Security News

API security in 2024: Predictions and trends
2023-12-29 05:00

In 2024, we anticipate several key trends and predictions that will shape the landscape of API security. The API security market is currently in its early days, but as API security climbs the business agenda, we expect to see significant innovation in this space.

Google Adds Gemini Pro API to AI Studio and Vertex AI
2023-12-13 15:58

Starting Dec. 13, developers can use Google AI Studio and Vertex AI to build applications with the Gemini Pro API, which allows access to Google's new generative AI model. Google's initial rollout of Gemini was limited to Google Bard and the Pixel 8 Pro, so Wednesday's general availability of Gemini for Google AI Studio and Vertex AI marks the first test of Gemini for enterprise developers.

How AI is revolutionizing “shift left” testing in API security
2023-12-05 05:30

Automated API security testing predominantly uses tools from two application security methodologies: static application security testing and dynamic application security testing. API security testing is increasingly being integrated into the API security offering, translating into much more efficient processes, such as automatically associating appropriate APIs with suitable test cases.

Exposed Hugging Face API tokens offered full access to Meta's Llama 2
2023-12-04 14:00

The API tokens of tech giants Meta, Microsoft, Google, VMware, and more have been found exposed on Hugging Face, opening them up to potential supply chain attacks. Researchers at Lasso Security found more than 1,500 exposed API tokens on the open source data science and machine learning platform - which allowed them to gain access to 723 organizations' accounts.

Google Workspace Security: DeleFriend Vulnerability Could Allow Unwanted Access to APIs
2023-12-01 18:52

Cybersecurity researchers from the firm Hunters discovered a vulnerability in Google Workspace that could allow unwanted access to Workspace APIs.According to the Hunters team, the vulnerability is based on Google Workspace's role in managing user identities across Google Cloud services.

The new imperative in API security strategy
2023-11-16 04:00

Of the 239 vulnerabilities, 33% were associated with authentication, authorization and access control - foundational pillars of API security, according to Wallarm. Open authentication, single-sign on and JSON Web Token, safeguards for API security, were compromised in reputable tech organizations such as Sentry and WordPress.

Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers
2023-11-14 11:54

Publicly-accessible Docker Engine API instances are being targeted by threat actors as part of a campaign designed to co-opt the machines into a distributed denial-of-service botnet dubbed OracleIV. "Attackers are exploiting this misconfiguration to deliver a malicious Docker container, built from an image named 'oracleiv latest' and containing Python malware compiled as an ELF executable," Cado researchers Nate Bill and Matt Muir said. The malicious activity starts with attackers using an HTTP POST request to Docker's API to retrieve a malicious image from Docker Hub, which, in turn, runs a command to retrieve a shell script from a command-and-control server.

Sumo Logic discloses security breach, advises API key resets
2023-11-08 18:31

Security and data analytics company Sumo Logic disclosed a security breach after discovering that its AWS account was compromised last week.The company detected evidence of the breach on Friday, November 3, after discovering that an attacker used stolen credentials to gain access to a Sumo Logic AWS account.

Cloudflare Dashboard and APIs down after data center power outage
2023-11-02 16:13

An ongoing Cloudflare outage has taken down many of its products, including the company's dashboard and related application programming interfaces customers use to manage and read service configurations. The complete list of services whose functionality is wholly or partially impacted includes the Cloudflare dashboard, the Cloudflare API, Logpush, WARP / Zero Trust device posture, Stream API, Workers API, and the Alert Notification System.

Make API Management Less Scary for Your Organization
2023-10-24 10:59

While application development has evolved rapidly, the API management suites used to access these services remain a spooky reminder of a different era. Introducing new API management...