Security Boulevard

Farcebok: Zuckerberg’s privacy pledge revealed as ineffectual

The post Meta’s Secret Spyware: ‘Local Mess’ Hack Tracks You Across the Web appeared first on Security Boulevard.

Boston, MA, Jun. 4, 2025, – The Healey-Driscoll administration and Massachusetts Technology Collaborative’s (MassTech) MassCyberCenter awarded $198,542 to four Massachusetts-based programs focused on preparing professionals for the cybersecurity workforce. MassTech provided the funds through the Alternative Cyber Career Education (ACE) … (more…)

The post News alert: $198K in Grants Awarded to Boost Cybersecurity Workforce in Massachusetts first appeared on The Last Watchdog.

The post News alert: $198K in Grants Awarded to Boost Cybersecurity Workforce in Massachusetts appeared first on Security Boulevard.

Engineering teams live in a paradox — under pressure to ship software faster than ever, yet every new open source component introduces hidden risk. Security backlogs pile up as developers scramble to fix vulnerabilities, balance new feature work, and try not to disrupt critical builds.

The post Automation you can trust: Cut backlogs without breaking builds appeared first on Security Boulevard.

Your business depends on APIs, which are essential for contemporary digital experiences, encompassing everything from mobile applications and IoT devices to the rapidly evolving AI landscape. With more than 80% of internet traffic now routed through APIs—a number projected to rise significantly due to AI developments—their security is crucial. Unfortunately, this vital infrastructure faces growing attacks, with these threats being a real and current danger to many.

The remarkable increase in such incidents serves as a wake-up call: a majority, 64% of organizations, have encountered an API attack or security breach in just the past year. This widespread threat landscape understandably generates considerable concern regarding the protection of sensitive data.

This worry is felt across various sectors, as 87% of organizations acknowledge their unease about data governance and/or data exposure issues resulting specifically from insecure APIs. A frequent oversight intensifies the issue: many organizations believe they have far fewer APIs than they do, by an underestimated margin of 70-80%. This misjudgment leaves numerous APIs, including shadow or neglected ones, exposed, resulting in a large and often unseen attack surface that could lead to significant data breaches when compromised.

Let's look at some real-world examples of what's at stake:

• Meta (Facebook): In 2018, attackers exploited a vulnerability in Facebook's "View As" feature, which interacted with the platform's APIs. This compromised access tokens and exposed the personal data of approximately 29 million users, leading to a hefty €251,000,000 fine.
• PayPal: In late 2022, cybercriminals exploited weaknesses in PayPal's systems, potentially involving API vulnerabilities. This breach led to unauthorized access to customers' personal information, including Social Security numbers, resulting in a $2,000,000 fine.
• AT&T: A data breach in January 2023 affected 8.9 million AT&T wireless customers. While the specifics of API involvement weren't fully disclosed, such breaches, especially those involving cloud vendors, frequently implicate API security lapses. The fine in this case was $13,000,000.

While these are prominent examples, numerous other API-related security incidents highlight the growing threat landscape:

• Optus: In 2022, the Australian telecommunications company suffered a major data breach where personal details of almost 10 million customers were exposed. Reports indicated an unauthenticated API was the entry point for the attackers.
• Twitter (now X): Also in 2022, a vulnerability in a Twitter API allowed attackers to access the phone numbers and email addresses of 5.4 million users, even if those users had hidden this information in their privacy settings.
• Peloton: Security researchers discovered in 2021 that Peloton's APIs allowed unauthorized access to user data, including user IDs, age, weight, gender, and workout statistics, regardless of whether profiles were set to private.

These incidents highlight a crucial truth: traditional security measures are frequently inadequate for tackling the distinct challenges associated with API security. Edge solutions, such as CDNs and WAAPs, may provide only basic inspection or rely on signature/schema-based defenses, while CNAPP/CSPM tools offer merely partial coverage of cloud environments. Neither approach effectively counters complex API business logic attacks or offers comprehensive visibility and governance across all APIs, which includes those on-premise or within encrypted traffic.

