API security
Credential stuffing is just the tip of the iceberg
Credential stuffing attacks are taking up a lot of the oxygen in cybersecurity rooms these days. A steady blitz of large-scale cybersecurity breaches in recent years have …
Swap Detector: Open source tool for detecting API usage errors
GrammaTech has released Swap Detector, an open source tool that enables developers and DevOps teams to identify errors due to swapped function arguments, which can also be …
Meetup vulnerabilities enabled group takeovers, payment redirections
Two high-risk vulnerabilities in Meetup, a popular online service that’s used to create groups that host local in-person events, allowed attackers to easily take over …
Running ConnectWise Automate on-prem? Fix this high-risk API vulnerability
ConnectWise has fixed a high-severity vulnerability affecting a ConnectWise Automate API and is urging users who run the solution on their premises to implement the provided …
Understanding cyber threats to APIs
This is the fourth of a series of articles that introduces and explains API security threats, challenges, and solutions for participants in software development, operations, …
Factors driving API growth in industry
This is third in a series of articles that introduces and explains application programming interfaces (API) security threats, challenges, and solutions for participants in …
Application threats and security trends you need to know about
Applications are a gateway to valuable data, so it’s no wonder they are one of attackers’ preferred targets. And since modern applications aren’t a …
Growth of APIs for new services
This is the second of a series of articles that introduces and explains API security threats, challenges, and solutions for participants in software development, operations, …
Understanding the basics of API security
This is the first of a series of articles that introduces and explains application programming interfaces (API) security threats, challenges, and solutions for participants in …
Most credential abuse attacks against the financial sector targeted APIs
From May 2019 and continuing on until the end of the year, there was a dramatic shift by criminals who started targeting APIs, in an effort to bypass security controls. …
Three API security risks in the wake of the Facebook breach
Facebook recently pledged to improve its security following a lawsuit that resulted from a 2018 data breach. The breach, which was left open for more than 20 months, resulted …
State-sponsored actors may have abused Twitter API to de-anonymize users
A Twitter API that’s intended to help new account holders find people they may already know on Twitter has been abused by known and unknown actors to tie usernames to …