Meetup vulnerabilities enabled group takeovers, payment redirections
Two high-risk vulnerabilities in Meetup, a popular online service that’s used to create groups that host local in-person events, allowed attackers to easily take over …
API security
Running ConnectWise Automate on-prem? Fix this high-risk API vulnerability
ConnectWise has fixed a high-severity vulnerability affecting a ConnectWise Automate API and is urging users who run the solution on their premises to implement the provided …
Understanding cyber threats to APIs
This is the fourth of a series of articles that introduces and explains API security threats, challenges, and solutions for participants in software development, operations, …
Factors driving API growth in industry
This is third in a series of articles that introduces and explains application programming interfaces (API) security threats, challenges, and solutions for participants in …
Application threats and security trends you need to know about
Applications are a gateway to valuable data, so it’s no wonder they are one of attackers’ preferred targets. And since modern applications aren’t a …
Growth of APIs for new services
This is the second of a series of articles that introduces and explains API security threats, challenges, and solutions for participants in software development, operations, …
Understanding the basics of API security
This is the first of a series of articles that introduces and explains application programming interfaces (API) security threats, challenges, and solutions for participants in …
Most credential abuse attacks against the financial sector targeted APIs
From May 2019 and continuing on until the end of the year, there was a dramatic shift by criminals who started targeting APIs, in an effort to bypass security controls. …
Three API security risks in the wake of the Facebook breach
Facebook recently pledged to improve its security following a lawsuit that resulted from a 2018 data breach. The breach, which was left open for more than 20 months, resulted …
State-sponsored actors may have abused Twitter API to de-anonymize users
A Twitter API that’s intended to help new account holders find people they may already know on Twitter has been abused by known and unknown actors to tie usernames to …
Security pitfalls to avoid when programming using an API
OWASP’s API Security Project has released the first edition of its top 10 list of API security risks. The most common and perilous API security risks API abuse is an …
Transact with trust: Improving efficiencies and securing data with APIs
Developments in integration and APIs have provided businesses with huge benefits. Together, they provide businesses with newfound opportunity to unlock new revenue sources by …
