Tag: api

F5 State of Application Strategy Report: API Security 2024 – Ungesicherte APIs sind Sicherheits- und Betriebsrisiko

Nov 8, 2024 8:02 AM

by

Andy Stern

in SecurityNews

Tags: api, strategy

First seen on security-insider.de Jump to article: www.security-insider.de/api-sicherheit-luecken-https-schutz-report-2024-a-f03eda89344557f660760320928c27e3/
Cybercriminals Exploit DocuSign APIs to Send Fake Invoices

Nov 7, 2024 5:01 PM

by

Andy Stern

in SecurityNews

Tags: api, cybercrime, exploit

First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cybercriminals-exploit-docusign/
Schnittstellen absichern – Hackern mit API-Tools den Kampf ansagen

Nov 7, 2024 4:02 PM

by

Andy Stern

in SecurityNews

Tags: api, tool

First seen on security-insider.de Jump to article: www.security-insider.de/effektive-api-sicherheitstools-zur-identifizierung-von-risiken-a-adf5a114c947682a4d60a3b1c6b1679b/
Scammers Use DocuSign API to Evade Spam Filters with Phishing Invoices

Nov 7, 2024 4:00 PM

by

Andy Stern

in SecurityNews

Tags: api, phishing, scam, spam

First seen on hackread.com Jump to article: hackread.com/scammers-docusign-api-spam-filters-phishing-invoices/
DocuSign Abused to Deliver Fake Invoices

Nov 7, 2024 10:00 AM

by

Andy Stern

in SecurityNews

Tags: api, cybercrime, email, phishing, spam

Cybercriminals are abusing DocuSign APIs to send bogus email messages that bypass protections such as spam and phishing filters. The post DocuSign Abu… First seen on securityweek.com Jump to article: www.securityweek.com/docusign-apis-abused-to-deliver-fake-invoices/
Cybercriminals Exploit DocuSign API to Send Convincing Phishing Invoices at Scale

Nov 7, 2024 5:04 AM

by

Andy Stern

in SecurityNews

Tags: api, cybercrime, exploit, phishing

In a sophisticated twist on phishing, cybercriminals are now leveraging DocuSign’s API to send fraudulent invoices that appear alarmingly authentic, according to a new report from Wallarm security researchers. Unlike... First seen on securityonline.info Jump to article: securityonline.info/cybercriminals-exploit-docusign-api-to-send-convincing-phishing-invoices-at-scale/
DocuSign’s API used to lure victims into e-signing fake invoices

Nov 6, 2024 10:04 PM

by

Andy Stern

in SecurityNews

Tags: api

First seen on scworld.com Jump to article: www.scworld.com/news/docusigns-api-used-to-lure-victims-into-e-signing-fake-invoices
DocuSign’s Envelopes API abused to send realistic fake invoices

Nov 6, 2024 9:01 PM

by

Andy Stern

in SecurityNews

Tags: api, threat

Threat actors are abusing DocuSign’s Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands li… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/docusigns-envelopes-api-abused-to-send-realistic-fake-invoices/
The financial impact of API and bot attacks on large enterprises

Nov 6, 2024 9:01 PM

by

Andy Stern

in SecurityNews

Tags: api, attack, finance

First seen on scworld.com Jump to article: www.scworld.com/native/the-financial-impact-of-api-and-bot-attacks-on-large-enterprises
‘CrossBarking’ Attack Targeted Secret APIs, Exposing Opera Browser Users

Nov 5, 2024 10:56 PM

by

Andy Stern

in SecurityNews

Tags: api, attack, browser, chrome, malicious

Using a malicious Chrome extension, researchers showed how an attacker could use a now-fixed bug to inject custom code into a victim’s Opera browser t… First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/crossbarking-attack-secret-apis-expose-opera-browser-users
Hackers Exploit DocuSign APIs for Phishing Campaign

