Tag: api

Hackers Seize Control of 3,000 Companies Through Critical Vulnerabilities

Jan 29, 2025 6:36 AM

Tags: api, control, cyber, cybersecurity, data-breach, flaw, hacker, risk, vulnerability

In a groundbreaking cybersecurity investigation, researchers identified several critical vulnerabilities in a target system, eventually gaining control over 3,000 subsidiary companies managed by a parent organization. The exploration leveraged flaws in API configurations, bypassed key security protocols, and exposed sensitive employee and customer data. This research spanned three weeks and demonstrated the persistent risks of…
API Supply Chain Attacks, The Sky’s the Limit

Jan 28, 2025 6:36 PM

Tags: access, api, attack, authentication, awareness, business, control, credentials, credit-card, data, defense, email, endpoint, exploit, flaw, GDPR, governance, jobs, login, malicious, mobile, penetration-testing, phone, programming, risk, service, supply-chain, technology, unauthorized, vulnerability

Account takeover of a third-party service provider may put millions of airline users worldwide at risk. Summary Salt Labs has identified an account takeover vulnerability in a popular online top-tier travel service for hotel and car rentals. The service is integrated into dozens of commercial airline online services and allows airline users to add hotel…
API Supply Chain Attacks Put Millions of Airline Users at Risk

Jan 28, 2025 3:37 PM

Tags: api, attack, risk, service, supply-chain

An API supply-chain attack affecting a popular online travel booking service put millions of airline users at risk First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/api-supply-chain-attacks-millions/
Critical Apache Solr Vulnerability Grants Write Access to Attackers on Windows

Jan 27, 2025 6:03 PM

Tags: access, apache, api, cyber, exploit, risk, vulnerability, windows

A new security vulnerability has been uncovered in Apache Solr, affecting versions 6.6 through 9.7.0. The issue, classified as a Relative Path Traversal vulnerability, exposes Solr instances running on Windows to potential risks of arbitrary file path manipulation and write-access. Tracked as SOLR-17543, this vulnerability could permit attackers to exploit the >>configset upload
Do We Really Need The OWASP NHI Top 10?

Jan 27, 2025 2:03 PM

Tags: api, application-security, framework, identity

The Open Web Application Security Project has recently introduced a new Top 10 project – the Non-Human Identity (NHI) Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used API and Web Application security lists. Non-human identity security represents…
CISOs’ top 12 cybersecurity priorities for 2025

Jan 27, 2025 11:03 AM

Tags: access, ai, api, attack, authentication, automation, awareness, business, cio, ciso, cloud, compliance, control, corporate, cybersecurity, data, detection, framework, governance, identity, incident response, infrastructure, intelligence, jobs, mitigation, monitoring, mssp, oracle, penetration-testing, privacy, risk, risk-management, service, strategy, technology, threat, training, usa, zero-trust

Security chief Andrew Obadiaru’s to-do list for the upcoming year will be familiar to CISOs everywhere: advance a zero-trust architecture in the organization; strengthen identity and access controls as part of that drive; increase monitoring of third-party risks; and expand the use of artificial intelligence in security operations.”Nothing is particularly new, maybe AI is newer,…
Securing APIs at Scale: How to Achieve Comprehensive API Visibility and Threat Detection

Jan 23, 2025 10:22 PM

Tags: api, data, detection, exploit, malicious, threat, vulnerability

e=4>APIs are the backbone of modern applications, enabling connectivity and functionality across diverse systems. However, the growing complexity of API ecosystems introduces vulnerabilities that attackers exploit to disrupt operations, steal data, or launch other malicious activities. Without real-time visibility and robust threat detection, businesses face significant risks. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/securing-apis-at-scale-how-to-achieve-comprehensive-api-visibility-threat-a-27364
Treasury Department Breach: A Crucial Reminder for API Security in the Public Sector

Jan 23, 2025 6:22 PM

Tags: access, ai, api, application-security, attack, authentication, breach, china, cve, cyber, data, detection, exploit, finance, flaw, framework, governance, government, hacker, healthcare, infrastructure, injection, malicious, monitoring, network, programming, risk, siem, software, sql, strategy, supply-chain, threat, tool, unauthorized, vpn, vulnerability, zero-day, zero-trust

