#api-security

[ follow ]
#cybersecurity

15 million Trello users have been exposed in a data breach - here's what you need to know

Around 15 million Trello user email addresses leaked on the dark web.

Security leaders discuss the Cisco security incident

Cisco's data breach underlines the critical need for strong API security, even in public-facing environments.

Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually

Organizations are losing between $94 - $186 billion annually due to insecure APIs and bot abuse, with risks increasing exponentially.

Security experts discuss the American Water cyberattack

Cyberattack on American Water Works forced customer billing pause, highlighting vulnerabilities in critical infrastructure.

Malicious actors are leveraging peak travel and vacation times

Cybercriminals are exploiting increased traffic during Labor Day and holiday seasons, targeting vulnerable travel sites.
Organizations must prioritize API security to protect consumers and maintain trust.

The integration security paradox: Strategies to protect data

Organizations must prioritize securing integrations as their vulnerability increases with every new vendor and technology link added.

15 million Trello users have been exposed in a data breach - here's what you need to know

Around 15 million Trello user email addresses leaked on the dark web.

Security leaders discuss the Cisco security incident

Cisco's data breach underlines the critical need for strong API security, even in public-facing environments.

Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually

Organizations are losing between $94 - $186 billion annually due to insecure APIs and bot abuse, with risks increasing exponentially.

Security experts discuss the American Water cyberattack

Cyberattack on American Water Works forced customer billing pause, highlighting vulnerabilities in critical infrastructure.

Malicious actors are leveraging peak travel and vacation times

Cybercriminals are exploiting increased traffic during Labor Day and holiday seasons, targeting vulnerable travel sites.
Organizations must prioritize API security to protect consumers and maintain trust.

The integration security paradox: Strategies to protect data

Organizations must prioritize securing integrations as their vulnerability increases with every new vendor and technology link added.
morecybersecurity

Publishing to PyPI with a Trusted Publisher from GitLab CI/CD

Using Trusted Publishers significantly enhances security by managing API token risks effectively.

5 Key Policies to Strengthen Runtime API Governance - DevOps.com

Effective API runtime governance is essential for ensuring performance, security, and alignment with evolving demands.
#data-protection

How organizations can defend against the increasing API attack surface

APIs present increasing security challenges, necessitating heightened protection measures as their use expands in various business environments.

The Internet Archive hackers still have access to its internal emailing tools

IA has neglected to rotate exposed API keys, risking unauthorized access to sensitive user data.

How organizations can defend against the increasing API attack surface

APIs present increasing security challenges, necessitating heightened protection measures as their use expands in various business environments.

The Internet Archive hackers still have access to its internal emailing tools

IA has neglected to rotate exposed API keys, risking unauthorized access to sensitive user data.
moredata-protection
#compliance

API and data security remain top threats

Financial institutions face challenges in compliance and understanding API activity, making them vulnerable to threats and breaches.

Elevating DevOps Security: Why Integrating Threat Modeling Transforms Pentesting - DevOps.com

Compliance-driven pentesting often fails to address evolving vulnerabilities in modern software and API environments.

API and data security remain top threats

Financial institutions face challenges in compliance and understanding API activity, making them vulnerable to threats and breaches.

Elevating DevOps Security: Why Integrating Threat Modeling Transforms Pentesting - DevOps.com

Compliance-driven pentesting often fails to address evolving vulnerabilities in modern software and API environments.
morecompliance

Building Asset and Risk Management on Codebase with Semgrep | HackerNoon

Microservices' structure increases risk due to multiple API handlers and external client interactions, necessitating robust vulnerability assessments.

Code Smell 270 - Boolean APIs | HackerNoon

Replace boolean security flags in APIs with separate endpoints for improved security and maintenance.

Mastering CORS in .NET: 10 Expert Tips for Secure API Configuration | HackerNoon

CORS is essential for API security, limiting access to defined domains and methods.

