Security News

Understanding how attackers exploit APIs is more important than ever
2023-08-22 03:30

In this Help Net Security video, Andy Hornegold, Product Lead at Intruder, dives into API security and explores how several recent high-profile breaches were caused by simple failings - which didn't require sophisticated security to prevent. The number of APIs is increasing year on year as more organizations are building APIs to facilitate automation.

How to handle API sprawl and the security threat it poses
2023-08-11 05:30

API security isn't solely the responsibility of IT security professionals. Your API gateways, WAFs, and other security technologies and infrastructure should work with the API contract to provide seamless CI/CD integration and automation across the software and API lifecycle.

Browser developers push back on Google's “web DRM” WEI API
2023-07-29 14:11

Google's plans to introduce the Web Environment Integrity API on Chrome has been met with fierce backlash from internet software developers, drawing criticism for limiting user freedom and undermining the core principles of the open web. Google says this is not a privacy risk as it does not enable cross-site user tracking and won't interfere with browser or plugins/extensions functionality.

Apple says new App Store API rules will limit user fingerprinting
2023-07-28 20:26

According to the company, this change to the App Store API rules ensures developers don't abuse APIs for user fingerprinting. Developers must choose one or more approved reasons that accurately align with their app's API usage.

ALPHV ransomware adds data leak API in new extortion strategy
2023-07-26 06:34

The ALPHV ransomware gang, also referred to as BlackCat, is trying to put more pressure on their victims to pay a ransom by providing an API for their leak site to increase visibility for their...

VMware fixes bug exposing CF API admin credentials in audit logs
2023-07-25 15:45

VMware has patched an information disclosure vulnerability in VMware Tanzu Application Service for VMs and Isolation Segment caused by credentials being logged and exposed via system audit logs. Tracked as CVE-2023-20891, the security flaw addressed today by Vmware would allow remote attackers with low privileges to access Cloud Foundry API admin credentials on unpatched systems in low-complexity attacks that don't require user interaction.

Akamai Survey: API-Specific Controls are Lacking
2023-07-20 17:23

The 2023 SANS Survey on API Security found that the top risk is phishing attacks. The 2023 global survey, which polled 231 application security professionals, found that fewer than 50% of respondents have API security testing tools in place and only 29% have API discovery tools.

Cisco SD-WAN vManage impacted by unauthenticated REST API access
2023-07-13 21:53

The Cisco SD-WAN vManage management software is impacted by a flaw that allows an unauthenticated, remote attacker to gain read or limited write permissions to the configuration of the affected...

JumpCloud Resets API Keys Amid Ongoing Cybersecurity Incident
2023-07-07 06:17

JumpCloud, a provider of cloud-based identity and access management solutions, has swiftly reacted to an ongoing cybersecurity incident that impacted some of its clients. As part of its damage control efforts, JumpCloud has reset the application programming interface keys of all customers affected by this event, aiming to protect their valuable data.

API tools and services are fueling revenue growth
2023-07-07 03:30

As more companies recognize APIs as the building blocks of modern software, API tools and services are evolving to meet their needs, according to Postman. "More companies are adopting an API-first approach to software development, and for the second year in a row, outperforming organizations that haven't. Beyond the technical advantages, organizations are also seeing a direct impact on their bottom line, reporting their APIs as revenue generators. This outlook, combined with the rising use of AI tools, is fundamentally changing our relationship to software and the way we build it - and APIs are at the center of this shift," said Abhinav Asthana, CEO of Postman.