Tag: api
-
API Posture Management Common Topics We’re Asked About
by
in SecurityNews
Tags: apiThis article is the second in a series of six covering key API security topics and provides some answers to common questions we often get when talking… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/api-posture-management-common-topics-were-asked-about/
-
Sicherheit im digitalen Dschungel Priorisierung von Risiken für Unternehmen
by
in SecurityNewsDie Sicherung unserer Datenlandschaft gleicht oft einer Expedition in einen dichten Dschungel. Jede Webseite, jeder API-Endpunkt und jeder Cloud-Servi… First seen on netzpalaver.de Jump to article: netzpalaver.de/2024/07/19/sicherheit-im-digitalen-dschungel-priorisierung-von-risiken-fuer-unternehmen/
-
Another API Security Breach: Life360
by
in SecurityNewsIt’s not always Logical Another day, another API breach in the news. The latest breach occurred on the Life360 platform where an advisory was… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/another-api-security-breach-life360/
-
USENIX Security ’23 Auditing Framework APIs via Inferred App-side Security Specifications
by
in SecurityNewsAuthors/Presenters:Parjanya Vyas, Asim Waheed, Yousra Aafer, N. Asokan Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Pres… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/usenix-security-23-auditing-framework-apis-via-inferred-app-side-security-specifications/
-
Infisical: Open-source secret management platform
by
in SecurityNewsInfisical is an open-source secret management platform developers use to centralize application configurations and secrets, such as API keys and datab… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/24/infisical-open-source-secret-management-platform/
-
The Future of Appsec is APIs | Impart Security
by
in SecurityNewsAPI security, microservices, decentralized applications, WAF, authentication, authorization, AI, security testing, response and enforcement, WAFs, sec… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/the-future-of-appsec-is-apis-impart-security/
-
How Salt Catches Low and Slow Attacks While Others Can’t
by
in SecurityNewsIn the ever-evolving landscape of cybersecurity, API attacks pose significant threats to organizations. These attacks, particularly the low and slow v… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/how-salt-catches-low-and-slow-attacks-while-others-cant/
-
Introducing the API Threat Landscape, a new resource for API security researchers
by
in SecurityNewsSince 2022, Escape’s security research team has been tracking API-related data breaches. We’ve decided to make our database public, providing detailed… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/introducing-the-api-threat-landscape-a-new-resource-for-api-security-researchers/
-
Misconfigured API exposes over 440K Life360 users’ data
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/misconfigured-api-exposes-over-440k-life360-users-data
-
Daten- und Benutzertracking bei Telekom per API?
by
in SecurityNews
Tags: apiUnschöne Geschichte: Die Deutsche Telekom scheint die Übersicht über ihre APIs etwas verloren zu haben. Lilith Wittmann hat eine Webseite online geste… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/07/14/daten-und-benutzertracking-bei-telekom-per-api/
-
OpenAI Rolls Out Compliance API and Integrations for ChatGPT Enterprise
by
in SecurityNewsThe tools are being positioned as crucial to help business customers meet requirements for regulations like FINRA, HIPAA, and GDPR. The post OpenAI Ro… First seen on securityweek.com Jump to article: www.securityweek.com/openai-rolls-out-compliance-api-and-integrations-for-chatgpt-enterprise/
-
Over 400,000 Life360 user phone numbers leaked via unsecured API
by
in SecurityNewsFirst seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-400-000-life360-user-phone-numbers-leaked-via-unsecured-android-api/
-
Overlooked essentials: API security best practices
by
in SecurityNewsIn this Help Net Security, Ankita Gupta, CEO at Akto, discusses API security best practices, advocating for authentication protocols like OAuth 2.0 an… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/17/ankita-gupta-akto-api-security-best-practices/
-
Cyber Fail: Attack of the Zombie APIs!
