Hackers have seized on the API revolution to drive a surge in attacks that exploit poorly coded applications, reports Akamai, in a warning echoed by other cybersecurity experts. The vector driving the most growth in API attacks is local file inclusion.
Snyk has executed its third round of layoffs since June 2022, axing 128 workers amid projections of challenging market conditions persisting into early 2024. The Boston-based application security vendor revealed Thursday plans to reduce its more than 1,200-person staff by an estimated 11%.
As field CTO, EMEA for Noname Security, Filip Verloy spends lots of time talking with customers and analysts about API security. Two common themes: Few organizations know the number and types of APIs in their enterprise, and fewer understand exactly how data is being exchanged among them.
Not only does VMRay detonate a multitude of file types, but URLs as well, so that phishing attempts are identified and can be prevented. The Automated user simulation (known as Auto UI), which is built-in to Web Analysis, ensures a comprehensive detonation, and results in detailed reports analyzing all aspects of a...
Hackers have used a modular toolkit called "AlienFox" to compromise email and web hosting services at 18 companies. Distributed mainly by Telegram, the toolkit scripts are readily available in open sources such as GitHub, leading to constant adaptation and variation in the wild.
Recent high-profile breaches resulting from API attacks are "just the tip of the iceberg," said Gartner analyst Dionisio Zumerle. "What we have is a new way of exchanging information which is increasingly popular, and almost no organization has the recipe to secure that new way of communicating."
In the 21-month stretch from October 2020 to June 2022, a whopping 48 cybersecurity startups received 10-figure valuations as investors evaluated prospects on potential rather than performance. Now that the financial boom has gone bust, what happens to these unicorns from a different economic era?
In the latest weekly update, John Kindervag, creator of zero trust and senior vice president of cybersecurity strategy at ON2IT, joins ISMG editors to discuss the top zero trust storylines of the year, the impact of ChatGPT on the cybersecurity industry and how to tackle MFA bypass attacks.
The adoption of new technologies, multi-cloud architectures and multiple data storage sites has resulted in data residing in more places than ever before. That's why enterprises need a single pane of glass to know who's touching their data and why, says Imperva CEO Pam Murphy.
Threats from API and application vulnerabilities increased in 2022, but ransomware, human error and hygiene continue to pose the greatest threats to organizations, according to findings from CyberTheory's 2022 Performance Study. CyberTheory's Steve King shares how education can make a difference.
Banking Trojans, ransomware, fake finance apps programmed to steal data - the cybercriminal cartels have become more punitive in 2023, escalating destructive attacks on financial institutions. This is just one key finding of the annual Cyber Bank Heists report by Contrast Security's Tom Kellermann.
Cybercriminals found a way to circumvent OpenAI's prohibition on using its natural language artificial intelligence model for malicious purposes, say researchers who already spotted low-level hackers using the firm's ChatGPT chatbot for a machine-learning assist in creating malicious scripts.
APIs represent the best and worst of times - "massive amounts of business value, but massive amounts of unmitigated risk," says Richard Bird, CSO, Traceable AI. In the past year, misconfigured or error-prone APIs resulted in high-profile breaches at Twitter and T-Mobile. He sees more on the horizon.
U.S. federal authorities are establishing a new office to tackle supply chain security issues and help industry partners put federal guidance and policies into practice. Former GSA administrator Shon Lyublanovits says she is spearheading the launch of the new organization.
T-Mobile disclosed Thursday that hackers had access for approximately six weeks to an application programming interface that exposed customer data including names, birthdates and email addresses. No payment information or passwords were part of the breach, the company said.