Aggregator

A vulnerability was found in Cisco ONS 15454 Optical Transport Platform up to 4.1(0) and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to denial of service. This vulnerability is handled as CVE-2004-1434. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

本文讨论了套接字理论（Socket Theory）的基本原理、它在 OSINT 操作中的重要性以及实施这一方法的最佳实践。

The reality is stark: Cybersecurity isn’t an endpoint problem or a reactive defense game—it’s a data search problem.

The post Security is Actually a Data Search Problem: How We Win by Treating it Like One appeared first on Security Boulevard.

A vulnerability classified as problematic was found in Horde Groupware up to 5.2.10. Affected by this vulnerability is an unknown functionality of the file admin/cmdshell.php. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2015-7984. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

New ESET research reveals that 73% of UK educational institutions experienced at least one cyber-attack or breach in the past five years

A vulnerability was found in mlflow up to 2.9.2. It has been declared as problematic. This vulnerability affects unknown code of the component Jupyter Notebook Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-27133. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial-of-service (DDoS) attacks. According to QiAnXin XLab, the attacks have leveraged the security flaw since June 2024. Additional details about the shortcomings have been withheld to prevent further abuse. Some

A vulnerability has been found in QPC Software QVT Term Plus 4.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Username/Password leads to memory corruption. This vulnerability is known as CVE-1999-1539. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Microsoft Windows 2000 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component TCP/IP Stack. The manipulation leads to denial of service. This vulnerability is known as CVE-2005-1184. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

As organizations face increasingly sophisticated cyberthreats, the need for a comprehensive and effective security strategy has never been more urgent. Traditional cybersecurity solutions often fall short, either by focusing only on known threats or by lacking the depth needed to detect unique attack techniques...

A vulnerability was suspected in Linux Kernel up to 6.12.8. This issue was flagged as a false-positive. Please consult the sources mentioned and consider not using this entry at all.

Учебный проект студентов превратился в инструмент банковских мошенников.

A vulnerability, which was classified as problematic, has been found in Proxifier for Mac up to 2.19.1. This issue affects some unknown processing of the component KLoader Binary Handler. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2017-7690. Attacking locally is a requirement. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

President Fulfills Campaign Promise to Pardon Ross Ulbricht, Blames DOJ Abuse
On his second day in office, U.S. President Donald Trump pardoned Ross Ulbricht, founder of Silk Road, an online marketplace tied to over $200 million in illegal bitcoin transactions. Ulbricht has been in federal prison since 2015, sentenced to life with no possibility of parole.

Imagine sipping your morning coffee, scrolling through your inbox, when a seemingly innocent ProtonMail message catches your eye. But this isn’t your typical email—it’s a credential-harvesting attempt targeting specific cloud services. Today, cybercriminals are not just focusing on well-known platforms like DocuSign and Microsoft. They’re expanding their reach, exploiting a variety of cloud apps such […]

The post Is That Really ProtonMail? New Credential Harvesting Threats Targeting Cloud Apps first appeared on SlashNext.

The post Is That Really ProtonMail? New Credential Harvesting Threats Targeting Cloud Apps appeared first on Security Boulevard.

Lookout announced their new Lookout Mobile Intelligence Application Programming Interfaces (APIs), exponentially expanding the scope of visibility into enterprise mobile security data. Lookout Mobile Intelligence APIs integrate critical security data from mobile devices into the solutions already in use by security teams – those like SIEM, SOAR, and XDR. This enables security teams to identify cross-platform attacks, risky trends or abnormalities, and potential risks. Mobile devices have become the cornerstone of modern organizations, allowing employees … More →

The post Lookout Mobile Intelligence APIs identifies cross-platform attacks appeared first on Help Net Security.

As enterprises increasingly adopt cloud-native architectures, microservices, and third-party integrations, the number of Application Programming Interfaces (APIs) has surged, creating an “API tsunami” in an organization's infrastructure that threatens to overwhelm traditional management practices. As digital services proliferate, so does the development of APIs, which allow various applications to communicate or integrate with each other and share information. This rapid growth, often referred to as API sprawl, complicates security and management efforts as traditional security tooling is not equipped to deal with the specific challenges of API attacks. Therefore, the attack surface widens, making it harder for organizations to monitor and secure each endpoint.

The Growing Challenge of API Sprawl

API sprawl brings several unique challenges that traditional security tools and practices are ill-equipped to handle. These include:

1. The Invisible Threat of API Proliferation Leads to an Expanded Attack Surface

Each new API endpoint increases an organization’s attack surface, as every API represents a potential entry point for attackers. The larger and more decentralized an API ecosystem, the harder it becomes for security teams to enforce consistent security policies and monitor for vulnerabilities across all endpoints.

For example, research from Salt Security in 2024 found that over 63% of organizations experienced security incidents due to unmonitored or inadequately secured APIs, often those created by different teams across multiple cloud environments. With hundreds or thousands of active APIs, each endpoint becomes a blind spot in the network, and attackers actively seek out these less visible targets.

Action: Implement centralized API management solutions that integrate with all deployed APIs across the enterprise. Centralized platforms offer better visibility and control, allowing security teams to enforce security policies uniformly, monitor all endpoints for vulnerabilities, and streamline incident response.

2. Inconsistent Security Standards and Fragmented API Management

API sprawl leads to inconsistent security practices, as different teams - often working with different standards - create and manage their own APIs. These inconsistencies can lead to security misconfigurations, varying levels of access control, and inconsistently applied encryption protocols, creating weaknesses that attackers can exploit.

