On September 4, 2023, CERT-UA revealed a meticulously planned cyberattack targeting Ukraine's critical energy infrastructure. The attack's modus operandi was distinct; it utilized deceptive emails containing bait links, luring victims into downloading a seemingly innocuous ZIP archive. This archive, however, harbored malicious files designed to hijack the victim's computer, redirecting data flows and exfiltrating sensitive information using services like mockbin.org and mocky.io.

Sitting at your desk, coding away with another cup of your favorite caffeine-infused beverage, you might be thinking to yourself, “it’s true what they say about no rest for the weary.” If you’re developing an app or architecting a cloud-native system, you can actually get the REST you need with the right Application Programming Interface (API). REST APIs provide a scalable, flexible, easy-to-use interface that makes developing and connecting web apps easier.

We’re entering a new season of fall, but here at Salt, it seems like it’s always awards season! We continue to receive accolades for the Salt Security API Protection Platform – all year round! This time we have been honored with the “Best API Security” award in the 2023 API Awards.

It’s been just about a year since we first announced our partnership with CrowdStrike. We are delighted to share today that we’ve further strengthened that partnership with the new “better-together” story of Salt and the CrowdStrike Falcon® platform.

Last week, our good friend Raj Umadas, Director of Security at ActBlue, teamed up with our very own Tim Erlin, Head of Product, to talk about the newly proposed NIST Cybersecurity Framework (CSF). It was a fantastic discussion covering the intent behind this update, the major changes from v1.1 to v2.0, and how it applies to API security. Raj and Tim really dug deep into a lot of issues, and answered a lot of questions from the audience.

Welcome to the 9th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API8:2023 Security Misconfiguration. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.