August 7, 2024 at 10:08AM API security is a critical concern as companies face evolving and increasingly dangerous threats. The rapid proliferation of poorly secured APIs makes organizations vulnerable to significant breaches. To address this, companies must catalog their APIs, adopt a zero-trust approach, and implement robust security measures, as well as prioritize ongoing monitoring … Read more
July 18, 2024 at 03:36AM According to a CrowdStrike report, only 54 percent of cyber security workers review major software updates. The process is time-consuming and costly, with an average annual expenditure of nearly $1.2 million for code reviews. Security managers face challenges such as misaligned tools and prioritizing issues. Strengthening application security is critical … Read more
July 16, 2024 at 02:01PM A threat actor exposed 15 million Trello email addresses by exploiting an unsecured API, selling the data for $2.32. Atlassian, Trello’s owner, acknowledged the issue and secured the API. This method of exploiting unsecured APIs is increasingly utilized, posing significant privacy risks. It’s crucial for organizations to prioritize API security … Read more
June 26, 2024 at 05:49PM Akamai Technologies, Inc. has completed the acquisition of API security company Noname Security for approximately $450 million. This acquisition is expected to enhance Akamai’s ability to meet the growing demand for API security and extend protection across all API traffic locations. Akamai also anticipates gaining greater scale with Noname’s additional … Read more
June 21, 2024 at 09:21AM SecurityWeek’s cybersecurity news roundup offers a concise collection of notable stories, including cybercriminals demanding ransom from Snowflake customers, widespread API security issues, NSO Group targeting military and government officials, Google switching to Bugcrowd for bug bounty payments, and vulnerabilities affecting Microsoft and other platforms. CISA has also released new guidance, … Read more
May 29, 2024 at 05:18PM VicOne and 42Crunch have teamed up to enhance API security for software-defined vehicles and the broader connected-vehicle ecosystem. The partnership aims to accelerate identification of threats at application runtime, improve dynamic risk assessment, and eliminate security blind spots. This collaboration brings together expertise in API security and automotive cybersecurity to … Read more
May 22, 2024 at 10:04AM As the world becomes increasingly digitized, the rise in cyberattacks and data breaches necessitates urgent enhancement of cybersecurity measures. New mandates include SEC’s breach disclosure rules for smaller reporting companies by June 15, and federal agencies aiming to meet zero-trust goals by Sept. 30. An additional focus is requisite on … Read more
May 21, 2024 at 03:01AM Cybersecurity researchers discovered a critical security flaw, CVE-2024-4323, in the popular logging and metrics utility Fluent Bit, impacting versions 2.0.7 through 3.0.3. The flaw allows for denial-of-service (DoS), information disclosure, or remote code execution by exploiting the API’s endpoints. Users are urged to update to version 3.0.4 to mitigate potential … Read more
May 1, 2024 at 05:14PM Organizations focusing on API security must prioritize identifying and managing shadow APIs, as they pose significant risks if left unaddressed. Rupesh Chokshi from Akamai highlights the prevalence of these endpoints and emphasizes the need to either document or decommission them. He also outlines the broader challenges and attack vectors associated … Read more
May 1, 2024 at 02:58PM San Francisco startup Traceable AI secured $30 million in venture capital from investors including Citi Ventures, IVP, Geodesic Capital, Sorenson Capital, and Unusual Ventures. The company focuses on API security and observability, with a flagship platform securing thousands of API endpoints and billions of API calls monthly. The investment will … Read more