Tag: api
-
Sicherheitslücke: Ungeschützte API liefert sensible Daten deutscher Häftlinge
by
in SecurityNewsWelcher Häftling wann mit seinem Anwalt oder Therapeuten telefoniert hat, ist aufgrund der Sicherheitslücke für jedermann einsehbar gewesen. Betroffen… First seen on golem.de Jump to article: www.golem.de/news/sicherheitsluecke-ungeschuetzte-api-liefert-sensible-daten-deutscher-haeftlinge-2406-186483.html
-
Hackers abused API to verify millions of Authy MFA phone numbers
Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-abused-api-to-verify-millions-of-authy-mfa-phone-numbers/
-
Organizations use outdated approaches to secure APIs
by
in SecurityNewsSecurity teams are struggling to keep pace with the risks posed by organizations’ dependency on modern applications, the technology that underpins all… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/04/modern-applications-risks/
-
Hackers Abused Twilio API To Verify Phone Numbers used For MFA
by
in SecurityNewsAn unauthenticated endpoint vulnerability allowed threat actors to identify phone numbers associated with Authy accounts, which was identified, and th… First seen on gbhackers.com Jump to article: gbhackers.com/hackers-exploit-twilio-api-mfa/
-
Why API Discovery is Important for Financial Companies
by
in SecurityNewsFirst seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/why-api-discovery-is-important-for-financial-companies/
-
Twilio’s Authy Breach: The Attack via an Unsecured API Endpoint
by
in SecurityNewsA recap of Twilio’s Authy app breach, which exposed 33 million phone numbers. Including the impacts, lessons learnt and recommendations to enhance you… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/twilios-authy-breach-the-attack-via-an-unsecured-api-endpoint/
-
Understanding API Key Verification
by
in SecurityNews
Tags: apiAs organizations look to improve their API security, two distinct approaches to API key verification have emerged, centralized and decentralized verif… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/understanding-api-key-verification/
-
Breach Debrief Series: Twilio’s Authy Breach is a MFA Wakeup Call
Inside the Hack Earlier this week, Twilio issued a security alert informing customers that hackers had exploited a security lapse in the Authy API to … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/breach-debrief-series-twilios-authy-breach-is-a-mfa-wakeup-call/
-
Authy: Hacker greifen Millionen von Telefonnumern über eine ungesicherte API ab
by
in SecurityNewsNachdem Kriminelle eine CSV-Datei mit Telefonnummern von angeblich 33 Millionen Authy-Nutzern geleakt haben, drohen unter anderem SMS-Phishing-Attacke… First seen on heise.de Jump to article: www.heise.de/news/MFA-App-Authy-Unzaehlige-Telefonnummern-ueber-ungesicherte-API-abgegriffen-9789229.html
-
MFA-App Authy: Unzählige Telefonnummern über ungesicherte API abgegriffen
by
in SecurityNewsNachdem Kriminelle eine CSV-Datei mit Telefonnummern von angeblich 33 Millionen Authy-Nutzern geleakt haben, drohen unter anderem SMS-Phishing-Attacke… First seen on heise.de Jump to article: www.heise.de/news/MFA-App-Authy-Unzaehlige-Telefonnummern-ueber-ungesicherte-API-abgegriffen-9789229.html
-
Weaponizing API discovery metadata
by
in SecurityNews
Tags: apiFirst seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/weaponizing-api-discovery-metadata/
-
An Analysis of Kuppinger Cole’s Selection Criteria for API Management and Security
by
in SecurityNews
Tags: apiFirst seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/an-analysis-of-kuppinger-coles-selection-criteria-for-api-management-and-security/
-
Sicherheitslücke in Gefängnis-Telefonanlage legt sensible Daten offen
by
in SecurityNewsSicherheitsforscherin Lilith Wittmann hat eine schwere Sicherheitslücke in der API einer Gefängnis-Telefonanlage öffentlich gemacht. Über die API konn… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/06/27/sicherheitslcke-in-gefngnis-telefonanlage-legt-sensible-daten-offen/
-
What is Crowdsourced Penetration Testing: Benefits,Risks,Comparisons
by
in SecurityNewsOrganisations of all sizes rely heavily on new technology such as cloud, mobile, web applications, and APIs, making them prime targets for cyberattack… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/what-is-crowdsourced-penetration-testing-benefitsriskscomparisons/
