Security News

Perfctl malware strikes again as crypto-crooks target Docker Remote API servers
2024-10-24 02:30

Attacks on unprotected servers reach 'critical level' An unknown attacker is abusing exposed Docker Remote API servers to deploy perfctl cryptomining malware on victims' systems, according to...

Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks
2024-10-22 14:00

Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro. "In this attack, the...

The dark side of API security
2024-10-15 04:00

APIs are the backbone of digital transformation efforts, connecting applications across organizations, so their security is of the utmost importance. In this Help Net Security video, Lori...

30% of customer-facing APIs are completely unprotected
2024-10-09 03:30

70% of customer-facing APIs are secured using HTTPS, leaving nearly one-third of these APIs completely unprotected, according to F5. This is a stark contrast to the 90% of web pages that are now...

Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually
2024-10-07 11:25

Organizations are losing between $94 - $186 billion annually to vulnerable or insecure APIs (Application Programming Interfaces) and automated abuse by bots. That’s according to The Economic...

New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet
2024-10-01 05:12

Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the...

Could APIs be the undoing of AI?
2024-09-30 05:00

Application programming interfaces (APIs) are essential to how generative AI (GenAI) functions with agents (e.g., calling upon them for data). But the combination of API and LLM issues coupled...

Detecting AWS Account Compromise: Key Indicators in CloudTrail Logs for Stolen API Keys
2024-08-20 20:13

As cloud infrastructure becomes the backbone of modern enterprises, ensuring the security of these environments is paramount. With AWS (Amazon Web Services) still being the dominant cloud it is...

Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks
2024-08-19 10:02

Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services. "Attackers can use Xeon to send...

Common API security issues: From exposed secrets to unauthorized access
2024-08-19 03:00

Recent investigations reveal that many organizations are struggling with exposed secrets such as passwords and API keys, which attackers frequently misuse. 35% of exposed API keys still active, posing major security risks.