89 matches found
CVE-2023-6866
TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox 121...
Code injection
TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox 121...
Beyond Vulnerabilities: Why API Abuse Is a Critical Challenge
...
CVE-2023-35180
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API...
CVE-2023-35180
The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API...
SolarWinds Access Rights Manager Code Issue Vulnerability
SolarWinds Access Rights Manager is a lightweight review management system from SolarWinds, Inc. A code issue vulnerability exists in SolarWinds Access Rights Manager that stems from allowing authenticated users to abuse the SolarWinds ARM API...
Introducing Integrated API Abuse Prevention to Combat Bad Bots
In recent years theres been a rise in "API Abuse" attacks, which includes detrimental automated behaviors such as malicious bots, account takeover ATO, credential stuffing, application layer L7 DDoS, data scraping, and more. For instance, in April-2021 malicious actors scraped the personal data o...
Google Cloud Introduces Security AI Workbench for Faster Threat Detection and Analysis
Google's cloud division is following in the footsteps of Microsoft with the launch of Security AI Workbench that leverages generative AI models to gain better visibility into the threat landscape. Powering the cybersecurity suite is Sec-PaLM, a specialized large language model LLM that's...
Imperva and Kong Partner to Bring API Security to the Gateway for Enhanced API Management
Imperva is delighted to announce a new partnership with Kong Inc, provider of the leading cloud-native API platform, to offer best-in-class API Security to users of the Kong platform. Through the new partnership, Kong Enterprise customers can protect their business applications and data by...
RedditC2 - Abusing Reddit API To Host The C2 Traffic, Since Most Of The Blue-Team Members Use Reddit, It Might Be A Great Way To Make The Traffic Look Legit
Abusing Reddit API to host the C2 traffic, since most of the blue-team members use Reddit, it might be a great way to make the traffic look legit. Disclaimer: Use of this project is for Educational/Testing purposes only. Using it on unauthorised machines is strictly forbidden. If somebody is...
SUSE CVE-2016-1638
extensions/renderer/resources/platformapp.js in the Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly restrict use of Web APIs, which allows remote attackers to bypass intended access restrictions via a crafted platform app...
New T-Mobile Breach Affects 37 Million Accounts
T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately ...
Learn from the T-Mobile API Breach to Improve Your API Security Program in 2023
A CISO’s job has never been more challenging. Engineering teams move fast, especially as organizations are accelerating their digital transformation efforts. The tech stack is exploding and varies greatly across the organization. And there is a surge of internal, external, and partner APIs. It’s...
CVE-2022-44016
An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can download arbitrary files from the web server by abusing an API call: /DS/LMAPI/api/ConfigurationService/GetImages with an '"ImagesPath":"C:\"' value...
CVE-2022-44016
CVE-2022-44016 affects Simmeth Lieferantenmanager prior to 5.6. An attacker can download arbitrary files from the web server by abusing the API call /DS/LM_API/api/ConfigurationService/GetImages with an "ImagesPath":"C:\"" value. This allows local file disclosure and impacts confidentiality (high...
Can ChatGPT be used to attack your APIs? | API Security Newsletter
The winter solstice is fast approaching, along with the end-of-year holidays - before we know it, itll be 2023 already! And with the fall behind us, our hive has been busy putting the finishing touches on many new and improved capabilities – such as weak JWT detection, API Abuse Prevention, API...
From Online Fraud to DDoS and API Abuse: The State of Security Within eCommerce in 2022
What are the biggest cybersecurity threats affecting online retailers today? The State of Security Within eCommerce in 2022 Report from Imperva is now available and answers that question. For this report, Imperva’s cybersecurity experts analyzed 12 months of data, collected from our global networ...
A Microsoft Office 365 Feature Could Help Ransomware Hackers Hold Cloud Files Hostage
A "dangerous piece of functionality" has been discovered in Microsoft 365 suite that could be potentially abused by a malicious actor to mount attacks on cloud infrastructure and ransom files stored on SharePoint and OneDrive. The cloud ransomware attack makes it possible to launch file-encryptin...
What is API Abuse ❓ Prevention measures.
APIs are paramount for constructing a steadfast and constant communication bridge that empowers devices to pass-on desired information seamlessly. Hackers adopt many ways to exploit the APIs and corrupt the targeted device. This API exploitation is a potential threat to API security and needs...
What is API Abuse ❓ Prevention measures.
APIs are paramount for constructing a steadfast and constant communication bridge that empowers devices to pass-on desired information seamlessly. Hackers adopt many ways to exploit the APIs and corrupt the targeted device. This API exploitation is a potential threat to API security and needs...