Tag: api
-
Daten- und Benutzertracking bei Telekom per API
Tags: apiUnschöne Geschichte: Die Deutsche Telekom scheint die Übersicht über ihre APIs etwas verloren zu haben. Lilith Wittmann hat eine Webseite online geste… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/07/14/daten-und-benutzertracking-bei-telekom-per-api/
-
USENIX Security ’23 NAUTILUS: Automated RESTful API Vulnerability Detection
Authors/Presenters:Gelei Deng, Zhiyi Zhang,Yuekang Li, Yi Liu, Tianwei Zhang, Yang Liu, Guo Yu, Dongjin Wang Many thanks to USENIX for publishing thei… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/usenix-security-23-nautilus-automated-restful-api-vulnerability-detection/
-
Lessons Learned From Exposing Unusual XSS Vulnerabilities
Misunderstood browser APIs are often at the core of many web security issues. With the rapid expansion of web APIs, keeping up with security best prac… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/lessons-learned-from-exposing-unusual-xss-vulnerabilities/
-
Finding hidden API parameters
Tags: apiFirst seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/finding-hidden-api-parameters/
-
Cloudy with a Chance of Cyberattack: Understanding LOTC Attacks and How ZTNA Can Prevent Them
With Living Off the Cloud (LOTC) attacks, hackers abuse APIs of trusted cloud services to remotely control botnets but also to make malicious traffic … First seen on securityweek.com Jump to article: www.securityweek.com/cloudy-with-a-chance-of-cyberattack-understanding-lotc-attacks-and-how-ztna-can-prevent-them/
-
Authy: Hacker greifen Millionen von Telefonnummern über eine ungesicherte API ab
Nachdem Kriminelle eine CSV-Datei mit Telefonnummern von angeblich 33 Millionen Authy-Nutzern geleakt haben, drohen unter anderem SMS-Phishing-Attacke… First seen on heise.de Jump to article: www.heise.de/news/MFA-App-Authy-Unzaehlige-Telefonnummern-ueber-ungesicherte-API-abgegriffen-9789229.html
-
KI-Handheld: Bastler entdecken kritische API-Keys im Code des Rabbit R1
Mit den API-Keys können Angreifer angeblich auf bisherige Antworten aller R1-Geräte zugreifen, neue Antworten manipulieren und sämtliche KI-Handhelds … First seen on golem.de Jump to article: www.golem.de/news/ki-handheld-bastler-entdecken-kritische-api-keys-im-code-des-rabbit-r1-2406-186492.html
-
Join Cequence Security at Black Hat 2024: Protect What Connects You
Tags: apiProtect What Connects with Cequence Application and API Security Solutions at Black Hat 2024 We are thrilled to announce that Cequence Security will b… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/join-cequence-security-at-black-hat-2024-protect-what-connects-you/
-
Sicherheitslücke: Ungeschützte API liefert sensible Daten deutscher Häftlinge
Welcher Häftling wann mit seinem Anwalt oder Therapeuten telefoniert hat, ist aufgrund der Sicherheitslücke für jedermann einsehbar gewesen. Betroffen… First seen on golem.de Jump to article: www.golem.de/news/sicherheitsluecke-ungeschuetzte-api-liefert-sensible-daten-deutscher-haeftlinge-2406-186483.html
-
Hackers abused API to verify millions of Authy MFA phone numbers
Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-abused-api-to-verify-millions-of-authy-mfa-phone-numbers/
-
Organizations use outdated approaches to secure APIs
Security teams are struggling to keep pace with the risks posed by organizations’ dependency on modern applications, the technology that underpins all… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/04/modern-applications-risks/
-
Hackers Abused Twilio API To Verify Phone Numbers used For MFA
An unauthenticated endpoint vulnerability allowed threat actors to identify phone numbers associated with Authy accounts, which was identified, and th… First seen on gbhackers.com Jump to article: gbhackers.com/hackers-exploit-twilio-api-mfa/
-
Why API Discovery is Important for Financial Companies
First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/why-api-discovery-is-important-for-financial-companies/
-
Twilio’s Authy Breach: The Attack via an Unsecured API Endpoint
A recap of Twilio’s Authy app breach, which exposed 33 million phone numbers. Including the impacts, lessons learnt and recommendations to enhance you… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/twilios-authy-breach-the-attack-via-an-unsecured-api-endpoint/
-
Understanding API Key Verification
Tags: apiAs organizations look to improve their API security, two distinct approaches to API key verification have emerged, centralized and decentralized verif… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/understanding-api-key-verification/
