Security News
A new "Comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. "The spread of AlienFox represents an unreported trend towards attacking more minimal cloud services, unsuitable for crypto mining, in order to enable and expand subsequent campaigns," SentinelOne security researcher Alex Delamotte said in a report shared with The Hacker News.
WAF is not enough: developing a contextual framework for smart mobility API security#. Smart mobility services have always been monitoring and securing API transactions to avoid revenue loss due to fraud, service downtime, and compromising organizational or users private data.
Veeam Backup & Replication admins, get patching!Veeam Software has patched CVE-2023-27532, a high-severity security hole in its widely-used Veeam Backup & Replication solution, and is urging customer to implement the fix as soon as possible. Fortinet plugs critical RCE hole in FortiOS, FortiProxyFortinet has patched 15 vulnerabilities in a variety of its products, including CVE-2023-25610, a critical flaw affecting devices running FortiOS and FortiProxy.
After combing through 350,000 reports to find 650 API-specific vulnerabilities from 337 different vendors and tracking 115 published exploits impacting these vulnerabilities, the results clearly illustrate that the API threat landscape is becoming more dangerous, according to Wallarm. In 2022 there was a significant increase in API-related CVEs, growing +78% from H1 to H2. Although growth has stabilized over the past two quarters, the research team expects an increase in 2023.
Twitter users are experiencing issues worldwide when trying to log in or log out and when attempting to share their tweets, click links, embed tweets, and see images. Thousands of Twitter users have already reported having issues with the Twitter website, the app, and when trying to connect to Twitter servers, according to DownDetector.
With that said, application security and API security are two critical components of a comprehensive security strategy. To be clear, API Security is different enough from 'traditional' Application Security that it requires specific consideration.
Enterprises looking to modernize their APIs are increasingly switching from the REST architecture to the open-source data query and manipulation language GraphQL. While the transition makes sense - GraphQL is more flexible, scalable, and easier for developers to use - attackers are also seeing new opportunities for mischief. Those finding themselves within the developer led GraphQL movement must understand the current threats facing them and recognize that GraphQL increases their own security responsibilities.
If an organization relies on automation and tools to highlight API security issues, it is still up to a trained developer to manage API behavior. Since there is no standard for managing APIs, organizations must rely on more than tools to solve their security challenges.
During the first half of 2022, we saw the emergence of the first trinity attack that used three TTPs from the OWASP list. While our tracking revealed these attacks only represented a small proportion of the attacks monitored - 100 million - the rate of trinity attacks was consistent throughout the year, indicating that it must be paying off as a technique.
Researchers recently surveyed over 400 security and engineering professionals to learn about their API secrets management practices and the challenges they face in thwarting API attacks. "Security and engineering teams are forced to divert their attention away from forward-facing engineering to focus on secrets management, yet their organizations remain vulnerable to attackers both through lateral attacks and leaked or compromised API secrets to gain illegitimate access to sensitive data," said Jared Elder, CGO at Corsha.