Tag: api
-
Is the latest book on “Pentesting APIs” any good?
Let’s explore the latest book by Packt Publishing on “Pentesting APIs” and see if it’s worth putting on an API hacker’s bookshelf. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/is-the-latest-book-on-pentesting-apis-any-good/
-
5 SaaS Misconfigurations Leading to Major Fu*%@ Ups
With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk po… First seen on thehackernews.com Jump to article: thehackernews.com/2024/11/5-saas-misconfigurations-leading-to.html
-
Snyk Acquires Probely to Strengthen API Security for AI Apps
Snyk Boosts API Security with Enhanced Dynamic App Security Testing Capabilities. By buying DAST provider Probely, Snyk bolsters its platform with advanced API security testing for early SDLC stages. This acquisition aims to help developers identify and reduce vulnerabilities in AI-driven and API-heavy applications. Full integration into Snyk’s platform is slated for early 2025. First…
-
Fraudsters Abuse DocuSign API for Legit-Looking Invoices
I didn’t see much visibility on this DocuSign hack. This is a situation where the product features were not vetted to understand if they could be misused by malicious fraudsters. There is not a technical vulnerability, it comes down to a design weakness in the product. According to the security team at Wallarm, “An attacker…
-
The Hidden Costs of API Breaches: Quantifying the Long-Term Business Impact
API attacks can be costly. Really costly. Obvious financial impacts like legal fines, stolen finances, and incident response budgets can run into the hundreds of millions. However, other hidden costs often compound the issue, especially if you’re not expecting them. This article will explore the obvious and hidden costs of API breaches, their long-term business…
-
Azure API Management Vulnerabilities Let Attackers Escalate Privileges
Recent discoveries by Binary Security have revealed critical vulnerabilities in Azure API Management (APIM) that could allow attackers with minimal pr… First seen on gbhackers.com Jump to article: gbhackers.com/azure-api-management-vulnerabilities-let-attackers-escalate-privileges/
-
4 Main API Security Risks Organizations Need to Address
First seen on darkreading.com Jump to article: www.darkreading.com/application-security/main-api-security-risks-manage
-
F5 State of Application Strategy Report: API Security 2024 – Ungesicherte APIs sind Sicherheits- und Betriebsrisiko
First seen on security-insider.de Jump to article: www.security-insider.de/api-sicherheit-luecken-https-schutz-report-2024-a-f03eda89344557f660760320928c27e3/
-
Cybercriminals Exploit DocuSign APIs to Send Fake Invoices
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cybercriminals-exploit-docusign/
-
Schnittstellen absichern – Hackern mit API-Tools den Kampf ansagen
First seen on security-insider.de Jump to article: www.security-insider.de/effektive-api-sicherheitstools-zur-identifizierung-von-risiken-a-adf5a114c947682a4d60a3b1c6b1679b/
-
Scammers Use DocuSign API to Evade Spam Filters with Phishing Invoices
First seen on hackread.com Jump to article: hackread.com/scammers-docusign-api-spam-filters-phishing-invoices/
-
DocuSign Abused to Deliver Fake Invoices
Cybercriminals are abusing DocuSign APIs to send bogus email messages that bypass protections such as spam and phishing filters. The post DocuSign Abu… First seen on securityweek.com Jump to article: www.securityweek.com/docusign-apis-abused-to-deliver-fake-invoices/
-
Cybercriminals Exploit DocuSign API to Send Convincing Phishing Invoices at Scale
In a sophisticated twist on phishing, cybercriminals are now leveraging DocuSign’s API to send fraudulent invoices that appear alarmingly authentic, according to a new report from Wallarm security researchers. Unlike... First seen on securityonline.info Jump to article: securityonline.info/cybercriminals-exploit-docusign-api-to-send-convincing-phishing-invoices-at-scale/
-
DocuSign’s API used to lure victims into e-signing fake invoices
Tags: apiFirst seen on scworld.com Jump to article: www.scworld.com/news/docusigns-api-used-to-lure-victims-into-e-signing-fake-invoices
-
DocuSign’s Envelopes API abused to send realistic fake invoices
Threat actors are abusing DocuSign’s Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands li… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/docusigns-envelopes-api-abused-to-send-realistic-fake-invoices/
-
