Security News

With a focus on the security of web app firewalls, pen tests target application programming interfaces, servers and any leaky point of entry. Security firm Pentera's second annual report on pen testing deployment in the U.S. and Europe found that 92% of organizations are lifting their overall IT security budgets.

With that said, application security and API security are two critical components of a comprehensive security strategy. To be clear, API Security is different enough from 'traditional' Application Security that it requires specific consideration.

While these SaaS-to-SaaS connections provide enhanced features that boost workflow efficiency, they also give permission for apps to read, update, create, delete, or otherwise engage with corporate and personal data. In its report, Adaptive Shield identifies how many SaaS apps are being connected to the core SaaS stack, specifically Microsoft 365 and Google Workspace and business-critical apps such as Salesforce and Slack, the types of permissions being granted to these applications, and the risk level these apps present.

SCSW The vast majority of off-the-shelf software is composed of imported components, whether that's open source libraries or proprietary code. "Attackers have realized this, and that it's easy to hide in and attack all those gaps, those third-party components as they get transferred around and reused by other vendors," Dan Lorenc, CEO and co-founder of security specialists Chainguard, told The Register.

Microsoft is recommending that Exchange server users scan certain objects for viruses and other threats that until now had been excluded. Microsoft late last month urged Exchange server users to make sure their systems are up-to-date with the latest Cumulative and Security updates and hardened against cyberattacks.

Google said it's working with ecosystem partners to harden the security of firmware that interacts with Android. While the Android operating system runs on what's called the application processor, it's just one of the many processors of a system-on-chip that cater to various tasks like cellular communications and multimedia processing.

Google last year paid its highest bug bounty ever through the Vulnerability Reward Program for a critical exploit chain report that the company valued at $605,000. In total, Google spent over $12 million for more than 2,900 vulnerabilities in its products discovered and reported by security researchers.

Enterprises looking to modernize their APIs are increasingly switching from the REST architecture to the open-source data query and manipulation language GraphQL. While the transition makes sense - GraphQL is more flexible, scalable, and easier for developers to use - attackers are also seeing new opportunities for mischief. Those finding themselves within the developer led GraphQL movement must understand the current threats facing them and recognize that GraphQL increases their own security responsibilities.

Google has started working to harden the security of Android at the firmware level, a component of the software stack that interacts directly with the various processors of a system on a chip. The plan is to expand the security in Android devices beyond the operating system, which runs on a multi-core CPU, to the other processors on the SoC for dedicated tasks like cellular communication, media processing, or security modules.

To address these challenges, organizations are turning to predictive analytics and Machine Learning driven network security solutions as essential tools for securing their networks against cyber threats and the unknown bad. ML-driven network security solutions in cybersecurity refer to the use of self-learning algorithms and other predictive technologies to automate various aspects of threat detection. In summary, the mentioned drawbacks of rule-based security solutions highlight the significance of taking a more holistic approach to network security, which should nowadays include ML-powered Network Detection and Response solutions to complement traditional detection capabilities and preventive security measures.