Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


The Dell API Breach: It could have been prevented

As you may have seen in the news, a hacker stole 49 million customer records from Dell. The attack wasn’t novel or sophisticated. Instead, the attacker used a business logic flaw and an API to scrape 49 million records from Dell. How did they do it? Here is the attack flow. The attacker registered for an account within the Dell ecosystem to be a reseller/partner. They weren’t going to be. But Dell didn’t perform any checks, and within 48 hours, the attacker had a valid account.

How to Protect Your Business From API Data Leaks

Application Programming Interfaces (APIs) are rapidly becoming the primary attack vector for cloud native applications. In fact, according to one study, 92% of organizations have already experienced a security incident resulting from insecure APIs. This is because loosely coupled microservices predominantly intercommunicate via APIs. In this video, we will analyze a ‘ripped from the headlines’ case-study example of data leakage via insecure APIs. Then we will examine various API vulnerabilities that can be exploited by attackers to enable data leaks, including Broken User Authentication (BUA), Broken Object Level Authentication (BOLA), and Broken Function-Level Authentication (BFLA).

Discover 3 Key Benefits of Brivo's API Integrations!

Effortlessly streamline your security tasks, ensuring smooth operations and peace of mind! Tailor your security setup to fit your unique needs, unlocking endless possibilities! Elevate your facility's capabilities while prioritizing safety at every turn! Unlock the power of Brivo's API integrations today and revolutionize your security approach! #Brivo #SecurityIntegration #safetyfirst.

Embed API Security Into Regulatory Compliance: Six Examples to Watch

Why have forty-four percent of enterprises been fined by regulators due to API security incidents? Regulators are beginning to see what attackers already know: exposed or misconfigured APIs are prevalent, easy to compromise, and often unprotected. Every time a customer, partner, or vendor engages with your business digitally, there’s an API behind the scenes facilitating a rapid exchange of data, often sensitive.

Enabling GenAI with AI-infused API Security

GenAI has the promise to transform companies, and introduce a lot of security risk. One of the main benefits of GenAI relates to the modernization of apps. Most companies are going through some type of app modernization. They are responding to the market by delivering better and better experiences to their customers. This is largely done through the experience people have with their apps. This ranges from banking to healthcare to travel and everywhere in between.

Best API Security Product: Wallarm wins 2024 Cybersecurity Excellence Award

We are thrilled to announce that Wallarm has clinched the sought-after 2024 Cybersecurity Excellence Award, under the category Best API Security Product. Our unwavering commitment to pioneering solutions that safeguard digital ecosystems, and fortify API security amidst the evolving cyber threat landscape, has garnered industry-wide recognition. This accolade reaffirms Wallarm's position at the forefront of cybersecurity innovation, empowering businesses with confidence and resilience.

Tracking CVE-2024-2876: Why does the latest WordPress exploit compromise over 90,000 websites?

A highly concerning security loophole was recently discovered in a WordPress plugin called "Email Subscribers by Icegram Express," a popular tool utilized by a vast network of over 90,000+ websites. Officially designated as CVE-2024-2876 with a CVSS score of 9.8 (critical), the vulnerability represents a significant threat as it exposes numerous websites to potential attacks.

Noname Security Platform Updates: 3.30 Release

The latest Noname Security 3.30 update includes a new feature that allows for convenient tracking of attacker IP addresses, as well as improved options for triggering workflows to resolve attacks faster. Additionally, the process of installing Noname Remote Engine on local Kubernetes clusters has been simplified.

Introducing the Wallarm Q1 2024 API ThreatStats Report

As we have in previous editions of the ThreatStats report, we highlight the industry’s top API-related attacks and trends. New to this version, however, is a detailed analysis of API attacks targeting AI-based applications, representing a new and rapidly expanding threat vector. And while we encourage you to download the full report, here are some key observations about what you’ll find within. API threats to AI applications are clearly on the rise.