Top

Category: Application security


Application security, Security

Neosec Introduces Automated Tokenization to Enable Full API Visibility Without Exposure of Sensitive Data

November 15, 2022

Via: Dark Reading

Neosec, the pioneer in discovering and identifying API threats using behavioral analytics, today announced that it now tokenizes API activity data to enable organizations to fully see and store API data, removing the possibility of keeping sensitive data at-rest. Today, […]


Application security, Security

How Cisco keeps its APIs secure throughout the software development process

November 14, 2022

Via: CSO Online

Software developers know not to reinvent the wheel. So, they lean on reusable micro-services – and their corresponding application programming interfaces (APIs) – as building blocks for application components. “Developers want to focus on the added value they can bring […]


Application security, Security

Top 5 API Security Myths That Are Crushing Your Business

November 9, 2022

Via: The Hacker News

Secure APIs Better: Top 5 API Security Myths Demystified Myth 1: API Gateways, Existing IAM Tools, and WAFs are Enough to Secure API Reality: These aren’t enough to secure your APIs. They are layers in API security. They need to […]


Application security, Security

Synack’s API pentesting capability empowers users to verify exploitable API vulnerabilities

November 1, 2022

Via: Help Net Security

Synack launched an API pentesting capability powered by its global community of elite security researchers. Organizations can now rely on the Synack platform for continuous pentesting coverage across “headless” API endpoints that lack a user interface and are increasingly exposed […]


Application security, Security

LinkedIn adds new features to safeguard user privacy, security

October 27, 2022

Via: Computer Weekly

Professional social network LinkedIn has announced plans to roll out a series of enhancements to its platform to protect its community from inauthentic, or even malicious, profiles and activity. Its objective is to help users make more informed decisions about […]


Application security, Security

Open banking API security: Best practices to ensure a safe journey

October 20, 2022

Via: Help Net Security

More than 9 in 10 financial sectors accept that open banking is vital to their organization. The demand for fast, hassle-free, and personalized banking and financial services among customers is driving the rapid adoption of open banking. However, nearly 50% […]


Application security, Security

Malicious WhatsApp mod distributed through legitimate apps

October 12, 2022

Via: Securelist

Last year, we wrote about the Triada Trojan inside FMWhatsApp, a modified WhatsApp build. At that time, we discovered that a dropper was found inside the distribution, along with an advertising SDK. This year, the situation has repeated, but with […]


Application security, Security

Shadow APIs hit with 5 billion malicious requests

October 7, 2022

Via: Help Net Security

Cequence Security released its first half 2022 report titled, “API Protection Report: Shadow APIs and API Abuse Explode.” Chief among the findings was approximately 5 billion (31%) malicious transactions targeted unknown, unmanaged and unprotected APIs, commonly referred to as shadow […]


Application security, Security

Research Reveals Microsoft Teams Security and Backup Flaws, With Over Half of Users Sharing Business-Critical Information on the Platform

October 6, 2022

Via: Dark Reading

Leading cybersecurity software provider Hornetsecurity has found an urgent need for greater backup for Microsoft Teams, with nearly half of users (45%) sending confidential and critical information frequently via the platform. Research commissioned by the company highlights the often-overlooked need […]


Application security, Security

API authentication failures demonstrate the need for zero trust

October 5, 2022

Via: Help Net Security

The use of application programming interfaces (APIs) has exploded as businesses deploy mobile apps, containers, serverless computing, microservices, and expand their cloud presence. Consequently, many APIs are developed and deployed very quickly, leading to the persistence of coding errors, with […]


Application security, Security

The holy trifecta for developing a secure API

September 28, 2022

Via: Help Net Security

It’s hard to write good API specifications, and since most API gateways use them as IAC, they should be carefully checked for common mistakes. Writing an API that sticks to the original design is extremely difficult, and it must be […]


Application security, Security, Threats & Malware, Vulnerabilities

Two Remote Code Execution Vulnerabilities Patched in WhatsApp

September 27, 2022

Via: Security Week

WhatsApp only has three security advisories for 2022, with the first two released in January and February. The latest advisory, released this month, informs customers of two memory-related issues affecting the WhatsApp mobile applications. One of the flaws, tracked as […]


Application security, Security

What could be the cause of growing API security incidents?

September 22, 2022

Via: Help Net Security

Noname Security announced the findings from its API security report, “The API Security Disconnect – API Security Trends in 2022”, which revealed a rapidly growing number of API security incidents, concerning lack of API visibility, and a level of misplaced […]


Application security, Security

Microsoft Teams’ GIFShell Attack: What Is It and How You Can Protect Yourself from It

September 19, 2022

Via: The Hacker News

The GifShell Attack Method Discovered by Bobby Rauch, the GIFShell attack technique enables bad actors to exploit several shoppingmode Microsoft Teams features to act as a C&C for malware, and exfiltrate data using GIFs without being detected by EDR and […]


Application security, Security

Researchers publish post-quantum upgrade to the Signal protocol

September 7, 2022

Via: Help Net Security

PQShield published a white paper that lays out the quantum threat to secure end-to-end messaging and explains how post-quantum cryptography (PQC) can be added to the Signal secure messaging protocol to protect it from quantum attacks. The company is offering […]


Application security, Security

In-app browser security risks, and what to do about them

September 6, 2022

Via: CSO Online

In-app browsers can pose significant security risks to businesses, with their tendency to track data a primary concern. This was highlighted in recent research which examined how browsers within apps like Facebook, Instagram and TikTok can be a data privacy […]


Application security, Security

TikTok for Android Bug Allows Single-Click Account Hijack

August 31, 2022

Via: Dark Reading

A high-severity flaw in the Android version of the TikTok app — which has been installed more than 1.5 billion times so far via the Google Play Store — could allow threat actors to hijack a user’s account with a […]


Application security, Security

How fast is the financial industry fixing its software security flaws?

August 26, 2022

Via: Help Net Security

Veracode released data revealing that the financial services industry ranks among the best for overall flaw percentage when compared to other industries, but has one of the lowest fix rates for software security flaws. The sector also falls to the […]


Application security, Security

Counterfeit versions of popular mobile devices target WhatsApp and WhatsApp Business

August 23, 2022

Via: Security Affairs

Researchers from Doctor Web discovered backdoors in the system partition of budget Android device models that are counterfeit versions of famous brand-name models. The malware targets WhatsApp and WhatsApp Business messaging apps and can allow attackers to conduct multiple malicious […]


Application security, Security

Vulnerability in Amazon Ring app allowed access to private camera recordings

August 18, 2022

Via: Help Net Security

A vulnerability in the Android version of the Ring app, which is used to remotely manage Amazon Ring outdoor (video doorbell) and indoor surveillance cameras, could have been exploited by attackers to extract users’ personal data and device’s data, including […]