The issue is exacerbated by the ever-changing nature of APIs, with 75% undergoing updates weekly. This swift pace of change, combined with a common underestimation of the total number of APIs within an organization, creates an ideal environment for attackers.

It is evident that a proactive and committed strategy for API security has become a fundamental requirement, not a luxury. Organizations need to:

• Discover and Create a Unified Inventory: Gain full visibility across all internal, external, shadow, and third-party APIs.
• Posture Governance and Compliance: Assess API risk, enforce security policies, and detect misconfigurations in real-time.
• Stop Behavioral API Attacks: Identify and block threats that exploit business logic or legitimate functionality, going beyond simple rules and signatures.

The threats are real, the stakes are high, and the time to act is now. Don't wait for a breach to expose your vulnerabilities. Secure your APIs to protect your data, your customers, and your business.

If you want to learn more about Salt and how we can help you on your API Security journey through discovery, posture governance, and run-time threat protection, please contact us, schedule a demo, or check out our website.

The post Don’t Be a Statistic: Proactive API Security in the Age of AI appeared first on Security Boulevard.

Paid Java commercial support only pays off when there’s an incident, which is almost always sudden, unexpected, and expensive. Still, it only takes one time for you to wish you had paid commercial support for Java. Running with unsupported Java in production is risky. Let’s examine some of the hidden costs of operating Java without […]

The post 5 Reasons You Should Have Paid Commercial Support for Java appeared first on Azul | Better Java Performance, Superior Java Support.

The post 5 Reasons You Should Have Paid Commercial Support for Java appeared first on Security Boulevard.

You can read the details of Operation Spiderweb elsewhere. What interests me are the implications for future warfare:

If the Ukrainians could sneak drones so close to major air bases in a police state such as Russia, what is to prevent the Chinese from doing the same with U.S. air bases? Or the Pakistanis with Indian air bases? Or the North Koreans with South Korean air bases? Militaries that thought they had secured their air bases with electrified fences and guard posts will now have to reckon with the threat from the skies posed by cheap, ubiquitous drones that cFan be easily modified for military use. This will necessitate a massive investment in counter-drone systems. Money spent on conventional manned weapons systems increasingly looks to be as wasted as spending on the cavalry in the 1930s...

The post The Ramifications of Ukraine’s Drone Attack appeared first on Security Boulevard.

A recent Hacker News post looked at the reverse engineering of TikTok’s JavaScript virtual machine (VM). Many commenters assumed the VM was malicious, designed for invasive tracking or surveillance.

But based on the VM’s behavior and string patterns, a more plausible explanation is that it'

The post What TikTok’s virtual machine tells us about modern bot defenses appeared first on Security Boulevard.

Latest enhancements to OpenAI's Codex and Agents SDK, empowering developers with AI-driven coding solutions. Learn more today!

The post OpenAI Enhances Codex and Agents SDK for Improved AI Development appeared first on Security Boulevard.

Major Coinbase breach involving a significant customer data leak. Stay informed and protect your assets. Read more!

The post Coinbase Aware of Data Breach Since January, Report Reveals appeared first on Security Boulevard.

Power of Anthropic's Claude 4 models for coding and task management. Enhance productivity with cutting-edge AI solutions today!

The post Anthropic Unveils Claude 4 Family and New AI Models appeared first on Security Boulevard.

Beijing, China, 4th June 2025, CyberNewsWire

The post ThreatBook Selected in the First-ever Gartner® Magic Quadrant™ for Network Detection and Response (NDR) appeared first on Security Boulevard.

Prevent, detect, and respond to identity threats across all SaaS with Grip's ITDR 2.0 product.

The post Stay Ahead of Identity Threats with Grip ITDR 2.0 | Grip appeared first on Security Boulevard.