Nov 5, 2024 4:56 PM

by

Andy Stern

in SecurityNews

Tags: api, cybercrime, exploit, hacker, phishing

Cybercriminals are exploiting DocuSign’s APIs to send highly authentic-looking fake invoices, while DocuSign’s forums have reported a rise in such fra… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/hackers-exploit-docusign-apis-for-phishing-campaign/
ChatGPT-4o can be used for autonomous voice-based scams

Nov 5, 2024 3:56 PM

by

Andy Stern

in SecurityNews

Tags: api, chatgpt, finance, LLM, openai, scam

Researchers have shown that it’s possible to abuse OpenAI’s real-time voice API for ChatGPT-4o, an advanced LLM chatbot, to conduct financial scams wi… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chatgpt-4o-can-be-used-for-autonomous-voice-based-scams/
Top Traceable API Security Alternative: Escape vs. Traceable

Nov 4, 2024 8:56 PM

by

Andy Stern

in SecurityNews

Tags: api

First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/top-traceable-api-security-alternative-escape-vs-traceable/
Wichtiger API-Key erbeutet: Neuer Cyberangriff trifft Internet Archive

Nov 4, 2024 6:58 AM

by

Andy Stern

in SecurityNews

Tags: api, cyberattack, Internet, mail

Dieses Mal wurden über ein System der Organisation massenhaft E-Mails verschickt. Der Angreifer scheint derselbe zu sein, der zuletzt Nutzerdaten erbe… First seen on golem.de Jump to article: www.golem.de/news/wayback-machine-internet-archive-schon-wieder-attackiert-2410-190020.html
Private API compromise possible with now-patched Opera bug

Nov 2, 2024 8:57 PM

by

Andy Stern

in SecurityNews

Tags: api

First seen on scworld.com Jump to article: www.scworld.com/brief/private-api-compromise-possible-with-now-patched-opera-bug
Leading the Way in API Security: Which U.S. States Are Setting the Standard?

Nov 1, 2024 5:56 PM

by

Andy Stern

in SecurityNews

Tags: api, election

With just days to go before the U.S. election, securing our digital landscape is more critical than ever. Our latest infographic, Vote for API Securit… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/leading-the-way-in-api-security-which-u-s-states-are-setting-the-standard/
Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks

Nov 1, 2024 2:56 PM

by

Andy Stern

in SecurityNews

Tags: api, attack, crypto, cybercrime, docker, exploit

Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findi… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/cybercriminals-exploiting-docker-api.html
‘CrossBarking’ Attack Targets Secret APIs, Exposes Opera Browser Users

Nov 1, 2024 2:56 PM

by

Andy Stern

in SecurityNews

Tags: api, attack, browser, chrome, malicious

Using a malicious Chrome extension, researchers showed how an attacker could use a now-fixed bug to inject custom code into a victim’s Opera browser t… First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/crossbarking-attack-secret-apis-expose-opera-browser-users
API Security Matters: The Risks of Turning a Blind Eye

Nov 1, 2024 12:55 PM

by

Andy Stern

in SecurityNews

Tags: api, risk

Willfully ignoring important security issues to make our lives easier is, unfortunately, something that does happen in the security field. The post A… First seen on securityweek.com Jump to article: www.securityweek.com/api-security-matters-the-risks-of-turning-a-blind-eye/
Product showcase: Shift API security left with StackHawk

Nov 1, 2024 5:56 AM

by

Andy Stern

in SecurityNews

Tags: ai, api

With the proliferation of APIs, and the speed at which AI functionality is helping fuel innovation, a strategic approach for securing APIs is no longe… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/30/product-showcase-stackhawk/
DEF CON 32 AppSec Village Gridlock The Dual Edged Sword of EV and Solar APIs in Grid Security

