Security News

The new imperative in API security strategy
2023-11-16 04:00

Of the 239 vulnerabilities, 33% were associated with authentication, authorization and access control - foundational pillars of API security, according to Wallarm. Open authentication, single-sign on and JSON Web Token, safeguards for API security, were compromised in reputable tech organizations such as Sentry and WordPress.

Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers
2023-11-14 11:54

Publicly-accessible Docker Engine API instances are being targeted by threat actors as part of a campaign designed to co-opt the machines into a distributed denial-of-service botnet dubbed OracleIV. "Attackers are exploiting this misconfiguration to deliver a malicious Docker container, built from an image named 'oracleiv latest' and containing Python malware compiled as an ELF executable," Cado researchers Nate Bill and Matt Muir said. The malicious activity starts with attackers using an HTTP POST request to Docker's API to retrieve a malicious image from Docker Hub, which, in turn, runs a command to retrieve a shell script from a command-and-control server.

Sumo Logic discloses security breach, advises API key resets
2023-11-08 18:31

Security and data analytics company Sumo Logic disclosed a security breach after discovering that its AWS account was compromised last week.The company detected evidence of the breach on Friday, November 3, after discovering that an attacker used stolen credentials to gain access to a Sumo Logic AWS account.

Cloudflare Dashboard and APIs down after data center power outage
2023-11-02 16:13

An ongoing Cloudflare outage has taken down many of its products, including the company's dashboard and related application programming interfaces customers use to manage and read service configurations. The complete list of services whose functionality is wholly or partially impacted includes the Cloudflare dashboard, the Cloudflare API, Logpush, WARP / Zero Trust device posture, Stream API, Workers API, and the Alert Notification System.

Make API Management Less Scary for Your Organization
2023-10-24 10:59

While application development has evolved rapidly, the API management suites used to access these services remain a spooky reminder of a different era. Introducing new API management...

API Security Trends 2023 – Have Organizations Improved their Security Posture?
2023-10-03 11:52

APIs, also known as application programming interfaces, serve as the backbone of modern software applications, enabling seamless communication and data exchange between different systems and...

APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries
2023-10-02 11:21

Introduction In today's interconnected digital ecosystem, Application Programming Interfaces (APIs) play a pivotal role in enabling seamless communication and data exchange between various...

How to Prevent API Breaches: A Guide to Robust Security
2023-09-11 11:11

The rise of API use has also led to an increase in the number of API breaches. For these reasons, it's essential to implement robust security measures to protect your APIs, and the data traversing them, to prevent breaches from occurring.

Elevating API security to reinforce cyber defense
2023-09-11 03:30

While APIs are essential to many operations and used extensively, a lack of prioritization and understanding is leading us towards a growing API security crisis, according to a report by Traceable AI and Ponemon Institute. Plus, 57% of respondents feel traditional security solutions, including web application firewalls, can't effectively distinguish genuine from fraudulent API activity.

Is the new OWASP API Top 10 helpful to defenders?
2023-08-30 04:30

The OWASP API Security Project leaders had their work cut out when deciding how to group and prioritize the threats. It no longer makes sense to monitor for API attacks and bot attacks separately: bot mitigation has to become part of API security.