Security News

Key ways to manage shadow APIs entail API documentation and inventory, API Discovery, API validation, and comprehensive visibility into the security of API endpoints. This requires a solid process for publishing APIs with proper documentation which records how the API behaves and how it interacts with other APIs.

Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat. "The campaign deploys a benign container generated using...

An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information. In a conversation with emo, BleepingComputer learned that a publicly exposed API was used to associate email addresses with public Trello profiles.

Toyota Tsusho Insurance Broker India, an Indo-Japanese joint insurance venture, operated a misconfigured server that exposed more than 650,000 Microsoft-hosted email messages to customers, a security researcher has found. Zveare then examined the calculator web page on the TTIBI website and saw that it included a client-side function that created a request to send email using a server-side API. "This caught my eye because this was a client-side email sending mechanism," he wrote in a post describing his findings.

Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service. The Naz.API dataset is a massive collection of 1 billion credentials compiled using credential stuffing lists and data stolen by information-stealing malware.

APIs power the digital world-our phones, smartwatches, banking systems and shopping sites all rely on APIs to communicate. The seamless integrations that APIs allow for have driven organizations across industries to increasingly leverage them - some more quickly than others.

Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. Last week, cybersecurity firm CloudSEK revealed that these information-stealing malware operations are abusing a Google OAuth "MultiLogin" API endpoint to generate new, working authentication cookies when a victim's original stolen Google cookies expire.

As the technological landscape increasingly integrates AI, Cindric anticipates a profound impact on the evolution of APIs, emphasizing the growing importance of API security, authentication, and the challenges posed by zombie endpoints. APIs have been growing at a CAGR of 25% for the past few years, but that growth doubled in 2023, all thanks to AI. We predict that AI-based APIs will continue to drive API growth in 2024 as they go hand in hand.

In 2024, we anticipate several key trends and predictions that will shape the landscape of API security. The API security market is currently in its early days, but as API security climbs the business agenda, we expect to see significant innovation in this space.

Starting Dec. 13, developers can use Google AI Studio and Vertex AI to build applications with the Gemini Pro API, which allows access to Google's new generative AI model. Google's initial rollout of Gemini was limited to Google Bard and the Pixel 8 Pro, so Wednesday's general availability of Gemini for Google AI Studio and Vertex AI marks the first test of Gemini for enterprise developers.