A recent attack on an undisclosed Spanish aerospace company all started with messages to the company's employees that appeared to be coming from Meta recruiters, via LinkedIn Messaging. ESET researchers uncovered the attack and attributed it to the Lazarus group, particularly a campaign dubbed Operation DreamJob. This campaign by the Lazarus group was aimed at defense and aerospace companies with the goal of carrying out cyberespionage.
Nuance Communications is a Microsoft-owned software solutions provider employing more than 6,500 people. Nuance controls industry-defining AI, which professionals may use to fully automate tasks, such as entering and manipulating medical records. Many of Nuance’s clients are hospitals, clinics, and health centers in the southeast of the US; those who have received medical services in these areas are now at risk following the most recent MOVEit data breach.
Welcome to the 11th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API10:2023 Unsafe Consumption of APIs. In this series we are taking an in-depth look at each category – the details, the impact and what you can do about it.