The financial impact of API and bot attacks on large enterprises
First seen on scworld.com Jump to article: www.scworld.com/native/the-financial-impact-of-api-and-bot-attacks-on-large-enterprises
-
‘CrossBarking’ Attack Targeted Secret APIs, Exposing Opera Browser Users
Using a malicious Chrome extension, researchers showed how an attacker could use a now-fixed bug to inject custom code into a victim’s Opera browser t… First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/crossbarking-attack-secret-apis-expose-opera-browser-users
-
Hackers Exploit DocuSign APIs for Phishing Campaign
Cybercriminals are exploiting DocuSign’s APIs to send highly authentic-looking fake invoices, while DocuSign’s forums have reported a rise in such fra… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/hackers-exploit-docusign-apis-for-phishing-campaign/
-
ChatGPT-4o can be used for autonomous voice-based scams
Researchers have shown that it’s possible to abuse OpenAI’s real-time voice API for ChatGPT-4o, an advanced LLM chatbot, to conduct financial scams wi… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chatgpt-4o-can-be-used-for-autonomous-voice-based-scams/
-
Top Traceable API Security Alternative: Escape vs. Traceable
Tags: apiFirst seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/top-traceable-api-security-alternative-escape-vs-traceable/
-
Wichtiger API-Key erbeutet: Neuer Cyberangriff trifft Internet Archive
Dieses Mal wurden über ein System der Organisation massenhaft E-Mails verschickt. Der Angreifer scheint derselbe zu sein, der zuletzt Nutzerdaten erbe… First seen on golem.de Jump to article: www.golem.de/news/wayback-machine-internet-archive-schon-wieder-attackiert-2410-190020.html
-
Private API compromise possible with now-patched Opera bug
Tags: apiFirst seen on scworld.com Jump to article: www.scworld.com/brief/private-api-compromise-possible-with-now-patched-opera-bug
-
Leading the Way in API Security: Which U.S. States Are Setting the Standard?
With just days to go before the U.S. election, securing our digital landscape is more critical than ever. Our latest infographic, Vote for API Securit… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/leading-the-way-in-api-security-which-u-s-states-are-setting-the-standard/
-
Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks
Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findi… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/cybercriminals-exploiting-docker-api.html
-
‘CrossBarking’ Attack Targets Secret APIs, Exposes Opera Browser Users
Using a malicious Chrome extension, researchers showed how an attacker could use a now-fixed bug to inject custom code into a victim’s Opera browser t… First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/crossbarking-attack-secret-apis-expose-opera-browser-users
-
API Security Matters: The Risks of Turning a Blind Eye
Willfully ignoring important security issues to make our lives easier is, unfortunately, something that does happen in the security field. The post A… First seen on securityweek.com Jump to article: www.securityweek.com/api-security-matters-the-risks-of-turning-a-blind-eye/
-
Product showcase: Shift API security left with StackHawk
With the proliferation of APIs, and the speed at which AI functionality is helping fuel innovation, a strategic approach for securing APIs is no longe… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/30/product-showcase-stackhawk/
-
DEF CON 32 AppSec Village Gridlock The Dual Edged Sword of EV and Solar APIs in Grid Security
Authors/Presenters:Vangelis Stykas Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their timely DEF CON 32 erudite cont… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/def-con-32-appsec-village-gridlock-the-dual-edged-sword-of-ev-and-solar-apis-in-grid-security/
-
Securing APIs in Retail: Safeguarding Customer Data
The retail industry’s digital transformation has made secure APIs essential to modern operations since they are at the core of this shift. APIs power … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/securing-apis-in-retail-safeguarding-customer-data/
-
Survey Surfaces Fundamental Weaknesses in API Security
Traceable AI today published a global survey of 1,548 IT and cybersecurity professionals that finds well over half (57%) work for organizations that h… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/survey-surfaces-fundamental-weaknesses-in-api-security/