AI agents are no longer just experiments — they’re becoming embedded in the way modern enterprises operate. From processing transactions to coordinating logistics, agents are increasingly acting on behalf of people and systems. But here’s the catch: The infrastructure that governs their identity hasn’t caught up. AI agents don’t run in a neat, uniform environment....

The post The 6 identity problems blocking AI agent adoption in hybrid environments appeared first on Strata.io.

The post The 6 identity problems blocking AI agent adoption in hybrid environments appeared first on Security Boulevard.

Why is Adapting to Changes in NHIs Safety Crucial? One of the most important aspects often overlooked is the safety of Non-Human Identities (NHIs). With technology evolves, NHIs safety is also changing rapidly. It’s critical for organizations to keep pace with these developments to ensure robust security. But how can businesses adapt to this shifting? […]

The post Adapting to the Changing Landscape of NHIs Safety appeared first on Entro.

The post Adapting to the Changing Landscape of NHIs Safety appeared first on Security Boulevard.

Is Your Organization Grappling with Secrets Sprawl? If you’re a cybersecurity professional, you’ve likely dealt with secrets sprawl at some point. This phenomenon occurs within organizations when multiple systems, applications, and services harbor swarms of sensitive data, often in the form of machine identities. Such sprawl can pose a significant security risk, especially if the […]

The post Choosing the Right Strategy for Secrets Sprawl appeared first on Entro.

The post Choosing the Right Strategy for Secrets Sprawl appeared first on Security Boulevard.

What’s the Real Value of Your IAM Investment? For many organizations, Identity and Access Management (IAM) has been touted as the cornerstone of their cybersecurity strategy. But as a seasoned data management expert and cybersecurity specialist focusing on Non-Human Identities (NHIs) and Secrets Security Management, I’ve observed that a common dilemma for these enterprises is […]

The post Is Your Investment in IAM Justified? appeared first on Entro.

The post Is Your Investment in IAM Justified? appeared first on Security Boulevard.

Why Security Fundamentals Matter More Than Ever   Victoria’s Secret became the latest high-profile retailer to fall victim to a cyberattack, joining a growing list of brands reeling from data breaches....

The post Retail Under Siege appeared first on Security Boulevard.

Karpenter has emerged as a game-changer for Kubernetes cluster management, offering dynamic node provisioning and cost optimization. Originally created to change how Kubernetes clusters are scaled and managed, Karpenter was intended to provide a high-performance, flexible alternative to the Kubernetes Cluster Autoscaler. Over the past several years, however, it has now evolved into a more comprehensive node lifecycle manager that’s native to Kubernetes. With the release of Karpenter 1.0, organizations can now leverage stable APIs and enhanced features to automate infrastructure scaling with greater precision.

The post Improving Cost Efficiency with Karpenter 1.0: An Upgrade Guide appeared first on Security Boulevard.

APIs power today’s digital economy, but their lightning-fast evolution and astronomical call volumes can leave security teams scrambling to keep up. How can you secure what you can’t yet see or quantify? Imperva’s Unlimited Discovery-Only capability for the Cloud WAF (CWAF) add-On delivers continuous, comprehensive visibility into your entire API landscape without requiring up-front commitment […]

The post Discover First, Defend Fully: The Essential First Step on Your API Security Journey appeared first on Blog.

The post Discover First, Defend Fully: The Essential First Step on Your API Security Journey appeared first on Security Boulevard.

One of the most requested features I hear from clients as a Splunk Managed Services Provider (MSSP) is to have a mechanism for managing the version of the Splunk Universal Forwarder across the environment from the Deployment Server.  We could easily manage Splunk configurations for our clients via the Deployment Server, but any UF [...]

The post Upgrading Splunk Universal Forwarders from the Deployment Server appeared first on Hurricane Labs.

The post Upgrading Splunk Universal Forwarders from the Deployment Server appeared first on Security Boulevard.