Oct 31, 2024 9:56 PM

by

Andy Stern

in SecurityNews

Tags: api, application-security

Authors/Presenters:Vangelis Stykas Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their timely DEF CON 32 erudite cont… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/def-con-32-appsec-village-gridlock-the-dual-edged-sword-of-ev-and-solar-apis-in-grid-security/
Securing APIs in Retail: Safeguarding Customer Data

Oct 31, 2024 3:56 PM

by

Andy Stern

in SecurityNews

Tags: api, data

The retail industry’s digital transformation has made secure APIs essential to modern operations since they are at the core of this shift. APIs power … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/securing-apis-in-retail-safeguarding-customer-data/
Survey Surfaces Fundamental Weaknesses in API Security

Oct 31, 2024 12:56 PM

by

Andy Stern

in SecurityNews

Tags: ai, api, cybersecurity

Traceable AI today published a global survey of 1,548 IT and cybersecurity professionals that finds well over half (57%) work for organizations that h… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/survey-surfaces-fundamental-weaknesses-in-api-security/
Salt Security and Dazz: A Powerful Partnership for API Security

Oct 31, 2024 6:56 AM

by

Andy Stern

in SecurityNews

Tags: api, data, strategy

As organizations adopt more modern application strategies, APIs are increasingly important for enabling seamless communication and data exchange. Howe… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/salt-security-and-dazz-a-powerful-partnership-for-api-security/
APIContext Joins Akamai’s Qualified Compute Partner Program to Boost Cloud Capabilities

Oct 30, 2024 1:56 PM

by

Andy Stern

in SecurityNews

Tags: api, cloud

APIContext, a company specializing in API-driven solutions, has joined Akamai Technologies’ Qualified Compute Partner Program as an Independent Softwa… First seen on itsecurityguru.org Jump to article: www.itsecurityguru.org/2024/10/18/apicontext-joins-akamais-qualified-compute-partner-program-to-boost-cloud-capabilities
Lessons from the Cisco Data Breach, The Importance of Comprehensive API Security

Oct 30, 2024 6:58 AM

by

Andy Stern

in SecurityNews

Tags: api, breach, cisco, cybersecurity, data, data-breach

In the wake of Cisco’s recent data breach involving exposed API tokens – amongst other sensitive information – the cybersecurity community is reminde… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/lessons-from-the-cisco-data-breach-the-importance-of-comprehensive-api-security/
Deepfake Phone Scams for Less Than a Dollar a Pop

Oct 29, 2024 7:55 PM

by

Andy Stern

in SecurityNews

Tags: ai, api, deep-fake, hacker, openai, phone, scam

Academics Build AI Agent With OpenAI to Execute Phone Scams at Scale. Hackers can use OpenAI’s real-time voice API to carry out for less than a dollar… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/deepfake-phone-scams-for-less-than-dollar-pop-a-26652
Guest Essay: API security-related exposures rose steeply across all industries in Q3 2024

Oct 29, 2024 5:56 PM

by

Andy Stern

in SecurityNews

Tags: api, programming

Application Programming Interfaces (APIs) have become the backbone of modern enterprises, facilitating seamless communication between both internal sy… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/guest-essay-api-security-related-exposures-rose-steeply-across-all-industries-in-q3-2024/
Trend: Der API-Markt wächst, aber Nutzer vernachlässigen die Sicherheit

Oct 29, 2024 10:56 AM

by

Andy Stern

in SecurityNews

Tags: api

First seen on heise.de Jump to article: www.heise.de/news/State-of-API-Report-Die-API-wird-zum-Produkt-Sicherheit-ist-nachrangig-9994054.html
DEF CON 32 AppSec Village 0 0 0 0 Day Exploiting Localhost APIs From The Browser

Oct 28, 2024 11:56 PM

by

Andy Stern

in SecurityNews

Tags: api, application-security, exploit, zero-day

Authors/Presenters: Avi Lumel, skyGal Elbaz Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their timely DEF CON 32 eru… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/def-con-32-appsec-village-0-0-0-0-day-exploiting-localhost-apis-from-the-browser/