Security News

Zombie APIs commonly arise when old and less secure versions of your APIs are left to live another day. For some reason, finding shadow and zombie APIs seems to be a much easier task for bad actors than it is for internal security and risk teams.

The state of bot mitigation 64% of organizations lost more than 6% of their revenue due to bot attacks, and 32% lost 10% or more within the last year. 64% of organizations lost 6% or more of their revenue due to bot attacks, and 32% report that their organizations lost 10% or more of revenue within the last 12 months.

Bots - software applications that are programmed to do certain tasks without human intervention - have already experienced a surge in demand due to the pandemic, and 84% of respondents expect companies to integrate even more bots in the next five years. "When implemented and maintained properly, bots can help employees work more effectively and efficiently by undertaking simple, time-consuming tasks, which also drives cost savings for companies. Staying on the leading edge of the future of work with best-in-class technology, including bots and other automated solutions, can also help keep employees happy in their roles."

Ukrainian police have arrested a hacker who controlled a 100,000 device botnet used to perform DDoS attacks on behalf of paid customers. The threat actor was arrested at his home in Prykarpattia where he was allegedly using the botnet to perform DDoS attacks or to support other malicious activity for his clients.

Cybercriminals are using Telegram bots to steal one-time password tokens and defraud people through banks and online payment systems, including PayPal, Apple Pay and Google Pay, new research has found. Threat actors are using Telegram bots and channels and a range of tactics to gain account information, including calling victims, and impersonating banks and legitimate services, researchers said.

Bot attack volumes grew 41% year over year with human-initiated attacks falling 29%, according to a report from LexisNexis Risk Solutions. The report confirms earlier trend patterns showing the financial services industry and media businesses bear the brunt of increased automated bot network attacks.

Automated traffic takes up 64% of internet traffic - and whilst just 25% of automated traffic was made up by good bots, such as search engine crawlers and social network bots, 39% of all traffic was from bad bots, a Barracuda report reveals. These bad bots include both basic web scrapers and attack scripts, as well as advanced persistent bots.

Netacea announced results from a report that reveals the high price that businesses pay because of unwanted bot traffic. According to survey respondents, automated bots operated by malicious actors cost businesses an average of 3.6% of their annual revenue.

Microsoft has announced that the Web Application Firewall bot protection feature has reached general availability on Azure Application Gateway starting this week. Azure Web Application Firewall is a cloud-native service designed to protect customers' web applications from bot attacks, common exploits, as well as common web vulnerabilities, including cross-site scripting, SQL injection, broken auth, security misconfigurations, and more.

HUMAN Security announced its newly-named BotGuard and a range of new features to further help enterprise customers defend their website and mobile applications from sophisticated bot attacks and fraud. BotGuard is powered by the Human Verification Engine, which combines technical evidence, machine learning, and continuous adaptation to deliver "Human or not" bot detection decisions with accuracy.