-
New Malware Targets Exposed Docker APIs for Cryptocurrency Mining
by
in SecurityNewsCybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocu… First seen on thehackernews.com Jump to article: thehackernews.com/2024/06/new-malware-targets-exposed-docker-apis.html
-
6 Tips for Preventing DDoS Attacks Using Rate Limits
by
in SecurityNewsRate limiting is a well-known technique for limiting network traffic to web servers, APIs, or other online services. It is also one of the methods ava… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/6-tips-for-preventing-ddos-attacks-using-rate-limits/
-
Salt Security Survey Reveals 95% of Respondents Experienced API Security Problems in Past Year
by
in SecurityNews
Tags: apiAPI security professionals at Salt Security have revealed the findings of their latest Salt Labs State of API Security Report, 2024. The research, whi… First seen on itsecurityguru.org Jump to article: www.itsecurityguru.org/2024/06/18/salt-security-survey-reveals-95-of-respondents-experienced-api-security-problems-in-past-year
-
Developer errors lead to long-term exposure of sensitive data in Git repos
by
in SecurityNewsCredentials, API tokens, and passkeys collectively referred to as secrets from organizations around the globe were exposed for years, according to Aqu… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/06/26/git-exposed-secrets/
-
Coding Error In Forgotten API Blamed For Massive Data Breach
by
in SecurityNewsFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36018/Coding-Error-In-Forgotten-API-Blamed-For-Massive-Data-Breach.html
-
How to build a Copilot for Security API Plugin Part 1
by
in SecurityNews
Tags: apiFirst seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/how-to-build-a-copilot-for-security-api-plugin-part-1/
-
Chrome for Android tests feature that securely verifies your ID with sites
by
in SecurityNewsGoogle is testing a new feature called Digital Credential API for Chrome on Android that will allow websites to request identity information from mobi… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/chrome-for-android-tests-feature-that-securely-verifies-your-id-with-sites/
-
FireTail Unveils Free Access for All to Cutting-Edge API Security Platform
by
in SecurityNewsFirst seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/firetail-unveils-free-access-for-all-to-cutting-edge-api-security-platform/
-
Hacking APIs with HTTPie
by
in SecurityNewsFirst seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/hacking-apis-with-httpie/
-
Quarter of Firms Suffer an API-Related Breach
by
in SecurityNewsFirst seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/quarter-firms-suffer-api-related/
-
Hackers Attacking Vaults, Buckets, And Secrets To Steal Data
Hackers target vaults, buckets, and secrets to access some of the most classified and valuable information, including API keys, logins, and other usef… First seen on gbhackers.com Jump to article: gbhackers.com/hackers-attacking-vaults-buckets-secrets/
-
How bots abuse APIs and tips to protect against it
by
in SecurityNews
Tags: apiFirst seen on scmagazine.com Jump to article: www.scmagazine.com/native/how-bots-abuse-apis-and-tips-to-protect-against-it
-
Simplifying Azure Key Vault Updates With AppViewX Automation
by
in SecurityNewsAzure Key Vault service offers a secure storage solution for cryptographic keys, API keys, passwords, and certificates in the cloud. However, managing… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/simplifying-azure-key-vault-updates-with-appviewx-automation/
-
Novel malware campaign sets sights on misconfigured Docker APIs
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/novel-malware-campaign-sets-sights-on-misconfigured-docker-apis
-
Lack of visibility into APIs leaves blind spots, says new study
by
in SecurityNews
Tags: apiFirst seen on scmagazine.com Jump to article: www.scmagazine.com/news/lack-of-visibility-into-apis-leaves-blind-spots-says-new-study
-
PCI DSS 4.0.1: New Clarifications on Client-Side Security What You Need to Know
by
in SecurityNewsAs a leading provider of web application and API security solutions, Imperva is committed to helping merchants, payment processors, and anyone seeking… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/pci-dss-4-0-1-new-clarifications-on-client-side-security-what-you-need-to-know/