API Security

Hot Topics

Introducing Goffloader: A Pure Go Implementation of an In-Memory COFFLoader and PE Loader
The Role of Digital Adoption in Email Deliverability & Security
Demystifying SOC 2 Compliance for Startups: A Simple Guide
Happy Canada Labour Day! / Bonne Fête du Travail Canadienne!
Happy United States Labor Day 2024 / Feliz Fin de Semana del Día del Trabajo de Estados Unidos 2024 / Joyeux Fin de Semaine de la Fête du Travail aux États-Unis 2024

China Cyberwar Coming? Versa’s Vice: Volt Typhoon’s Target

Richi Jennings | August 28, 2024 | CenturyLink, china, china espionage, China-linked Hackers, China-nexus cyber attacks, China-nexus cyber espionage, CVE-2024-39717, Lumen, Lumen Technologies, Peoples Republic of China, SB Blogwatch, Versa Director, Versa Neworks, VersaMem, Volt Typhoon

Xi whiz: Versa Networks criticized for swerving the blame ...

Security Boulevard

pen testing, Salt Security, API, APIs, attacks, testing, PTaaS, API security, API, cloud, audits, testing, API security vulnerabilities testing BRc4 Akamai security pentesting ThreatX red team pentesting API APIs Penetration Testing

APIs, Web Applications Under Siege as Attack Surface Expands

Nathan Eddy | August 6, 2024 | api, AppSec, IT Security, shift left, web app

Attackers are increasingly targeting web applications and APIs, with a nearly 50% year-over-year growth in web attacks, driven by the increased adoption of these technologies, which significantly expanded organizational attack surfaces, according ...

Security Boulevard

Prisoner Swap: Huge Russian Hackers Freed — Seleznev and Klyushin

Richi Jennings | August 2, 2024 | cyber attacks russia, Putin, Roman Seleznev, Russia, russia hacker, russia-based, Russian hacker, Russian hackers, Russian hacking, SB Blogwatch, Vladimir Putin, Vladislav Klyushin

Pragmatic politics: Anger as Putin gets back two notorious cybercriminals ...

Security Boulevard

WTH? Google Auth Bug Lets Hackers Login as You

Richi Jennings | July 29, 2024 | G Suite, Google Apps, Google Apps for Work, Google Workspace, OAuth, oauth 2.0, oauth abuse, Oauth Application Abuse, SB Blogwatch, securing oauth

G Suite Sours: Domain owners flummoxed as strangers get Google for their domains ...

Security Boulevard

An open padlock on a PC keyboard, with the word “FAIL” superimposed

PKfail: 800+ Major PC Models have Insecure ‘Secure Boot’

Richi Jennings | July 26, 2024 | Binarly, BIOS, BIOS update, Certificate and Key Management, hardware supply chain, key management, Key Management Problem, PKfail, Private Key Management, SB Blogwatch, secure boot, UEFI, UEFI Failing, UEFI firmware, UEFI vulnerabilities, Unified Extensible Firmware Interface (UEFI)

Big BIOS bother: Hundreds of PC models from vendors such as HP, Lenovo, Dell, Intel, Acer and Gigabyte shipped with useless boot protection—using private keys that aren’t private ...

Security Boulevard

API Discovery – Common Topics We’re Asked About

Shreyans Mehta | July 25, 2024

This article is the first in a series of six covering key API security topics and provides some answers to common questions we often get when talking to potential customers. This series ...

Cequence Security

EFF Angry as Google Keeps 3rd-Party Cookies in Chrome

Regulatory capture by stealth? Google changes its mind about third-party tracking cookies—we’re stuck with them for the foreseeable ...

Security Boulevard

threat modeling, ICS, VPNs, APIs, risk, left-of-bang, threats, vulnerabilities, XDR, zero-trust, attack, XDR API Skyhawk Security modeling threat CosmicStrand insider threats Threat Modeling - Secure Coding - Cybersecurity - Security

API Transformation Cyber Risks and Survival Tactics

Steve Winterfeld | July 16, 2024 | API Abuse, APIs, risk, Vulnerabilities

As you think about how to ensure your APIs are within your risk tolerance, ensure that you have a sound understanding of your inventory and the data associated with them ...

Security Boulevard