Security News
In this Help Net Security, Ankita Gupta, CEO at Akto, discusses API security best practices, advocating for authentication protocols like OAuth 2.0 and OpenID Connect, strict HTTPS encryption, and the use of JWTs for stateless authentication. Use shift left tools to catch authentication and authorization issues early in the development process, ensuring that security is a foundational aspect of your API. What metrics or indicators should organizations focus on to detect and respond to API security threats?
Web applications and APIs allow ecommerce sites to accept payments, healthcare systems to securely share patient data, and power activities we do on our phones. "Web applications are rarely built with security in mind. Yet, we use them daily for all sorts of critical functions, making them a rich target for hackers," said Matthew Prince, CEO at Cloudflare.
Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks. In late June, a threat actor named ShinyHunters leaked a CSV text file containing what they claim are 33 million phone numbers registered with the Authy service.
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
Cybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocurrency miners and other payloads. Included...
Data maturity poses a bigger AI implementation challenge. At the data layer, data maturity is a more immediate and potentially bigger challenge impacting the widespread implementation of AI. 72% of study respondents cite data quality and an inability to scale data practices as the top hurdles to scaling AI, and 53% cite the lack of AI and data skillsets as a major impediment.
The huge growth in modern apps and their microservices has created an exponential rise in the number of APIs. Companies with over $10 billion in annual revenue claimed they manage more than 1,000 apps and nearly 1,400 APIs, on average.
Cox Communications has fixed an authorization bypass vulnerability that enabled remote attackers to abuse exposed backend APIs to reset millions of modems' settings and steal customers' sensitive personal information. The attackers could've used this access to exploit any of the millions of Cox devices accessible through the vulnerable Cox APIs, overwriting configuration settings and executing commands on the device.
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company. Yesterday, BleepingComputer reported that Dell had begun to send notifications warning customers that their personal data was stolen in a data breach.