Security News

The many benefits that APIs bring to the software and application development communities - namely, that they are well documented, publicly available, standard, ubiquitous, efficient, and easy to use - are now being leveraged by bad actors to execute high profile attacks against public-facing applications. The security conundrum for APIs is that whereas most practitioners would recommend design decisions that make resources more hidden and less available, successful deployment of APIs demands willingness to focus on making resources open and available.

Druva announced the launch of an API integration with FireEye extending visibility and control over endpoint backup data to monitor, analyze, detect and respond to data breaches from ransomware, data theft, and insider attacks. Joint customers of Druva and the FireEye Helix platform can now dramatically reduce incident response times, minimize downtime, and accelerate recovery from protected backup data.

Cyemptive Technologies, a provider of preemptive cybersecurity products and technology and winner of the Department of Homeland Security's national competition for most innovative border security-related solution in the market, unveiled Version 2 of Cyemptive Enterprise Scanner. It is a substantial improvement to the world's first scanning technology that preemptively scans for infected files such as ransomware, malware, and other cyberthreats before they infect a system, as compared to other existing scanning technology that detects files only after the infection has commenced.

By Light Professional IT Services and the intelligence-led security company, FireEye announced the integration of Mandiant Threat Intelligence within By Light's Cyberoperations Enhanced Network and Training Simulators. As today's cyberspace landscape features an increasing number of well-funded, highly organized, and complex adversaries, the use of real-world threat intelligence in training and exercises has become crucial to defending effectively against cyberspace attacks.

Application threats and security trends you need to know aboutApplications are a gateway to valuable data, so it's no wonder they are one of attackers' preferred targets. C-suite execs often pressure IT teams to make security exceptions for themThe C-suite is the most likely group within an organization to ask for relaxed mobile security protocols - despite also being highly targeted by malicious cyberattacks, according to MobileIron.

Sixgill announced that users of Splunk, the Data-for-Everything platform, will have access to Sixgill's Darkfeed, the company's automated stream of indicators of compromise. By leveraging Darkfeed in Splunk's analytics-driven SIEM, enterprises gain contextual and actionable insights in real-time to enhance security and proactively protect against threats.

Allot, a leading global provider of innovative network intelligence and security-as-a-service solutions for communication service providers and enterprises, launched Allot BusinessSecure, a new solution that CSPs can offer their SMB and Enterprise customers to protect them from emerging cybersecurity threats, including malware, phishing, ransomware and crypto-mining, while increasing revenue. Allot BusinessSecure is the newest member of the Allot Secure family of unified cybersecurity solutions, the world's leading network-based security as a service solution, used by over 23 million consumer and business subscribers.

Since modern applications aren't a monolithic whole but consist of many separate components "Glued together" over networks, attackers have at their disposal many "Doors" through which they can attempt access to the data. "Access tier attacks are any that seek to circumvent the legitimate processes of authentication and authorization that we use to control who gets to use an application, and how they can use it. The result of this kind of attack is a malicious actor gaining entry to a system while impersonating a legitimate user. They then use the legitimate user's authorization to accomplish a malicious goal- usually data exfiltration," the analysts explained.

Akamai, the intelligent edge platform for securing and delivering digital experiences, announced the launch of Page Integrity Manager, an in-browser threat detection solution designed to uncover compromised scripts that could be used to steal user data or impact the user experience. Initially popularized by Magecart groups, and now being leveraged by other threat actors, the attack vector of malicious web page scripts is growing and has become a frequent source of data breaches.

Appdome, a no-code mobile integration and solutions platform, announced that it has joined the Microsoft Intelligent Security Association, an ecosystem of independent software vendors that have integrated their solutions to better defend against a world of increasing threats. Finally, as part of the Appdome build, organizations can choose to add features from the Appdome Mobile Security Suite, such as App hardening, Man-in-the-Middle protection, and native and non-native code obfuscation to their built apps.