Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

API

Dell Data Breach: Personal Information of 49 Million Customers Compromised due to latest API Abuse

Dell recently issued a notice regarding a data breach that occurred on May 9, which has reportedly affected over 49 million customers across the globe. According to a report by BleepingComputer, Dell initiated the distribution of notifications cautioning its customers that their personally identifiable information (PII) had been compromised in a data breach.

Why Insurers Need Visibility Into API Risks

Why is API security crucial for insurance companies? Consider what happens when disaster strikes, from an unfortunate car accident to damaged business equipment. Policyholders rely on mobile apps and online portals that collect information, open claims, and process them through automated workflows. Behind the scenes, an insurer’s APIs handle what amounts to a policyholder’s life story told in the form of data. These APIs exchange: This proximity to data is what makes APIs a significant risk.

The Dell API Breach: It could have been prevented

As you may have seen in the news, a hacker stole 49 million customer records from Dell. The attack wasn’t novel or sophisticated. Instead, the attacker used a business logic flaw and an API to scrape 49 million records from Dell. How did they do it? Here is the attack flow. The attacker registered for an account within the Dell ecosystem to be a reseller/partner. They weren’t going to be. But Dell didn’t perform any checks, and within 48 hours, the attacker had a valid account.

How to Protect Your Business From API Data Leaks

Application Programming Interfaces (APIs) are rapidly becoming the primary attack vector for cloud native applications. In fact, according to one study, 92% of organizations have already experienced a security incident resulting from insecure APIs. This is because loosely coupled microservices predominantly intercommunicate via APIs. In this video, we will analyze a ‘ripped from the headlines’ case-study example of data leakage via insecure APIs. Then we will examine various API vulnerabilities that can be exploited by attackers to enable data leaks, including Broken User Authentication (BUA), Broken Object Level Authentication (BOLA), and Broken Function-Level Authentication (BFLA).

Discover 3 Key Benefits of Brivo's API Integrations!

Effortlessly streamline your security tasks, ensuring smooth operations and peace of mind! Tailor your security setup to fit your unique needs, unlocking endless possibilities! Elevate your facility's capabilities while prioritizing safety at every turn! Unlock the power of Brivo's API integrations today and revolutionize your security approach! #Brivo #SecurityIntegration #safetyfirst.

Embed API Security Into Regulatory Compliance: Six Examples to Watch

Why have forty-four percent of enterprises been fined by regulators due to API security incidents? Regulators are beginning to see what attackers already know: exposed or misconfigured APIs are prevalent, easy to compromise, and often unprotected. Every time a customer, partner, or vendor engages with your business digitally, there’s an API behind the scenes facilitating a rapid exchange of data, often sensitive.

Enabling GenAI with AI-infused API Security

GenAI has the promise to transform companies, and introduce a lot of security risk. One of the main benefits of GenAI relates to the modernization of apps. Most companies are going through some type of app modernization. They are responding to the market by delivering better and better experiences to their customers. This is largely done through the experience people have with their apps. This ranges from banking to healthcare to travel and everywhere in between.

Best API Security Product: Wallarm wins 2024 Cybersecurity Excellence Award

We are thrilled to announce that Wallarm has clinched the sought-after 2024 Cybersecurity Excellence Award, under the category Best API Security Product. Our unwavering commitment to pioneering solutions that safeguard digital ecosystems, and fortify API security amidst the evolving cyber threat landscape, has garnered industry-wide recognition. This accolade reaffirms Wallarm's position at the forefront of cybersecurity innovation, empowering businesses with confidence and resilience.

Tracking CVE-2024-2876: Why does the latest WordPress exploit compromise over 90,000 websites?

A highly concerning security loophole was recently discovered in a WordPress plugin called "Email Subscribers by Icegram Express," a popular tool utilized by a vast network of over 90,000+ websites. Officially designated as CVE-2024-2876 with a CVSS score of 9.8 (critical), the vulnerability represents a significant threat as it exposes numerous websites to potential attacks.