Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

May 2024

graylog

Understanding Broken Function Level Authorization

May 28, 2024 By The Graylog Team In Graylog
Application Programming Interfaces (APIs) allow your applications to talk to one another, like an application-to-application iMessage or Signal. If you’ve ever texted a message to the wrong group chat, you’ve created a situation that mimics what broken function level authentication does between users and applications.
Read Post
wallarm

Vulnerabilities in BIG-IP Next Central Manager allows control of managed devices

May 24, 2024 By Wallarm In Wallarm
In May 2024, new vulnerabilities have been identified in BIG-IP Next Central Manager, raising considerable security concerns. This discovery follows closely on the heels of a critical vulnerability revealed in April within Palo Alto's firewalls with enabled GlobalProtect feature, which permitted unauthorized command execution. These recent findings underscore the persistent challenges in ensuring cybersecurity defenses and prompt updates for security solutions themselves.
Read Post
wallarm

Dell Data Breach: Personal Information of 49 Million Customers Compromised due to latest API Abuse

May 20, 2024 By Wallarm In Wallarm
Dell recently issued a notice regarding a data breach that occurred on May 9, which has reportedly affected over 49 million customers across the globe. According to a report by BleepingComputer, Dell initiated the distribution of notifications cautioning its customers that their personally identifiable information (PII) had been compromised in a data breach.
Read Post
salt security

The Dell API Breach: It could have been prevented

May 17, 2024 By Hadar Freehling In Salt Security
As you may have seen in the news, a hacker stole 49 million customer records from Dell. The attack wasn’t novel or sophisticated. Instead, the attacker used a business logic flaw and an API to scrape 49 million records from Dell. How did they do it? Here is the attack flow. The attacker registered for an account within the Dell ecosystem to be a reseller/partner. They weren’t going to be. But Dell didn’t perform any checks, and within 48 hours, the attacker had a valid account.
Read Post

How to Protect Your Business From API Data Leaks

May 16, 2024 By Panoptica In Panoptica
Application Programming Interfaces (APIs) are rapidly becoming the primary attack vector for cloud native applications. In fact, according to one study, 92% of organizations have already experienced a security incident resulting from insecure APIs. This is because loosely coupled microservices predominantly intercommunicate via APIs. In this video, we will analyze a ‘ripped from the headlines’ case-study example of data leakage via insecure APIs. Then we will examine various API vulnerabilities that can be exploited by attackers to enable data leaks, including Broken User Authentication (BUA), Broken Object Level Authentication (BOLA), and Broken Function-Level Authentication (BFLA).
View Video

Discover 3 Key Benefits of Brivo's API Integrations!

May 10, 2024 By Brivo In Brivo
Effortlessly streamline your security tasks, ensuring smooth operations and peace of mind! Tailor your security setup to fit your unique needs, unlocking endless possibilities! Elevate your facility's capabilities while prioritizing safety at every turn! Unlock the power of Brivo's API integrations today and revolutionize your security approach! #Brivo #SecurityIntegration #safetyfirst.
View Video
salt security

Enabling GenAI with AI-infused API Security

May 7, 2024 By Michael Callahan In Salt Security
GenAI has the promise to transform companies, and introduce a lot of security risk. One of the main benefits of GenAI relates to the modernization of apps. Most companies are going through some type of app modernization. They are responding to the market by delivering better and better experiences to their customers. This is largely done through the experience people have with their apps. This ranges from banking to healthcare to travel and everywhere in between.
Read Post
wallarm

Best API Security Product: Wallarm wins 2024 Cybersecurity Excellence Award

May 7, 2024 By Wallarm In Wallarm
We are thrilled to announce that Wallarm has clinched the sought-after 2024 Cybersecurity Excellence Award, under the category Best API Security Product. Our unwavering commitment to pioneering solutions that safeguard digital ecosystems, and fortify API security amidst the evolving cyber threat landscape, has garnered industry-wide recognition. This accolade reaffirms Wallarm's position at the forefront of cybersecurity innovation, empowering businesses with confidence and resilience.
Read Post
wallarm

Tracking CVE-2024-2876: Why does the latest WordPress exploit compromise over 90,000 websites?

May 6, 2024 By Wallarm In Wallarm
A highly concerning security loophole was recently discovered in a WordPress plugin called "Email Subscribers by Icegram Express," a popular tool utilized by a vast network of over 90,000+ websites. Officially designated as CVE-2024-2876 with a CVSS score of 9.8 (critical), the vulnerability represents a significant threat as it exposes numerous websites to potential attacks.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.