How to Secure APIs in Microservices with Spring Boot

API security in microservices focuses on protecting data and communications through various practices such as authentication and encryption.
#data-breaches

FCC, Tracfone Wireless reach $16M cyber and privacy settlement

The FCC reached a $16 million settlement with Tracfone Wireless over data breaches and directed a focus on securing application programming interfaces (APIs) to protect customer information.

Tracfone to Pay $16M to FCC for Privacy Settlement

The settlement with TracFone aims to enhance API security, crucial due to APIs being common attack vectors for threat actors.

The top API risks of 2024 and how to mitigate them

APIs are vital in digital interactions but pose severe security risks if not properly managed.

FCC, Tracfone Wireless reach $16M cyber and privacy settlement

The FCC reached a $16 million settlement with Tracfone Wireless over data breaches and directed a focus on securing application programming interfaces (APIs) to protect customer information.

Tracfone to Pay $16M to FCC for Privacy Settlement

The settlement with TracFone aims to enhance API security, crucial due to APIs being common attack vectors for threat actors.

The top API risks of 2024 and how to mitigate them

APIs are vital in digital interactions but pose severe security risks if not properly managed.
moredata-breaches

6 Types of Applications Security Testing You Must Know About

A proactive and holistic application security strategy is crucial to secure applications across different phases of development and deployment.

Protecting APIs in Financial Services with Zero Trust Overlay Mesh Networks

Zero trust is crucial in financial services for API connections and service identity verification.

Every dunder method in a Python Lockbox

The importance of controlling what search engines and AI scrapers are allowed to visit through a specific file or protocol.
The development of tools like Niquests as a drop-in replacement for Requests, aiming for better features and enhancements.

API security risks report exposes Netflix and Wordpress| App Developer Magazine

Wallarm released its Q3-2023 API ThreatStats report, detailing the surge in threats centered around APIs and uncovering critical vulnerabilities.
Injections, cross-site attacks, broken access control, and poor session and password management were among the top API security threats identified.
Authentication, authorization, and access control (AAA) vulnerabilities accounted for 33% of the total vulnerabilities, with OAuth, SSO, and JSON Web Token (JWT) compromised in reputable organizations such as Sentry and WordPress.

ROPC and Refresh Token with ASP.NET Core Identity

Introduction of a single API endpoint for both ROPC and refreshing token in ASP.NET Core Identity.
Usage of strongly typed token API conforming to OAuth 2.0 standards.

Twilio warns Authy users of imminent social engineering attacks after hackers got hold of phone numbers

Twilio Authy faced a security breach where threat actors acquired phone numbers, emphasizing the importance of securing API endpoints.

FireTail Unveils Free Access for All to Cutting-Edge API Security Platform - DevOps.com

FireTail offers a free version of its enterprise-level API security tools, accessible to developers and organizations of any size.

Patch now: 'Easy-to-exploit' RCE in open source Ollama

A vulnerability in Ollama allowed remote code execution, affecting over 1,000 instances. Wiz Research disclosed CVE-2024-37032, fixed in version 0.1.34.
Ollama's vulnerability stemmed from insufficient validation on the server side of its REST API, enabling attackers to trigger API endpoints for remote code execution.
#cloud-security

How can organizations improve their cloud security with Anjuna? - Amazic

Confidential computing is a game-changer in ensuring total data security for sensitive workloads in the cloud.

Managing Cloud Security Posture: Continuous Monitoring and Hardening for Visibility and Compliance | TechRepublic

Cloud adoption is increasing, but so are cloud security risks, requiring strong Cloud Security Posture Management (CSPM) practices.

How can organizations improve their cloud security with Anjuna? - Amazic

Confidential computing is a game-changer in ensuring total data security for sensitive workloads in the cloud.

Managing Cloud Security Posture: Continuous Monitoring and Hardening for Visibility and Compliance | TechRepublic

Cloud adoption is increasing, but so are cloud security risks, requiring strong Cloud Security Posture Management (CSPM) practices.
morecloud-security
[ Load more ]