-
Breach Debrief Series: Twilio’s Authy Breach is a MFA Wakeup Call
Inside the Hack Earlier this week, Twilio issued a security alert informing customers that hackers had exploited a security lapse in the Authy API to … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/breach-debrief-series-twilios-authy-breach-is-a-mfa-wakeup-call/
-
Authy: Hacker greifen Millionen von Telefonnumern über eine ungesicherte API ab
Nachdem Kriminelle eine CSV-Datei mit Telefonnummern von angeblich 33 Millionen Authy-Nutzern geleakt haben, drohen unter anderem SMS-Phishing-Attacke… First seen on heise.de Jump to article: www.heise.de/news/MFA-App-Authy-Unzaehlige-Telefonnummern-ueber-ungesicherte-API-abgegriffen-9789229.html
-
MFA-App Authy: Unzählige Telefonnummern über ungesicherte API abgegriffen
Nachdem Kriminelle eine CSV-Datei mit Telefonnummern von angeblich 33 Millionen Authy-Nutzern geleakt haben, drohen unter anderem SMS-Phishing-Attacke… First seen on heise.de Jump to article: www.heise.de/news/MFA-App-Authy-Unzaehlige-Telefonnummern-ueber-ungesicherte-API-abgegriffen-9789229.html
-
Weaponizing API discovery metadata
Tags: apiFirst seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/weaponizing-api-discovery-metadata/
-
An Analysis of Kuppinger Cole’s Selection Criteria for API Management and Security
Tags: apiFirst seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/an-analysis-of-kuppinger-coles-selection-criteria-for-api-management-and-security/
-
Sicherheitslücke in Gefängnis-Telefonanlage legt sensible Daten offen
Sicherheitsforscherin Lilith Wittmann hat eine schwere Sicherheitslücke in der API einer Gefängnis-Telefonanlage öffentlich gemacht. Über die API konn… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/06/27/sicherheitslcke-in-gefngnis-telefonanlage-legt-sensible-daten-offen/
-
What is Crowdsourced Penetration Testing: Benefits,Risks,Comparisons
Organisations of all sizes rely heavily on new technology such as cloud, mobile, web applications, and APIs, making them prime targets for cyberattack… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/what-is-crowdsourced-penetration-testing-benefitsriskscomparisons/
-
New Malware Targets Exposed Docker APIs for Cryptocurrency Mining
Cybersecurity researchers have uncovered a new malware campaign that targets publicly exposed Docket API endpoints with the aim of delivering cryptocu… First seen on thehackernews.com Jump to article: thehackernews.com/2024/06/new-malware-targets-exposed-docker-apis.html
-
6 Tips for Preventing DDoS Attacks Using Rate Limits
Rate limiting is a well-known technique for limiting network traffic to web servers, APIs, or other online services. It is also one of the methods ava… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/6-tips-for-preventing-ddos-attacks-using-rate-limits/
-
Salt Security Survey Reveals 95% of Respondents Experienced API Security Problems in Past Year
Tags: apiAPI security professionals at Salt Security have revealed the findings of their latest Salt Labs State of API Security Report, 2024. The research, whi… First seen on itsecurityguru.org Jump to article: www.itsecurityguru.org/2024/06/18/salt-security-survey-reveals-95-of-respondents-experienced-api-security-problems-in-past-year
-
Developer errors lead to long-term exposure of sensitive data in Git repos
Credentials, API tokens, and passkeys collectively referred to as secrets from organizations around the globe were exposed for years, according to Aqu… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/06/26/git-exposed-secrets/
-
Coding Error In Forgotten API Blamed For Massive Data Breach
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36018/Coding-Error-In-Forgotten-API-Blamed-For-Massive-Data-Breach.html
-
How to build a Copilot for Security API Plugin Part 1
Tags: apiFirst seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/how-to-build-a-copilot-for-security-api-plugin-part-1/
-
Chrome for Android tests feature that securely verifies your ID with sites
Google is testing a new feature called Digital Credential API for Chrome on Android that will allow websites to request identity information from mobi… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/chrome-for-android-tests-feature-that-securely-verifies-your-id-with-sites/
-
FireTail Unveils Free Access for All to Cutting-Edge API Security Platform
First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/firetail-unveils-free-access-for-all-to-cutting-edge-api-security-platform/