API Archives - Cyber Security Minute

Safe Security Raises $50M to Bring ML to Risk Quantification

Issued by: DataBreach Today

A cyber risk quantification startup backed by ex-Cisco CEO John Chambers has raised $50 million to apply machine-learning technology and build more API adapters. The Silicon Valley-based company said the Series B funding will allow Safe Security to capitalize on generative artificial intelligence to help nontechnical leaders better understand their organizations security postures, said co-founder…

Application Security

Hacker Cracks Toyota Customer Search Tool

Issued by: Dark Reading

A production API in Toyota’s C360 customer relationship management (CRM) tool loaded with the personal information of an unknown number of the carmaker’s customers in Mexico was found to expose reams of sensitive data. A disclosure from threat hunter Eaton Zveare outlines how it was possible to access Toyota customers’ names, addresses, phone numbers, emails,…

Malware & Threats

Scores of Redis Servers Infested by Sophisticated Custom-Built Malware

Issued by: Dark Reading

An unknown threat actor has been quietly mining Monero cryptocurrency on open source Redis servers around the world for years, using a custom-made malware variant that is virtually undetectable by agentless and conventional antivirus tools. Since September 2021, the threat actor has compromised at least 1,200 Redis servers — that thousands of mostly smaller organizations…

Application Security

Nvidia targets insider attacks with digital fingerprinting technology

Issued by: CSO Online

Nvidia today announced that a digital lab playground for its latest security offering is now available, letting users try out an AI-powered system designed to monitor individual user accounts for potentially hazardous behavior. The idea, according to the company, is to leverage the large amounts of data that many organizations compile anyway about login and…

Malware & Threats

T-Mobile Breached Again, This Time Exposing 37M Customers’ Data

Issued by: Dark Reading

T-Mobile has disclosed a new, enormous breach that occurred in November, which was the result of the compromise of a single application programming interface (API). The result? The exposure of the personal data of more than 37 million prepaid and postpaid customer accounts. For those keeping track, this latest disclosure marks the second sprawling T-Mobile…

Software Security

Software Supply Chain Security Needs a Bigger Picture

Issued by: Dark Reading

The intricate labyrinth of open source dependencies across the global software supply chain has created an application security puzzle of mammoth proportions. Whether open source or closed, most of the world’s software today is built on third-party components and libraries. Consequently, one piece of vulnerable code in even the smallest of open source projects can…

Application Security

What Are Some Ways to Make APIs More Secure?

Issued by: Dark Reading

Businesses of all sizes and across all industries routinely rely on internal APIs to unite their line-of-business apps, and on external APIs to share data or services with vendors, customers, or partners. Because a single API may have access to multiple applications or services, compromising the API is an easy way to compromise a broad…

Application Security

Wib Launches API Security Platform After Raising $16 Million

Issued by: Security Week

The company says its API security platform provides complete visibility and control. Its capabilities include automated inventory and change management, and the platform enables organizations to identify rogue and shadow APIs, and analyze business risk and impact. Wib was founded in August 2021 by serial entrepreneur Gil Don (CEO), Ran Ohayon (CRO) and Tal Steinherz….

Software Security

Traceable AI announces enhanced data security capabilities to address more specific types of API attacks

Issued by: Help Net Security

At Black Hat USA 2022, Traceable AI announced enhanced capabilities to address more specific types of API attacks, including API abuse and misuse, fraud and malicious API bots, all of which contribute to serious data security and compliance challenges within organizations today. These additional capabilities enable organizations to detect, stop and eliminate these types of…

Application Security

Credential Sharing as a Service: The Hidden Risk of Low-Code/No-Code

Issued by: Dark Reading

According to the “2022 Verizon Data Breach Investigations Report,” stolen credentials were the top path leading to data breaches. More often than phishing or exploiting vulnerabilities, attackers gain direct access to credentials, letting them virtually walk into victim organizations using the front door. Low-code/no-code platforms make it extremely easy for users to share their credentials…