Salt Security's report also shows that some institutions prioritize API security only selectively, leading to gaps where older APIs or less protected endpoints might use basic authentication or API keys instead of robust multi-factor authentication. This inconsistency can expose sensitive information, particularly in financial institutions where APIs often process personal and transactional data. Moreover, attacks against APIs have been on the rise within the financial services sector, prompting a significant portion of the industry to elevate API security to a critical business priority in response.

Action: Establish a centralized API security policy that mandates uniform security practices for all APIs, including requirements for encryption, authentication, and access control. Additionally, adopt API gateways that can enforce these policies automatically, ensuring consistency across environments, whether on-premises or cloud-based.

3. Maintaining Regulatory Standards Across APIs become Compliance and Data Privacy Challenges

Compliance with regulations like GDPR, CCPA, and HIPAA becomes increasingly challenging in an API-sprawled environment. This is because data privacy laws require organizations to secure sensitive information and maintain audit trails. However, when APIs proliferate, it’s hard to track where data is stored, processed, and transmitted. Many organizations lack visibility into the data flows of all APIs, especially shadow or undocumented APIs, which can create potential compliance violations.

As digital healthcare services and mobile apps become more popular, the bigger the risk to personal health information (PHI) becomes. For example, earlier this year, fertility tracker app Glow experienced a massive data leak of 25 million users due to a leaky developer API. This  incident highlights the risk of compliance violations in environments with uncontrolled API growth - particularly as countries like the UK seek to centralize healthcare management, proposing that medical records, health letters and test results will all be available through the NHS app.

Action: Implement continuous API discovery and cataloging tools to maintain an accurate, up-to-date inventory of all APIs in use. These tools should provide visibility into data flows and facilitate compliance audits by tracking data transmission, storage, and access. Regularly audit APIs to ensure each complies with relevant regulatory requirements, and use automated tools to detect and remediate gaps in compliance.

4. The Strain of Managing API Sprawl and Operational Complexity

It’s not a surprise that the larger the API ecosystem, the more difficult it becomes to manage. As digital services gain popularity and streamline everyday business operations, security teams face a growing workload to oversee each endpoint, manage access controls, and perform vulnerability scans. This operational complexity can lead to overlooked vulnerabilities and delayed responses, especially in multi-cloud environments where APIs interact across different services and platforms.

For example, large enterprises with multiple business units, each will have its own API standards and practices. Security teams are often unable to effectively manage and monitor the entire ecosystem due to the sheer scale of the business, which can lead to many API security incidents that can take weeks to fully investigate and resolve.

Action: Adopt centralized, scalable API management platforms that allow security teams to monitor all APIs from a single dashboard. Automated vulnerability scanning and real-time alerts reduce manual workload and improve the speed of response, while integrated security orchestration can streamline remediation processes. Give access to multiple business units that can help take responsibility for the security of the APIs they control.

5. API Lifecycle Management and the Ability to Address Shadow and Zombie APIs

With rapid development cycles, APIs are often created and deployed to meet immediate project needs, only to be forgotten once the project ends. These orphaned APIs, often referred to as shadow or zombie APIs, can remain active in production, creating ongoing security risks. Unmonitored and unmaintained, they become easy targets for attackers who scan for unprotected endpoints.

A notable example of a zombie API breach involved the United States Postal Service (USPS) in 2018, where an exposed API known as the "Informed Visibility" API allowed unauthorized access to sensitive customer data. This API, which provided near real-time tracking data to bulk mail senders and advertisers, lacked proper access control and anti-scraping protections. As a result, it exposed data for over 60 million USPS users, allowing attackers to query and retrieve personally identifiable information (PII) without restriction. The security gap was reported by a researcher rather than a malicious actor, allowing USPS to eventually patch the API after it was publicly disclosed.

Action: Integrate lifecycle management into API development processes, ensuring that each API is tracked from creation through deprecation. Automated decommissioning policies can remove APIs that are no longer in use, reducing the risk of zombie APIs. Additionally, automated discovery tools can continuously scan for shadow APIs, ensuring that undocumented endpoints are identified and either secured or removed.

Navigating the API Tsunami with Proactive Management

As more teams create and deploy APIs independently, the organization’s risk exposure grows, compounded by inconsistent security practices and regulatory compliance issues. Understanding and addressing the causes and consequences of API sprawl is essential to mitigating these risks.

Addressing API sprawl requires centralized management, consistent security practices, real-time monitoring, and effective lifecycle management. By proactively managing the “API tsunami,” organizations can reduce risk, ensure compliance, and improve operational efficiency.

Successful organizations will recognize that controlling API sprawl is not merely a security measure; it’s a strategic approach to sustaining digital transformation. With the right tools and practices, businesses can harness the benefits of APIs while safeguarding their environments against evolving security threats. Learn how to today.

The post The Quiet Rise of the ‘API Tsunami’ appeared first on Security Boulevard.

'Humphrey' Meant so Streamline Civil Service Work Across Whitehall
The British government on Tuesday launched artificial intelligence-powered tools intended to help civil servants offer improved public service in a first step toward implementing a plan meant to transform the United Kingdom into a world AI leader.

Initiative Aims to Bolster Security of EU Member Hospitals, Healthcare Providers
The European Commission has a new action plan to strengthen cybersecurity of the hospitals and other healthcare providers in the European Union from rising cyberthreats and attacks. The plan includes a cybersecurity support center to offer guidance and other resources to the EU's health sector.