by
in SecurityNewsAlso: Election Security Dysfunction; the Legacy of Government-Backed Spyware. Welcome to Cyber Fail, where our experts uncover fails so we can all str… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cyber-fail-attack-zombie-apis-a-25801
-
Hacker Leaks Data of More Than 15 Million Trello Users
A hacker who calls themselves emo says they accessed the information of 15 million Trello users in January through an unsecured REST API endpoint and … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/hacker-leaks-data-of-more-than-15-million-trello-users/
-
Fuzzing JSON to find API security flaws
by
in SecurityNewsFirst seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/fuzzing-json-to-find-api-security-flaws/
-
Cequence Integration with F5 High Speed Logging (HSL) Enhances API Security Visibility
by
in SecurityNews
Tags: apiCequence integrates with F5’s High Speed Logging (HSL) solution, providing another zero-latency passive deployment option. This integration enables Ce… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/cequence-integration-with-f5-high-speed-logging-hsl-enhances-api-security-visibility/
-
API Transformation Cyber Risks and Survival Tactics
As you think about how to ensure your APIs are within your risk tolerance, ensure that you have a sound understanding of your inventory and the data a… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/api-transformation-cyber-risks-and-survival-tactics/
-
Apple Geolocation API Exposes Wi-Fi Access Points Worldwide
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/apple-geolocation-api-exposes-wi-fi-access-points-worldwide
-
API Access Control: Optimizing your API Security
by
in SecurityNewsIn the digital transformation era, APIs have become the glue that holds modern tech stacks together. APIs are critical for enabling seamless communica… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/api-access-control-optimizing-your-api-security/
-
33 Millionen Rufnummern: Hacker erbeuten Daten von beliebter Authenticator-App
by
in SecurityNewsAbgeflossen sind die Daten über einen ungeschützten API-Endpunkt von Twilio. Die Rufnummern der betroffenen Authy-Nutzer sind bereits in einem Hackerf… First seen on golem.de Jump to article: www.golem.de/news/33-millionen-rufnummern-hacker-erbeuten-daten-von-beliebter-authenticator-app-2407-186725.html
-
Daten- und Benutzertracking bei Telekom per API
by
in SecurityNews
Tags: apiUnschöne Geschichte: Die Deutsche Telekom scheint die Übersicht über ihre APIs etwas verloren zu haben. Lilith Wittmann hat eine Webseite online geste… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/07/14/daten-und-benutzertracking-bei-telekom-per-api/
-
USENIX Security ’23 NAUTILUS: Automated RESTful API Vulnerability Detection
by
in SecurityNewsAuthors/Presenters:Gelei Deng, Zhiyi Zhang,Yuekang Li, Yi Liu, Tianwei Zhang, Yang Liu, Guo Yu, Dongjin Wang Many thanks to USENIX for publishing thei… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/usenix-security-23-nautilus-automated-restful-api-vulnerability-detection/
-
Lessons Learned From Exposing Unusual XSS Vulnerabilities
by
in SecurityNewsMisunderstood browser APIs are often at the core of many web security issues. With the rapid expansion of web APIs, keeping up with security best prac… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/lessons-learned-from-exposing-unusual-xss-vulnerabilities/
-
Finding hidden API parameters
by
in SecurityNews
Tags: apiFirst seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/finding-hidden-api-parameters/
-
Cloudy with a Chance of Cyberattack: Understanding LOTC Attacks and How ZTNA Can Prevent Them
by
in SecurityNewsWith Living Off the Cloud (LOTC) attacks, hackers abuse APIs of trusted cloud services to remotely control botnets but also to make malicious traffic … First seen on securityweek.com Jump to article: www.securityweek.com/cloudy-with-a-chance-of-cyberattack-understanding-lotc-attacks-and-how-ztna-can-prevent-them/
-
Authy: Hacker greifen Millionen von Telefonnummern über eine ungesicherte API ab
by
in SecurityNewsNachdem Kriminelle eine CSV-Datei mit Telefonnummern von angeblich 33 Millionen Authy-Nutzern geleakt haben, drohen unter anderem SMS-Phishing-Attacke… First seen on heise.de Jump to article: www.heise.de/news/MFA-App-Authy-Unzaehlige-Telefonnummern-ueber-ungesicherte-API-abgegriffen-9789229.html
-
KI-Handheld: Bastler entdecken kritische API-Keys im Code des Rabbit R1
by
in SecurityNewsMit den API-Keys können Angreifer angeblich auf bisherige Antworten aller R1-Geräte zugreifen, neue Antworten manipulieren und sämtliche KI-Handhelds … First seen on golem.de Jump to article: www.golem.de/news/ki-handheld-bastler-entdecken-kritische-api-keys-im-code-des-rabbit-r1-2406-186492.html
-
Join Cequence Security at Black Hat 2024: Protect What Connects You
by
in SecurityNews
Tags: apiProtect What Connects with Cequence Application and API Security Solutions at Black Hat 2024 We are thrilled to announce that Cequence Security will b… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/join-cequence-security-at-black-hat-2024-protect-what-connects-you/
-
Sicherheitslücke: Ungeschützte API liefert sensible Daten deutscher Häftlinge
by
in SecurityNewsWelcher Häftling wann mit seinem Anwalt oder Therapeuten telefoniert hat, ist aufgrund der Sicherheitslücke für jedermann einsehbar gewesen. Betroffen… First seen on golem.de Jump to article: www.golem.de/news/sicherheitsluecke-ungeschuetzte-api-liefert-sensible-daten-deutscher-haeftlinge-2406-186483.html