Tag: api
-
Google’s New Restore Credentials Tool Simplifies App Login After Android Migration
by
in SecurityNewsGoogle has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely after migrating to a new Android device.Part of Android’s Credential Manager API, the feature aims to reduce the hassle of re-entering the login credentials for every app during the handset replacement.”With Restore Credentials, apps can…
-
PyPI Python Library “aiocpa” Found Exfiltrating Crypto Keys via Telegram Bot
The administrators of the Python Package Index (PyPI) repository have quarantined the package “aiocpa” following a new update that included malicious code to exfiltrate private keys via Telegram.The package in question is described as a synchronous and asynchronous Crypto Pay API client. The package, originally released in September 2024, has been downloaded 12,100 times to…
-
Code mit betrügerischer API kostet Programmierer 2500 US-Dollar
by
in SecurityNewsEin Kryptowährungs-Interessierter wollte mit ChatGPT einen “Bump Bot” programmieren. Die KI hat eine betrügerische API in den Code eingebaut. First seen on heise.de Jump to article: www.heise.de/news/ChatGPT-Code-mit-betruegerischer-API-kostet-Programmierer-2500-US-Dollar-10169146.html
-
Scam Crypto-API in Quellcode-Vorschlag schädigt Opfer um 2.500 US-Dollar
Heute noch eine unglaubliche Geschichte, die mir von einem Sicherheitsexperten zugespielt wurde. Jemand hat versucht, mittels ChatGPT Code für eine Anwendung erstellen zu lassen, die auch Kryptogelder transferieren können soll. Dabei wurde Schadcode eingebaut, der dafür sorgte, dass das Opfer … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/11/24/chatgpt-wenn-bei-der-code-entwicklung-schadcode-injiziert-wird/
-
Microsoft testing Windows 11 support for third-party passkeys
Microsoft is now testing WebAuthn API updates that add support for support for using third-party passkey providers for Windows 11 passwordless authentication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-testing-windows-11-support-for-third-party-passkeys/
-
Azure Key Vault Tradecraft with BARK
by
in SecurityNews
Tags: access, api, authentication, credentials, data, encryption, microsoft, password, powershell, RedTeam, serviceBrief This post details the existing and new functions in BARK that support adversarial tradecraft research relevant to the Azure Key Vault service. The latter part of the post shows an example of how a red team operator may use these commands during the course of an assessment. Authentication Azure Key Vault is one of…
-
Why Shadow APIs provide a defenseless path for threat actors
by
in SecurityNewsLearn why shadow APIs sometimes provide a defenseless path for threat actors, and learn what YOU can do about it. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/why-shadow-apis-provide-a-defenseless-path-for-threat-actors/
-
Perfctl malware strikes again as crypto-crooks target Docker Remote API servers
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/10/24/perfctl_malware_strikes_again/
-
YC-backed Formal brings a clever security reverse-proxy out of stealth
by
in SecurityNewsFormal is a security startup coming out of stealth on Tuesday with a nice list of investors and an interesting product positioning. The company has designed a reverse-proxy for data stores and APIs so that security teams can more easily secure access to sensitive data. In more practical terms, Formal is a proxy that you…
-
Unraveling Raspberry Robin’s Layers: Analyzing Obfuscation Techniques and Core Mechanisms
by
in SecurityNewsIntroductionDiscovered in 2021, Raspberry Robin (also known as Roshtyak) is a malicious downloader that has circulated in the wild for several years, primarily spreading through infected USB devices. Although USB devices are a common and unremarkable tactic for spreading malware, Raspberry Robin stands out due to its unique binary-obfuscation techniques, extensive use of anti-analysis methods,…
-
Fraud Awareness Week: How to Effectively Protect Your Data and Combat Fraudsters
by
in SecurityNews
Tags: access, ai, api, attack, authentication, awareness, business, cloud, communications, compliance, control, credentials, crime, data, defense, detection, encryption, exploit, finance, fraud, Hardware, iam, international, mfa, mobile, office, PCI, privacy, regulation, risk, service, software, strategy, technology, threat, vulnerabilityFraud Awareness Week: How to Effectively Protect Your Data and Combat Fraudsters madhav Tue, 11/19/2024 – 05:28 International Fraud Awareness Week (November 17-23) is a critical time to consider the significant risks that fraud poses to individuals and organizations. Thanks to AI, fraud attempts and successful attacks are alarmingly common and more advanced, with many…
-
The Elephant in AppSec Talks Highlight: Reinventing API Security
by
in SecurityNewsHighlights from Escape’s talks at The Elephant in AppSec Conference on the challenges of API security and how Escape is overcoming these First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/the-elephant-in-appsec-talks-highlight-reinventing-api-security/
-
Cloudflare 2024 API Security Management Report findings
by
in SecurityNews
Tags: apiFirst seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/cloudflare-2024-api-security-management-report-findings/
