications, which is the result of digital transformations and cloud-based application deployment. For security teams, growth in API volume is important when considering risk, because some security tools are not equipped to manage API traffic."

ConnectWise has fixed a high-severity vulnerability affecting a ConnectWise Automate API and is urging users who run the solution on their premises to implement the provided hotfixes. The vulnerability affects on-premise and cloud instances of ConnectWise Automate versions 2020.5 and earlier.

API Fortress announces Bloodhound, a lightweight API debugging gateway that is free to download and open source. Bloodhound allows teams to route API calls to any logger for comprehensive analysis to uncover solutions to difficult bugs, or test an API in ways not possible before.