The recent cyber breach at the U.S. Treasury Department, linked to state-sponsored Chinese hackers, has set off alarm bells in the public sector. As the investigation continues, this incident reveals a pressing issue that all government agencies must confront: securing their APIs (Application Programming Interfaces). APIs are essential connections within our digital infrastructure, facilitating communication…
Cisco Warns of Critical Privilege Escalation Vulnerability in Meeting Management Platform

Jan 23, 2025 1:22 PM

Tags: advisory, api, cisco, exploit, vulnerability

Cisco has issued a security advisory regarding a critical privilege escalation vulnerability found in Cisco Meeting Management. The vulnerability is tied to the REST API component of the platform, and if exploited, it could allow an attacker to escalate their privileges from a low-level authenticated user to an administrator. First seen on thecyberexpress.com Jump to…
New Supply Chain Attack Targeting Chrome Extensions to Inject Malicious Code

Jan 23, 2025 11:22 AM

Tags: api, attack, authentication, browser, chrome, cyber, data, injection, malicious, phishing, supply-chain

A sophisticated supply chain attack targeting Chrome browser extensions has come to light, potentially compromising hundreds of thousands of users. The attack, which unfolded in December 2024, involved phishing campaigns aimed at extension developers and the injection of malicious code into legitimate Chrome extensions. Sensitive user data, including API keys, session cookies, and authentication tokens…
Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)

Jan 23, 2025 8:22 AM

Tags: api, cisco, cve, cvss, flaw, software, update, vulnerability

Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker to gain administrator privileges on susceptible instances.The vulnerability, tracked as CVE-2025-20156, carries a CVSS score of 9.9 out 10.0. It has been described as a privilege escalation flaw in the REST API of Cisco…
Cisco Warns of Meeting Management API Privilege Escalation Vulnerability

Jan 23, 2025 7:22 AM

Tags: access, advisory, api, cisco, control, cyber, flaw, threat, vulnerability

Cisco has issued a critical advisory regarding a privilege escalation vulnerability in its Meeting Management REST API. The flaw tracked as CVE-2025-20156, allows a remote, authenticated attacker with low privileges to elevate their access to administrator-level control on affected devices, posing a significant threat to affected systems. Vulnerability Details The vulnerability stems from improper authorization enforcement…
Empowering Teams with Secure API Management

Jan 23, 2025 6:22 AM

Tags: api, cybersecurity, programming, strategy

Why is Secure API Management Essential for Team Empowerment? Is API management a critical aspect of your organization’s cybersecurity strategy? It should be. APIs, or Application Programming Interfaces, are the engines that power today’s digital ecosystem. They enable systems to communicate, allowing for streamlined operations and improved productivity. However, incorrectly managed APIs expose businesses to……
Google Cloud Security Threat Horizons Report #11 Is Out!

Jan 22, 2025 11:22 PM

Tags: access, api, apt, attack, authentication, breach, business, cloud, corporate, credentials, cybersecurity, data, detection, exploit, extortion, google, identity, intelligence, leak, mfa, password, phishing, ransomware, service, tactics, theft, threat, tool, vulnerability

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Threat Horizons Report, #11 (full version) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8, #9 and #10). My favorite quotes from the report follow below:…
‘Severe’ bug in ChatGPT’s API could be used to DDoS websites

Jan 22, 2025 9:24 PM

Tags: api, chatgpt, ddos, programming, vulnerability

The vulnerability, described by a researcher as “bad programming,” allows an attacker to send unlimited connection requests through ChatGPT’s API. First seen on cyberscoop.com Jump to article: cyberscoop.com/ddos-openai-chatgpt-api-vulnerability-microsoft/
25 on 2025: APAC security thought leaders share their predictions and aspirations

Jan 22, 2025 8:22 PM

Tags: access, advisory, ai, api, attack, authentication, awareness, best-practice, breach, business, ciso, cloud, compliance, control, cryptography, csf, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, data-breach, deep-fake, detection, disinformation, encryption, endpoint, exploit, extortion, finance, framework, fraud, government, group, hacking, Hardware, identity, incident, incident response, infrastructure, injection, intelligence, international, iot, malicious, malware, microsoft, monitoring, network, nist, phishing, privacy, ransomware, regulation, resilience, risk, risk-management, scam, service, skills, social-engineering, software, spear-phishing, strategy, supply-chain, tactics, technology, threat, tool, training, update, vulnerability, warfare, zero-trust