-
API Security Day powered by APIDays Escape
by
in SecurityNewsJoin top industry experts at API Security Day, a focused event at APIDays Paris, to explore in-depth strategies and insights for protecting APIs. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/api-security-day-powered-by-apidays-escape/
-
AI’s impact on the future of web application security
by
in SecurityNewsIn this Help Net Security interview, Tony Perez, CEO at NOC.org, discusses the role of continuous monitoring for real-time threat detection, the unique risks posed by APIs, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/15/tony-perez-noc-org-web-application-security/
-
Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost
Plus a bonus hard-coded local API key First seen on theregister.com Jump to article: www.theregister.com/2024/11/14/fortinet_vpn_authentication_bypass_bug/
-
API Security in Peril as 83% of Firms Suffer Incidents
by
in SecurityNewsOver 80% of UK organizations suffered an API security incident in the past year, with each costing over £400,000 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/api-security-83-firms-suffer/
-
Docusign API Abused in Widescale, Novel Invoice Attack
Attackers are exploiting the Envelopes: create API of the enormously popular document-signing service to flood corporate inboxes with convincing phish… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/docusign-api-abused-invoice-attack
-
Your AppSec Journey Demystified: Driving Effective API Security with Wallarm and StackHawk
by
in SecurityNewsThere is no doubt that attackers have shifted their attention to APIs. Wallarm’s API ThreatStats research identifies that 70% of attacks now target APIs instead of Web Applications. While APIs have become the backbone of innovation and connectivity for businesses, they have also introduced a vast attack surface that’s challenging to defend with traditional methods…
-
2024 Startup Battlefield Top 20 Finalists: ForceField
MARQ protects company, community & country data with tamper-proof badges. Patent-pending APIs defend against deepfake scams, fraud & breaches…. First seen on techcrunch.com Jump to article: techcrunch.com/video/2024-startup-battlefield-top-20-finalists-forcefield/
-
How to securely build product features using AI APIs
by
in SecurityNewsFirst seen on tldrsec.com Jump to article: tldrsec.com/p/securely-build-product-ai-machine-learning
-
Context is King: Using API Sessions for Security Context
by
in SecurityNewsThere’s no doubt that API security is a hot topic these days. The continued growth in API-related breaches and increase in publicized API vulnerabilities has pushed API security to the top of CISO’s lists. The tools in the market for API security still have room for improvement, of course. One of the challenges security practitioners…
-
Is the latest book on “Pentesting APIs” any good?
by
in SecurityNewsLet’s explore the latest book by Packt Publishing on “Pentesting APIs” and see if it’s worth putting on an API hacker’s bookshelf. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/is-the-latest-book-on-pentesting-apis-any-good/
-
5 SaaS Misconfigurations Leading to Major Fu*%@ Ups
by
in SecurityNewsWith so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk po… First seen on thehackernews.com Jump to article: thehackernews.com/2024/11/5-saas-misconfigurations-leading-to.html
-
Snyk Acquires Probely to Strengthen API Security for AI Apps
by
in SecurityNewsSnyk Boosts API Security with Enhanced Dynamic App Security Testing Capabilities. By buying DAST provider Probely, Snyk bolsters its platform with advanced API security testing for early SDLC stages. This acquisition aims to help developers identify and reduce vulnerabilities in AI-driven and API-heavy applications. Full integration into Snyk’s platform is slated for early 2025. First…
-
Fraudsters Abuse DocuSign API for Legit-Looking Invoices
by
in SecurityNewsI didn’t see much visibility on this DocuSign hack. This is a situation where the product features were not vetted to understand if they could be misused by malicious fraudsters. There is not a technical vulnerability, it comes down to a design weakness in the product. According to the security team at Wallarm, “An attacker…
-
The Hidden Costs of API Breaches: Quantifying the Long-Term Business Impact
by
in SecurityNewsAPI attacks can be costly. Really costly. Obvious financial impacts like legal fines, stolen finances, and incident response budgets can run into the hundreds of millions. However, other hidden costs often compound the issue, especially if you’re not expecting them. This article will explore the obvious and hidden costs of API breaches, their long-term business…
-
Azure API Management Vulnerabilities Let Attackers Escalate Privileges
by
in SecurityNewsRecent discoveries by Binary Security have revealed critical vulnerabilities in Azure API Management (APIM) that could allow attackers with minimal pr… First seen on gbhackers.com Jump to article: gbhackers.com/azure-api-management-vulnerabilities-let-attackers-escalate-privileges/
-
4 Main API Security Risks Organizations Need to Address
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/application-security/main-api-security-risks-manage