Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

June 2024

Introducing Postman Collection Support for API Security Testing

In today's digital landscape, Application Programming Interfaces (APIs) play an important role in driving innovation. They allow teams to integrate new applications with existing systems, reuse code and deliver software more efficiently. But, APIs are also prime targets for hackers due to their public availability and the large amounts of web data they transmit. API vulnerabilities can lead to unauthorized access, data breaches, and various other forms of attacks.

How to secure a REST API?

As developers, we often have to work with REST APIs when we integrate with third-party systems or connect between frontend and backend systems at work. APIs, and REST APIs in particular, are a fundamental part of modern web applications, allowing us to create, read, update, and delete data over HTTP. However, as with any technology, they come with their own set of security challenges. Let's break these challenges down and understand how to secure REST API applications.

CVE-2024-36680: SQL Injection Vulnerability in Facebook's PrestaShop Module Exposes Thousands of E-commerce Sites to Credit Card Fraud

PrestaShop is a free, open-source E-commerce platform launched in 2007. Built with PHP and MySQL, it offers customizable, scalable solutions for online stores. Features include product management, inventory tracking, and payment processing. Supporting multiple languages and currencies, it's ideal for small to medium businesses worldwide. Built by Promokit, the pkFacebook add-on integrates PrestaShop with Facebook, enabling product catalog sync, dynamic ads, and Facebook Shop creation.

CVE-2024-3080: ASUS warns Customers about the latest Authentication Bypass Vulnerability detected Across seven Router Models

ASUS recently issued a firmware update to resolve a critical security vulnerability affecting seven different variants of its router models. Identified as CVE-2024-3080 with a CVSS v3 severity score of 9.8 (critical), the vulnerability permits remote attackers to take control of the affected router models without needing any login credentials.

Don't Get Salted: Why API Inventory is Key to PCI DSS 4.0 Compliance (and How Salt Security Can Help You Achieve It)

The Payment Card Industry Data Security Standard (PCI DSS) is the gold standard for protecting cardholder data. With the recent release of version 4.0, the focus on securing APIs has intensified. But what does this mean for your organization, and why shouldn't you take API security with a grain of salt (pun intended)?

PCI DSS v4.0: What You Need to Know and What the End of v3.2.1 Means for the Future of Digital Payments

On March 31st, 2024, The Payments Card Industry Standards Security Council (PCI SSC) officially retired version 3.2.1 of the PCI Data Security Standard (PCI DSS) with the publication of its new sets of protocols and security standards for v4.0. With the continued rise in cyber threats against financial services and institutions, PCI DSS v4.0 supersedes version 3.2.1 to tackle evolving threats and technologies, facilitating enhanced approaches to counteract emerging types of cyber attacks.

Expanding the Vanta API to connect auditor tools

Vanta has helped auditors automate and simplify thousands of compliance audits, and we’re now making the process even easier. Today we’re excited to share that we’ve added new endpoints for auditor tools to the Vanta API, leading to a better collaboration experience for auditors and customers. ‍ With our new API endpoints, audit partners can integrate their tools with Vanta, allowing them to work in their preferred systems.

Increasing API Traffic, Proliferating Attack Activity and Lack of Maturity: Key Findings from Salt Security's 2024 State of API Security Report

The latest Salt Security State of API Security Report is out now, and we’re thrilled to give a little sneak peek of its contents. As we have done in previous years, the State of API Security Report is assembled from survey responses and empirical data from Salt customers. This report includes the special addition of the “in the wild” API vulnerability research, much like last year’s report did, to give deeper insight into API concerns in real-world situations.

OWASP API Top 10 Explained with Real-World Examples

It’s an API talking to the API world we’re living in. As per Postman, 500 million new APIs are expected to be created by 2025. APIs are a lifesaver when it comes to automation or integration. But when it comes to the security of these APIs, things can get a little tricky. OWASP API Top 10 gives insights on top vulnerabilities exploited in APIs.

Salt Security Leading the Way in AI-Driven API Security for Next-Generation Threat Protection and Attacker Insights

In today's digital landscape, organizations face constantly evolving threats, and modern applications are built on APIs, making robust API security a top priority. Salt Security, a trailblazer in AI-powered API security, is at the forefront of addressing this challenge with our innovative platform. The recent introduction of advanced LLM-driven attacker insights further solidifies Salt's position as a leader in API security solutions.

Why API Discovery Is Critical to Security

For Star Trek fans, space may be the final frontier, but in security, discovering Application Programming Interfaces (APIs) could be the technology equivalent. In the iconic episode “The Trouble with Tribbles,” the legendary starship Enterprise discovers a space station that becomes overwhelmed by little fluffy, purring, rapidly reproducing creatures called “tribbles.” In a modern IT department, APIs can be viewed as the digital tribble overwhelming security teams.

CVE-2024-29849: Veeam discloses Critical Vulnerability that allows attackers to bypass user authentication on its Backup Enterprise Manager web interface

On May 21, 2024, Veeam revealed a severe flaw across its Veeam Backup Enterprise Manager (VBEM) web interface that enables an unauthenticated attacker to log into the web interface as any user. Officially designated as CVE-2024-29849, the vulnerability presents a major threat with a CVSS V3 rating of 9.8 (critical). VBEM is a web-based platform that allows administrators to oversee Veeam Backup and Replication installations through a web interface console.

A Salt Security Perspective on the 2024 Gartner Market Guide for API Protection

APIs are crucial for modern digital businesses because they allow different software systems to communicate and exchange data seamlessly and they are foundational to how modern applications are built. However, they are also vulnerable to cyberattacks because they are widely used. To address this growing threat, organizations are increasingly turning to API protection solutions to protect their valuable data and ensure uninterrupted business operations.

CVE-2024-24919: Check Point's Quantum Gateway comes under Attack as Hackers exploit Zero-Day Vulnerability

Check Point Cybersecurity has issued hotfixes to address a zero-day vulnerability in its VPNs that has been exploited to gain remote access to firewalls and potentially infiltrate corporate networks. On 27.04.2024 (Monday), the company initially alerted customers to an increase in attacks targeting VPN devices, offering guidance on how administrators can safeguard their systems.