As threat actors and security teams harness the growing potential of artificial intelligence (AI), who will prevail? From generative AI (GenAI) to agentic AI, we look through the lens of 25 of Asia-Pacific’s thought leaders in security and dive into their predictions and goals for the year. src=”https://b2b-contenthub.com/wp-content/uploads/2025/01/Athikom.jpg?quality=50&strip=all” alt=”athikom” loading=”lazy” width=”400px”>Athikom Kanchanavibhu Chief Information Security…
The Quiet Rise of the ‘API Tsunami’

Jan 22, 2025 8:22 PM

Tags: access, api, attack, authentication, breach, business, cloud, compliance, control, data, data-breach, encryption, endpoint, finance, GDPR, healthcare, HIPAA, infrastructure, law, leak, mail, malicious, mfa, mobile, monitoring, network, privacy, programming, regulation, risk, security-incident, service, threat, tool, unauthorized, update, vulnerability

As enterprises increasingly adopt cloud-native architectures, microservices, and third-party integrations, the number of Application Programming Interfaces (APIs) has surged, creating an “API tsunami” in an organization’s infrastructure that threatens to overwhelm traditional management practices. As digital services proliferate, so does the development of APIs, which allow various applications to communicate or integrate with each other…
Cyber Insights 2025: APIs The Threat Continues

Jan 22, 2025 3:22 PM

Tags: api, cyber, threat

APIs are easy to develop, simple to implement, and frequently attacked. They are prime and lucrative targets for cybercriminals. The post Cyber Insights 2025: APIs The Threat Continues appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cyber-insights-2025-apis-the-threat-continues/
ChatGPT-Lücke ermöglicht DDoS-Attacken

Jan 21, 2025 4:22 PM

Tags: api, chatgpt, ddos, firewall, microsoft, openai

srcset=”https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2560810077.jpg?quality=50&strip=all 3696w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2560810077.jpg?resize=300%2C168&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2560810077.jpg?resize=768%2C432&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2560810077.jpg?resize=1024%2C576&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2560810077.jpg?resize=1536%2C864&quality=50&strip=all 1536w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2560810077.jpg?resize=2048%2C1152&quality=50&strip=all 2048w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2560810077.jpg?resize=1240%2C697&quality=50&strip=all 1240w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2560810077.jpg?resize=150%2C84&quality=50&strip=all 150w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2560810077.jpg?resize=854%2C480&quality=50&strip=all 854w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2560810077.jpg?resize=640%2C360&quality=50&strip=all 640w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2560810077.jpg?resize=444%2C250&quality=50&strip=all 444w” width=”1024″ height=”576″ sizes=”(max-width: 1024px) 100vw, 1024px”>Über eine HTTP-Anfrage an die ChatGPT-API können Angreifer eine Zielwebseite mit Tausenden Netzwerkanfragen bombardieren. miss.cabul Shutterstock.comDer Sicherheitsforscher Benjamin Flesch hat kürzlich herausgefunden, dass eine Lücke im ChatGPT-Crawler für…
ChatGPT API flaws could allow DDoS, prompt injection attacks

Jan 21, 2025 3:22 PM

Tags: api, attack, chatgpt, cvss, data, ddos, exploit, flaw, github, injection, Internet, microsoft, network, openai, programming, service, software, threat, vulnerability

OpenAI-owned ChatGPT might have a vulnerability that could allow threat actors to launch distributed denial of service (DDoS) attacks on unsuspecting targets. According to a discovery made by German security researcher Benjamin Flesch, the ChatGPT crawler, which OpenAI uses to collect data from the internet to improve ChatGPT, can be tricked into DDoSing arbitrary websites. “ChatGPT crawler…
API Security’s Role in Responsible AI Deployment

Jan 21, 2025 12:22 PM

Tags: ai, api, intelligence, programming

By now, you will almost certainly be aware of the transformative impact artificial intelligence (AI) technologies are having on the world. What you may not be aware of, however, is the role Application Programming Interfaces (APIs) are playing in the AI revolution. The bottom line is that APIs are critical to AI systems but […]…
Fleet: Open-source platform for IT and security teams

