Application security, Security
March 22, 2024
Via: Help Net SecurityDespite the critical role of APIs, the vast majority of commercial decision-makers are ignoring the burgeoning security risk for businesses, according to Fastly. Application Programming Interfaces (APIs) have long been recognised as a bedrock of the digital economy and recent […]
Application security, Security
March 11, 2024
Via: TechRadarIn today’s fast evolving digital space, the proliferation of application programming interfaces (APIs) has been nothing short of explosive. One forecast predicts there will be nearly 1.7 billion active APIs by 2030 which ushers in unparalleled opportunities for innovation and […]
Threats & Malware, Vulnerabilities
November 17, 2023
Via: Security AffairsFortinet is warning customers of a critical OS command injection vulnerability, tracked as CVE-2023-36553 (CVSS score 9.3), in FortiSIEM report server. A remote, unauthenticated attacker can exploit the flaw to execute commands by sending specially crafted API requests. “An improper […]
Application security, Security
October 10, 2023
Via: The RegisterStart your patch engines – a new version of curl is due tomorrow that addresses a pair of flaws, one of which lead developer Daniel Stenberg describes as “probably the worst curl security flaw in a long time.” Curl 8.4.0 […]
Threats & Malware, Vulnerabilities
October 10, 2023
Via: Help Net SecurityDetails about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead developer, has said that the […]
August 31, 2023
Via: Dark ReadingCybercriminals are mining the capabilities of an open source infostealer called “SapphireStealer,” developing a legion of variants that are helping to democratize the cybercrime landscape when it comes to carrying out data-theft attacks. Ever since a Russian-language hacker named Roman […]
Threats & Malware, Virus & Malware
August 24, 2023
Via: The Hacker NewsThe SmokeLoader malware is being used to deliver a new Wi-Fi scanning malware strain called Whiffy Recon on compromised Windows machines. “The new malware strain has only one operation. Every 60 seconds it triangulates the infected systems’ positions by scanning […]
Application security, Security
August 21, 2023
Via: The Hacker NewsFrom a user’s perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account creation process and gain immediate access to whatever new app or integration you’re seeking. Unfortunately, few users understand the implications of […]
Threats & Malware, Vulnerabilities
August 16, 2023
Via: Help Net SecurityA buffer overflow arises when the data in a buffer surpasses its storage capacity. This surplus data spills into nearby memory locations, causing corruption or overwriting of such data. About CVE-2023-32560 CVE-2023-32560 could allow a threat actor to send a […]
Application security, Security
July 28, 2023
Via: The Hacker NewsUsers of Metabase, a popular business intelligence and data visualization software package, are being advised to update to the latest version following the discovery of an “extremely severe” flaw that could result in pre-authenticated remote code execution on affected installations. […]
Threats & Malware, Vulnerabilities
July 7, 2023
Via: The Hacker NewsJumpCloud, a provider of cloud-based identity and access management solutions, has swiftly reacted to an ongoing cybersecurity incident that impacted some of its clients. As part of its damage control efforts, JumpCloud has reset the application programming interface (API) keys […]
Threats & Malware, Vulnerabilities
June 14, 2023
Via: The Hacker NewsA security flaw has been uncovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information. The flaw, tracked as CVE-2023-34000, impacts versions 7.4.0 and below. It was addressed by the plugin maintainers […]
Application security, Security
June 8, 2023
Via: The Hacker NewsAPIs, more formally known as application programming interfaces, empower apps and microservices to communicate and share data. However, this level of connectivity doesn’t come without major risks. Hackers can exploit vulnerabilities in APIs to gain unauthorized access to sensitive data […]
May 30, 2023
Via: The Hacker NewsCybersecurity researchers are warning about CAPTCHA-breaking services that are being offered for sale to bypass systems designed to distinguish legitimate users from bot traffic. “Because cybercriminals are keen on breaking CAPTCHAs accurately, several services that are primarily geared toward this […]
May 16, 2023
Via: Dark ReadingCircle Security, a transformative cybersecurity platform purpose-built for threat prevention powered by a decentralized cryptographic architecture, is pleased to announce a joint integration with the ForgeRock Identity Platform. The pre-built on-premises integrated node will help businesses stay ahead of evolving […]
May 1, 2023
Via: The Hacker NewsGoogle disclosed that its improved security features and app review processes helped it block 1.43 million bad apps from being published to the Play Store in 2022. In addition, the company said it banned 173,000 bad accounts and fended off […]
Application security, Security
April 21, 2023
Via: SecurityWeekFollowing a beta launch in November 2022, GitHub has now made private vulnerability reporting generally available, providing security researchers with a direct channel to report security defects they identify in public repositories. To take advantage of the new capability, repository […]
Application security, Security
April 19, 2023
Via: The Hacker NewsRecent data breaches across CircleCI, LastPass, and Okta underscore a common theme: The enterprise SaaS stacks connected to these industry-leading apps can be at serious risk for compromise. CircleCI, for example, plays an integral, SaaS-to-SaaS role for SaaS app development. […]
Application security, Security
April 14, 2023
Via: Dark ReadingDevelopers interested in gauging the security of the open source components have an abundant number of choices, but still have to choose to use the information to audit the components used in their applications, experts say. On April 11, Google […]
Threats & Malware, Vulnerabilities
April 7, 2023
Via: The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published eight Industrial Control Systems (ICS) advisories warning of critical flaws affecting products from Hitachi Energy, mySCADA Technologies, Industrial Control Links, and Nexx. Topping the list is CVE-2022-3682 (CVSS score: 9.9), […]