Security News

VMware has patched an information disclosure vulnerability in VMware Tanzu Application Service for VMs and Isolation Segment caused by credentials being logged and exposed via system audit logs. Tracked as CVE-2023-20891, the security flaw addressed today by Vmware would allow remote attackers with low privileges to access Cloud Foundry API admin credentials on unpatched systems in low-complexity attacks that don't require user interaction.

The 2023 SANS Survey on API Security found that the top risk is phishing attacks. The 2023 global survey, which polled 231 application security professionals, found that fewer than 50% of respondents have API security testing tools in place and only 29% have API discovery tools.

The Cisco SD-WAN vManage management software is impacted by a flaw that allows an unauthenticated, remote attacker to gain read or limited write permissions to the configuration of the affected...

JumpCloud, a provider of cloud-based identity and access management solutions, has swiftly reacted to an ongoing cybersecurity incident that impacted some of its clients. As part of its damage control efforts, JumpCloud has reset the application programming interface keys of all customers affected by this event, aiming to protect their valuable data.

As more companies recognize APIs as the building blocks of modern software, API tools and services are evolving to meet their needs, according to Postman. "More companies are adopting an API-first approach to software development, and for the second year in a row, outperforming organizations that haven't. Beyond the technical advantages, organizations are also seeing a direct impact on their bottom line, reporting their APIs as revenue generators. This outlook, combined with the rising use of AI tools, is fundamentally changing our relationship to software and the way we build it - and APIs are at the center of this shift," said Abhinav Asthana, CEO of Postman.

As a caution, the company has invalidated existing admin API keys to protect its customer organizations. The reader in question is among JumpCloud customers who received an email today from the firm stating that existing admin API keys had been invalidated while JumpCloud investigates an "Ongoing incident."

How? APIs, of course! More formally known as application programming interfaces, API calls are growing twice as fast as HTML traffic, making APIs an ideal candidate for new security solutions aimed at protecting customer data, according to Cloudflare. According to the "Quantifying the Cost of API Insecurity" report, US businesses incurred upwards of $23 billion in losses from API-related breaches in 2022.

It's essential to have a robust API security posture to protect your organization from potential threats. API posture management refers to the process of monitoring and managing the security posture of your APIs.

Honda's e-commerce platform for power equipment, marine, lawn & garden, was vulnerable to unauthorized access by anyone due to API flaws that allow password reset for any account. For Honda, Eaton Works exploited a password reset API to reset the password of valuable accounts and then enjoy unrestricted admin-level data access on the firm's network.

API calls make up the majority of our digital lives. Take, for example, the everyday use of a cloud-based food delivery app, which could involve up to 25 API calls.