Security News
Zyxel Networks announced the release of the latest update to its Nebula Cloud Networking Solution. The upgrade, which is available now as a free firmware release for Zyxel Nebula managed access points, switches and security gateways, incorporates key features that enhance WiFi security and enable vertical partners to incorporate the delivery of new value-add services.
Cequence Security announced the general availability of Cequence API Sentinel, a runtime API security solution that delivers continuous run-time API visibility, shadow API discovery, risk analysis, and conformance assessment. "The addition of API Sentinel to the Cequence Application Security Platform extends our API protection beyond automated bot attacks and API abuse to include discovery of API risks introduced by shadow publication, coding or non-conformance errors," said Ameya Talwalkar, co-founder and chief product officer of Cequence Security.
API security startup Salt Security has raised $20 million in a Series A funding round led by Tenaya Capital. "The majority of API traffic is for custom applications, which is the result of digital transformations and cloud-based application deployment. For security teams, growth in API volume is important when considering risk, because some security tools are not equipped to manage API traffic."
ConnectWise has fixed a high-severity vulnerability affecting a ConnectWise Automate API and is urging users who run the solution on their premises to implement the provided hotfixes. The vulnerability affects on-premise and cloud instances of ConnectWise Automate versions 2020.5 and earlier.
API Fortress announces Bloodhound, a lightweight API debugging gateway that is free to download and open source. Bloodhound allows teams to route API calls to any logger for comprehensive analysis to uncover solutions to difficult bugs, or test an API in ways not possible before.
The many benefits that APIs bring to the software and application development communities - namely, that they are well documented, publicly available, standard, ubiquitous, efficient, and easy to use - are now being leveraged by bad actors to execute high profile attacks against public-facing applications. The security conundrum for APIs is that whereas most practitioners would recommend design decisions that make resources more hidden and less available, successful deployment of APIs demands willingness to focus on making resources open and available.
AcceleratXR announced the launch of its new open source project - Composer. Js is a framework and toolset for rapidly building back-end API services using NodeJS. The project is a fork of the internal tools and technology the company has been steadily building its innovative MMO gaming platform with over the last two years.
The resulting application components and microservices work together to deliver the same functionality as the monolithic applications. The Open Web Application Security Project Foundation was created to improve the security of software through community-led software initiatives, local chapter work led by members, and many different conferences.
"In particular, the page can know which section of text was found using find-in-page, fragment navigation, and scroll-to-text navigation," the documentation says, adding that developers could also glean information about what the user navigated to - via scroll-to-text navigation, or typed into a find-in-page search box - based on which section of the page receives an event. The privacy risk of beforematch is not that of key logging - recording exactly what a web page user typed into a search dialog.
"In particular, the page can know which section of text was found using find-in-page, fragment navigation, and scroll-to-text navigation," the documentation says, adding that developers could also glean information about what the user navigated to - via scroll-to-text navigation, or typed into a find-in-page search box - based on which section of the page receives an event. The privacy risk of beforematch is not that of key logging - recording exactly what a web page user typed into a search dialog.