Protecting the digital workplace with an integrated security strategy
COVID-19 propelled the world of IT years into the future. Organizations considering long-term digital transformation plans were abruptly forced to accelerate their timeline, …
API security
C-level executives driving the adoption of MACH across their organizations
Out with the old, in with MACH. That’s what a poll of global IT leaders found regarding their plans to revamp, or retain, their enterprise architectures. The research, …
mHealth apps consistently expose PII and PHI through APIs
All of the 30 popular mHealth apps that were tested are vulnerable to API attacks that can allow unauthorized access to full patient records including protected health …
API security concerns hindering new application rollouts
66% of organizations admit to having slowed the rollout of a new application into production because of API security concerns, a Salt Security report reveals. In addition, 54% …
Organizations struggle to maintain application security across platforms
Global organizations are struggling to maintain consistent application security across multiple platforms, and they are also losing visibility with the emergence of new …
40% of COVID-19 contact tracing apps lack basic protections
Guardsquare announced the release of a report which reassesses the levels of security protections and privacy risks of COVID-19 contact tracing apps. The report found that of …
Three immediate steps to take to protect your APIs from security risks
In one form or another, APIs have been around for years, bringing the benefits of ease of use, efficiency and flexibility to the developer community. The advantage of using …
Credential stuffing is just the tip of the iceberg
Credential stuffing attacks are taking up a lot of the oxygen in cybersecurity rooms these days. A steady blitz of large-scale cybersecurity breaches in recent years have …
Swap Detector: Open source tool for detecting API usage errors
GrammaTech has released Swap Detector, an open source tool that enables developers and DevOps teams to identify errors due to swapped function arguments, which can also be …
Meetup vulnerabilities enabled group takeovers, payment redirections
Two high-risk vulnerabilities in Meetup, a popular online service that’s used to create groups that host local in-person events, allowed attackers to easily take over …
Running ConnectWise Automate on-prem? Fix this high-risk API vulnerability
ConnectWise has fixed a high-severity vulnerability affecting a ConnectWise Automate API and is urging users who run the solution on their premises to implement the provided …
Understanding cyber threats to APIs
This is the fourth of a series of articles that introduces and explains API security threats, challenges, and solutions for participants in software development, operations, …