What Are Some Ways to Make APIs More Secure?
Businesses of all sizes and across all industries routinely rely on internal APIs to unite their line-of-business apps, and on external APIs to share data or services with vendors, customers, or partners. Because a single API may have access to multiple applications or services, compromising the API is an easy way to compromise a broad…
Nearly Half of Enterprise Endpoints Present Significant Security Risks
.Adaptiva today released the inaugural “Managing Risks and Costs at the Edge” report. Sponsored by Adaptiva and conducted by Ponemon Institute, 629 IT and IT security practitioners in the United States were surveyed, representing an average organizational headcount of 13,213 and IT budget of $184,366,500. Respondents indicated that most enterprises struggle to maintain visibility and…
Serious Vulnerabilities Found in AWS’s Log4Shell Hot Patches
Apache Log4j vulnerabilities disclosed in December 2021, including the one tracked as Log4Shell, can allow attackers to remotely execute arbitrary code and take control of vulnerable systems. In response to these flaws, AWS released multiple hot patches – each suitable for a different environment, including servers, Kubernetes, Elastic Container Service (ECS) and Fargate – that…
Researchers discover how to pinpoint the location of a malicious drone operator
Researchers at Ben-Gurion University of the Negev (BGU) have determined how to pinpoint the location of a drone operator who may be operating maliciously or harmfully near airports or protected airspace by analyzing the flight path of the drone. Drones (small commercial unmanned aerial systems) pose significant security risks due to their agility, accessibility and…
Cequence API Sentinel: Discovering and analyzing all org’s APIs to detect and mitigate security risks
Cequence Security announced the general availability of Cequence API Sentinel, a runtime API security solution that delivers continuous run-time API visibility, shadow API discovery, risk analysis, and conformance assessment. With the addition of API Sentinel, Cequence delivers the industry’s only multi-threat API security solution that unifies visibility, vulnerability protection, bot mitigation, and business logic abuse…
A casual approach to workplace communications presents major security risks
Workers are comfortable sharing personal, sensitive and confidential information over chat platforms. They practice risky digital habits, and don’t care if their communications are leaked. Symphony Communication Services Workplace Confidential Survey, which polled over 1,500 workers in the U.S. and U.K., examined the growth of new collaboration tools and platforms entering the workplace. The findings…
Mitigating the Security Risks of Cloud-Native Applications
Containers represent the most significant computing advancements for enterprise IT since VMware introduced its first virtualization product, Workstation 1.0, in 1999. They enable organizations to build, ship, and run applications faster than ever, fueling the rise of the DevOps movement. It’s important for CISOs to realize that while containers can create more secure application development…
What is the New York Cybersecurity Regulation? What you need to do to comply
In March 2017, the New York State Department of Financial Services (DFS) implemented 23 NYCRR 500, generally referred to as the New York Cybersecurity Regulation. Its aim is to encourage financial services firms doing business in the state to minimize their security risks. Although many experts see the regulation as flawed, 23 NYCRR 500 is…
Hackers Can Abuse Text Editors for Privilege Escalation
Several popular text editors can be leveraged for privilege escalation and their developers do not plan on taking any action to prevent abuse, according to SafeBreach, a company that specializes in simulating attacks and breaches. Some text editors allow users to run third-party code and extend the application’s functionality through extensions. While this provides some…
How Smart Cities Can Minimize the Threat of Cyber Attacks
As cities face the digital future, governments must prioritize cybersecurity protocols to mitigate attacks that could cripple entire communities. In the not-so-distant future, smart cities will weave the Internet of Things (IoT) and interconnected devices into existing technology infrastructure to bring entire communities online. Singapore, for example, recently launched its Smart Nation program, deploying citywide…