Category: Application security

November 15, 2022

Neosec, the pioneer in discovering and identifying API threats using behavioral analytics, today announced that it now tokenizes API activity data to enable organizations to fully see and store API data, removing the possibility of keeping sensitive data at-rest. Today, […]

November 14, 2022

Software developers know not to reinvent the wheel. So, they lean on reusable micro-services – and their corresponding application programming interfaces (APIs) – as building blocks for application components. “Developers want to focus on the added value they can bring […]

November 9, 2022

Secure APIs Better: Top 5 API Security Myths Demystified Myth 1: API Gateways, Existing IAM Tools, and WAFs are Enough to Secure API Reality: These aren’t enough to secure your APIs. They are layers in API security. They need to […]

November 1, 2022

Synack launched an API pentesting capability powered by its global community of elite security researchers. Organizations can now rely on the Synack platform for continuous pentesting coverage across “headless” API endpoints that lack a user interface and are increasingly exposed […]

October 27, 2022

Professional social network LinkedIn has announced plans to roll out a series of enhancements to its platform to protect its community from inauthentic, or even malicious, profiles and activity. Its objective is to help users make more informed decisions about […]

October 20, 2022

More than 9 in 10 financial sectors accept that open banking is vital to their organization. The demand for fast, hassle-free, and personalized banking and financial services among customers is driving the rapid adoption of open banking. However, nearly 50% […]

October 12, 2022

Last year, we wrote about the Triada Trojan inside FMWhatsApp, a modified WhatsApp build. At that time, we discovered that a dropper was found inside the distribution, along with an advertising SDK. This year, the situation has repeated, but with […]

October 7, 2022

Cequence Security released its first half 2022 report titled, “API Protection Report: Shadow APIs and API Abuse Explode.” Chief among the findings was approximately 5 billion (31%) malicious transactions targeted unknown, unmanaged and unprotected APIs, commonly referred to as shadow […]

October 6, 2022

Leading cybersecurity software provider Hornetsecurity has found an urgent need for greater backup for Microsoft Teams, with nearly half of users (45%) sending confidential and critical information frequently via the platform. Research commissioned by the company highlights the often-overlooked need […]

October 5, 2022

The use of application programming interfaces (APIs) has exploded as businesses deploy mobile apps, containers, serverless computing, microservices, and expand their cloud presence. Consequently, many APIs are developed and deployed very quickly, leading to the persistence of coding errors, with […]

September 28, 2022

It’s hard to write good API specifications, and since most API gateways use them as IAC, they should be carefully checked for common mistakes. Writing an API that sticks to the original design is extremely difficult, and it must be […]

September 27, 2022

WhatsApp only has three security advisories for 2022, with the first two released in January and February. The latest advisory, released this month, informs customers of two memory-related issues affecting the WhatsApp mobile applications. One of the flaws, tracked as […]

September 22, 2022

Noname Security announced the findings from its API security report, “The API Security Disconnect – API Security Trends in 2022”, which revealed a rapidly growing number of API security incidents, concerning lack of API visibility, and a level of misplaced […]

September 19, 2022

The GifShell Attack Method Discovered by Bobby Rauch, the GIFShell attack technique enables bad actors to exploit several shoppingmode Microsoft Teams features to act as a C&C for malware, and exfiltrate data using GIFs without being detected by EDR and […]

September 7, 2022

PQShield published a white paper that lays out the quantum threat to secure end-to-end messaging and explains how post-quantum cryptography (PQC) can be added to the Signal secure messaging protocol to protect it from quantum attacks. The company is offering […]

September 6, 2022

In-app browsers can pose significant security risks to businesses, with their tendency to track data a primary concern. This was highlighted in recent research which examined how browsers within apps like Facebook, Instagram and TikTok can be a data privacy […]

August 31, 2022

A high-severity flaw in the Android version of the TikTok app — which has been installed more than 1.5 billion times so far via the Google Play Store — could allow threat actors to hijack a user’s account with a […]

August 26, 2022

Veracode released data revealing that the financial services industry ranks among the best for overall flaw percentage when compared to other industries, but has one of the lowest fix rates for software security flaws. The sector also falls to the […]

August 23, 2022

Researchers from Doctor Web discovered backdoors in the system partition of budget Android device models that are counterfeit versions of famous brand-name models. The malware targets WhatsApp and WhatsApp Business messaging apps and can allow attackers to conduct multiple malicious […]

August 18, 2022

A vulnerability in the Android version of the Ring app, which is used to remotely manage Amazon Ring outdoor (video doorbell) and indoor surveillance cameras, could have been exploited by attackers to extract users’ personal data and device’s data, including […]