ASUS recently issued a firmware update to resolve a critical security vulnerability affecting seven different variants of its router models. Identified as CVE-2024-3080 with a CVSS v3 severity score of 9.8 (critical), the vulnerability permits remote attackers to take control of the affected router models without needing any login credentials.

The Payment Card Industry Data Security Standard (PCI DSS) is the gold standard for protecting cardholder data. With the recent release of version 4.0, the focus on securing APIs has intensified. But what does this mean for your organization, and why shouldn't you take API security with a grain of salt (pun intended)?

On March 31st, 2024, The Payments Card Industry Standards Security Council (PCI SSC) officially retired version 3.2.1 of the PCI Data Security Standard (PCI DSS) with the publication of its new sets of protocols and security standards for v4.0. With the continued rise in cyber threats against financial services and institutions, PCI DSS v4.0 supersedes version 3.2.1 to tackle evolving threats and technologies, facilitating enhanced approaches to counteract emerging types of cyber attacks.

Vanta has helped auditors automate and simplify thousands of compliance audits, and we’re now making the process even easier. Today we’re excited to share that we’ve added new endpoints for auditor tools to the Vanta API, leading to a better collaboration experience for auditors and customers. ‍ With our new API endpoints, audit partners can integrate their tools with Vanta, allowing them to work in their preferred systems.

The latest Salt Security State of API Security Report is out now, and we’re thrilled to give a little sneak peek of its contents. As we have done in previous years, the State of API Security Report is assembled from survey responses and empirical data from Salt customers. This report includes the special addition of the “in the wild” API vulnerability research, much like last year’s report did, to give deeper insight into API concerns in real-world situations.

It’s an API talking to the API world we’re living in. As per Postman, 500 million new APIs are expected to be created by 2025. APIs are a lifesaver when it comes to automation or integration. But when it comes to the security of these APIs, things can get a little tricky. OWASP API Top 10 gives insights on top vulnerabilities exploited in APIs.

In today's digital landscape, organizations face constantly evolving threats, and modern applications are built on APIs, making robust API security a top priority. Salt Security, a trailblazer in AI-powered API security, is at the forefront of addressing this challenge with our innovative platform. The recent introduction of advanced LLM-driven attacker insights further solidifies Salt's position as a leader in API security solutions.

For Star Trek fans, space may be the final frontier, but in security, discovering Application Programming Interfaces (APIs) could be the technology equivalent. In the iconic episode “The Trouble with Tribbles,” the legendary starship Enterprise discovers a space station that becomes overwhelmed by little fluffy, purring, rapidly reproducing creatures called “tribbles.” In a modern IT department, APIs can be viewed as the digital tribble overwhelming security teams.

On May 21, 2024, Veeam revealed a severe flaw across its Veeam Backup Enterprise Manager (VBEM) web interface that enables an unauthenticated attacker to log into the web interface as any user. Officially designated as CVE-2024-29849, the vulnerability presents a major threat with a CVSS V3 rating of 9.8 (critical). VBEM is a web-based platform that allows administrators to oversee Veeam Backup and Replication installations through a web interface console.

APIs are crucial for modern digital businesses because they allow different software systems to communicate and exchange data seamlessly and they are foundational to how modern applications are built. However, they are also vulnerable to cyberattacks because they are widely used. To address this growing threat, organizations are increasingly turning to API protection solutions to protect their valuable data and ensure uninterrupted business operations.