20 Sep 2021

Payment API Vulnerabilities Exposed “Millions” of Users

According to new information uncovered by CloudSEK, millions of customers may have unknowingly exposed their personal and payment information after researchers discovered API security vulnerabilities that affect multiple different apps. CloudSEK found that of the 13,000 apps uploaded to its security search engine BeVigil for mobile applications, roughly 250 utilized

Read More
06 May 2021

Peloton’s Leaky API Spilled Riders’ Private Data

Due to a flaw in Peloton’s API, the personal data of its riders was exposed. The API leakage allegedly occurred after the company ignored a vulnerability disclosure from a penetration testing company. Although Peloton partially fixed the hole, they failed to fully secure the database. The news comes amid other

Read More
05 Apr 2021

Trustwave Uncovers Vulnerability in Popular Website CMS

Cybersecurity firm Trustwave has uncovered a vulnerability in the website CMS, Umbraco. The organization posted about the bug, which is a privilege escalation issue, on their website earlier this week. The flaw allows for low privileged users to elevate themselves to the status of admin and reap associated benefits and

Read More
12 Feb 2021

Mobile Health Apps Found to Expose Records of Millions of Users

A recent analysis of 30 popular mobile health applications has concluded that many expose the full patient records to millions of people due to API vulnerabilities. The research was conducted by Alissa Night with Knight Ink, on behalf of mobile API protection firm Approov. The applications were still vulnerable to

Read More
04 Feb 2021

Concerns Over API Security Grow as Attacks Increase

Salt Security has released a report on API security that found 66% of organizations reported that they have slowed deploying an app into production because of API security concerns. This marks the second time in recent months that researchers are warning of application program interface threats to enterprise security. The

Read More
10 Jul 2020

NIST Aims to Tap Twitter API Data to Boost Public Emergency Response

The National Institute for Standards and Technology is reportedly aiming to tap into social media analytics to develop a more adequate public emergency response protocol. This strategic effort to advance research aims to enable public-safety entities to have the ability to use social media for emergency response. The NIST plans

Read More
04 Jun 2020

Critical flaw in IOS routers allows ‘complete system compromise’

Four critical flaws have been disclosed by Cisco, affecting router equipment operating on IOS XE and IOS software created by the company. the critical flaws are part of Cisco’s June 3 semi-annual advisory and were disclosed alongside 23 advisories describing 25 vulnerabilities in total. The most severe bug, CVE-2020-3227, is

Read More