Dec 12, 2024Ravie LakshmananVulnerability / Cloud Security Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks. "Prometheus servers or exporters, often lacking proper authentication, … [Read more...] about Credentials and API Keys Leaking Online
API
Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications
May 03, 2024NewsroomCloud Security / Threat Intelligence Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of Broadcom, said in a … [Read more...] about Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications
Switching from the Java High Level Rest Client to the new Java API Client
I'm often seeing questions on discuss related to the Java API Client usage. For this, in 2019, I started a GitHub repository to provide some code examples that actually work and answer the questions asked by the community.Since then, the High Level Rest Client (HLRC) has been deprecated and the new Java API Client has been released.In order to keep answering questions, I needed … [Read more...] about Switching from the Java High Level Rest Client to the new Java API Client
API Security Trends 2023 – Have Organizations Improved their Security Posture?
Oct 03, 2023The Hacker NewsAPI Security / Data Security APIs, also known as application programming interfaces, serve as the backbone of modern software applications, enabling seamless communication and data exchange between different systems and platforms. They provide developers with an interface to interact with external services, allowing them to integrate various … [Read more...] about API Security Trends 2023 – Have Organizations Improved their Security Posture?
Mastering API Security: Understanding Your True Attack Surface
Jun 13, 2023The Hacker NewsAPI Security / Webinar Believe it or not, your attack surface is expanding faster than you realize. How? APIs, of course! More formally known as application programming interfaces, API calls are growing twice as fast as HTML traffic, making APIs an ideal candidate for new security solutions aimed at protecting customer data, according to … [Read more...] about Mastering API Security: Understanding Your True Attack Surface
6 Top API Security Risks! Favored Targets for Attackers If Left Unmanaged
Security threats are always a concern when it comes to APIs. API security can be compared to driving a car. You must be cautious and review everything closely before releasing it into the world. By failing to do so, you're putting yourself and others at risk. API attacks are more dangerous than other breaches. Facebook had a 50M user account affected by an API breach, and an … [Read more...] about 6 Top API Security Risks! Favored Targets for Attackers If Left Unmanaged
Wake up! Identify API Vulnerabilities Proactively, From Production Back to Code
After more than 20 years in the making, now it's official: APIs are everywhere. In a 2021 survey, 73% of enterprises reported that they already publish more than 50 APIs, and this number is constantly growing. APIs have crucial roles to play in virtually every industry today, and their importance is increasing steadily, as they move to the forefront of business strategies. This … [Read more...] about Wake up! Identify API Vulnerabilities Proactively, From Production Back to Code
How to Run Google SERP API Without Constantly Changing Proxy Servers
You've probably run into a major problem when trying to scrape Google search results. Web scraping tools allow you to extract information from a web page. Companies and coders from across the world use them to download Google's SERP data. And they work well – for a little while. After several scrapes, Google's automated security system kicks in. Then it kicks you out. The … [Read more...] about How to Run Google SERP API Without Constantly Changing Proxy Servers
CrowdStrike Observes an Increase in IaaS API Key Theft
Companies are increasingly relying on cloud-based infrastructure, especially as more of their employees are working remotely — and may continue to do so. Public, private and hybrid clouds allow access to data and other assets, no matter where an employee is located — but they also create opportunities for cyberattackers to exploit. In recent months, the CrowdStrike® Services … [Read more...] about CrowdStrike Observes an Increase in IaaS API Key Theft
Insights Regarding the Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability
This blog post was authored by Eugenio Iavarone, Cisco PSIRT. On August 28th, 2019, Cisco published a Security Advisory titled “Cisco REST API Container for Cisco IOS XE Software Authentication Bypass Vulnerability”, disclosing an internally found vulnerability which affects the Cisco REST API container for Cisco IOS XE. An exploit could be used to bypass authentication on … [Read more...] about Insights Regarding the Cisco REST API Container for IOS XE Software Authentication Bypass Vulnerability