API Archives - Page 2 of 2 - Cyber Security Minute

T-Mobile Breached Again, This Time Exposing 37M Customers’ Data

Issued by: Dark Reading

T-Mobile has disclosed a new, enormous breach that occurred in November, which was the result of the compromise of a single application programming interface (API). The result? The exposure of the personal data of more than 37 million prepaid and postpaid customer accounts. For those keeping track, this latest disclosure marks the second sprawling T-Mobile…

Software Security

Software Supply Chain Security Needs a Bigger Picture

Issued by: Dark Reading

The intricate labyrinth of open source dependencies across the global software supply chain has created an application security puzzle of mammoth proportions. Whether open source or closed, most of the world’s software today is built on third-party components and libraries. Consequently, one piece of vulnerable code in even the smallest of open source projects can…

Application Security

What Are Some Ways to Make APIs More Secure?

Issued by: Dark Reading

Businesses of all sizes and across all industries routinely rely on internal APIs to unite their line-of-business apps, and on external APIs to share data or services with vendors, customers, or partners. Because a single API may have access to multiple applications or services, compromising the API is an easy way to compromise a broad…

Application Security

Wib Launches API Security Platform After Raising $16 Million

Issued by: Security Week

The company says its API security platform provides complete visibility and control. Its capabilities include automated inventory and change management, and the platform enables organizations to identify rogue and shadow APIs, and analyze business risk and impact. Wib was founded in August 2021 by serial entrepreneur Gil Don (CEO), Ran Ohayon (CRO) and Tal Steinherz….

Software Security

Traceable AI announces enhanced data security capabilities to address more specific types of API attacks

Issued by: Help Net Security

At Black Hat USA 2022, Traceable AI announced enhanced capabilities to address more specific types of API attacks, including API abuse and misuse, fraud and malicious API bots, all of which contribute to serious data security and compliance challenges within organizations today. These additional capabilities enable organizations to detect, stop and eliminate these types of…

Application Security

Credential Sharing as a Service: The Hidden Risk of Low-Code/No-Code

Issued by: Dark Reading

According to the “2022 Verizon Data Breach Investigations Report,” stolen credentials were the top path leading to data breaches. More often than phishing or exploiting vulnerabilities, attackers gain direct access to credentials, letting them virtually walk into victim organizations using the front door. Low-code/no-code platforms make it extremely easy for users to share their credentials…

Vulnerabilities

U.S. Agencies Warn of APTs Exploiting Recent ADSelfService Plus Zero-Day

Issued by: Security Week

Tracked as CVE-2021-40539 and rated critical severity (CVSS score of 9.8), the vulnerability has been exploited since August 2021 to execute code remotely and take over vulnerable systems. Affecting the representational state transfer (REST) application programming interface (API) URLs of the self-service password management and single sign-on solution, the issue is an authentication bypass bug…

Application Security

Noname Security Raises $60 Million in Series B Funding

Issued by: Security Week

Founded in 2020, the Silicon Valley-based enterprise API security startup aims to help organizations secure both managed and unmanaged APIs. The startup says it has seen fast growth since emerging from stealth in December 2020. Over the past six months, the company has attracted 40 channel, reseller, and technology partners, while also adding hundreds of…

Software Security

Cequence API Sentinel: Discovering and analyzing all org’s APIs to detect and mitigate security risks

Issued by: Help Net Security

Cequence Security announced the general availability of Cequence API Sentinel, a runtime API security solution that delivers continuous run-time API visibility, shadow API discovery, risk analysis, and conformance assessment. With the addition of API Sentinel, Cequence delivers the industry’s only multi-threat API security solution that unifies visibility, vulnerability protection, bot mitigation, and business logic abuse…

Vulnerabilities

APIs: The Trojan horses of security

Issued by: Help Net Security

At the moment, within the cybersecurity industry the emphasis tends to be on securing networks with perimeter-based protection, however, leaving an application endpoint unsecured means an application programming interface (API) can serve as a gateway to the data centre by which attackers can effectively attack the backend via bots, and compromised or impersonating applications. With…