Jan 21, 2025 6:22 AM

Tags: api, open-source

Fleet is an open-source platform for IT and security teams managing thousands of computers. It’s designed to work seamlessly with APIs, GitOps, webhooks, and YAML … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/21/fleet-open-source-platform-it-security-teams/
ChatGPT Crawler Vulnerability Abused to Trigger Reflexive DDoS Attacks

Jan 20, 2025 2:22 PM

Tags: ai, api, attack, chatgpt, cloud, cvss, cyber, ddos, exploit, microsoft, openai, service, vulnerability

Security researchers have uncovered a severe vulnerability in OpenAI’s ChatGPT API, allowing attackers to exploit its architecture for launching Reflective Distributed Denial of Service (DDoS) attacks. This loophole, characterized by a high severity CVSS score of 8.6, raises significant concerns regarding the scalability and security of AI services deployed on cloud platforms, specifically Microsoft’s Azure.…
HPE’s sensitive data exposed in alleged IntelBroker hack

Jan 20, 2025 1:22 PM

Tags: access, api, apple, breach, cisco, data, data-breach, docker, email, github, hacker, leak, marketplace, mobile, open-source, sap, service, software, threat

IntelBroker has struck again. This time, the notorious BreachForums bigwig, which has a long list of high-profile victims, including Europol, Cisco, and GE, has claimed to have breached IT giant Hewlett Packard Enterprise (HPE).The suspected Serbian-origin hacker is offering to sell on BreachForums, sensitive data allegedly stolen from HPE including product source codes and personally…
Forscher deckt auf: ChatGPT lässt sich für DDoS-Angriffe missbrauchen

Jan 20, 2025 12:22 PM

Tags: api, chatgpt, cyberattack, ddos

Eine ChatGPT-API scheint bereitwillig eine lange Liste von Links zur gleichen Webseite anzunehmen – und diese anschließend ungebremst abzufragen. First seen on golem.de Jump to article: www.golem.de/news/forscher-deckt-auf-chatgpt-laesst-sich-fuer-ddos-angriffe-missbrauchen-2501-192565.html
Considerations for Selecting the Best API Authentication Option

Jan 20, 2025 11:22 AM

Tags: api, authentication, compliance, data, fraud, privacy

Implementing API authentication is one of the most critical stages of API design and development. Properly implemented authentication protects data, user privacy, and other resources while streamlining compliance, preventing fraud, and establishing accountability. In fact, broken authentication is one of the leading causes of API-related breaches. Ultimately, by applying robust authentication mechanisms, organizations can dramatically…
A Brief Guide for Dealing with ‘Humanless SOC’ Idiots

Jan 18, 2025 7:24 AM

Tags: ai, api, attack, automation, business, cloud, computing, data, defense, detection, guide, intelligence, jobs, LLM, mssp, siem, soc, technology, threat, tool

image by Meta.AI lampooning humanless SOC My former “colleagues” have written several serious pieces of research about why a SOC without humans will never happen (“Predict 2025: There Will Never Be an Autonomous SOC”, “The “Autonomous SOC” Is A Pipe Dream”, “Stop Trying To Take Humans Out Of Security Operations”). But I wanted to write…
BeyondTrust Breach Exposes API Key Abuse Risks

Jan 17, 2025 11:57 AM

Tags: api, attack, breach, data-breach, risk

3 min readWhen a single API key compromise spiraled into a broader attack, it exposed how overlooked non-human identities can become gateways for escalating threats. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/beyondtrust-breach-exposes-api-key-abuse-risks/
Open Banking Shortcomings Threaten UK Global Leadership Position Research Finds

Jan 15, 2025 12:02 PM

Tags: api, banking, credit-card, data-breach, finance, law

APIContext has released its UK Open Banking API Performance 2023-2024 Report, the annual analysis of the performance of the open banking APIs exposed by the large CMA9 UK banks (the nine largest banks required by UK law to provide open banking services), traditional High Street banks, credit card providers, building societies, and new digital banks (neobanks).…
Exabeam enhances security platform with Open-API, automation

Jan 14, 2025 9:04 PM

Tags: api, automation

First seen on scworld.com Jump to article: www.scworld.com/brief/exabeam-enhances-security-platform-with-open-api-automation