#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

AppTrana | Breaking Cybersecurity News | The Hacker News

Why is Robust API Security Crucial in eCommerce?

Why is Robust API Security Crucial in eCommerce?
Dec 09, 2022 API Security / Web Application Firewall
API attacks are on the rise. One of their major targets is eCommerce firms like yours.  APIs are a vital part of how eCommerce businesses are accelerating their growth in the digital world.  ECommerce platforms use APIs at all customer touchpoints, from displaying products to handling shipping. Owing to their increased use, APIs are attractive targets for hackers, as the following numbers expose:  API attack traffic increased by  681% in 2021    77% of retail respondents experienced API security incidents in 2021– according to  Noname security If left unaddressed, API abuse can damage your reputation, harm consumers, and affect the bottom line. Hence  API security  is worthy of consideration for eCommerce stakeholders. Why do eCommerce companies need APIs? API makes it easy for retailers and eCommerce platforms to handle product listings and orders. It transformed the static website into a completely customizable headless store. Retailers use APIs for various functions, inclu

6 Top API Security Risks! Favored Targets for Attackers If Left Unmanaged

6 Top API Security Risks! Favored Targets for Attackers If Left Unmanaged
Sep 09, 2022
Security threats are always a concern when it comes to APIs. API security can be compared to driving a car. You must be cautious and review everything closely before releasing it into the world. By failing to do so, you're putting yourself and others at risk. API attacks are more dangerous than other breaches. Facebook had a 50M user account affected by an API breach, and an API data breach on the Hostinger account exposed 14M customer records.  If a hacker gets into your API endpoints, it could spell disaster for your project. Depending on the industries and geographies you're talking about, insecure APIs could get you into hot water. Especially in the EU, if you're serving the banking, you could face massive legal and compliance problems if you're discovered to be using insecure APIs.  To mitigate these risks, you need to be aware of the potential  API vulnerabilities  that cybercriminals can exploit.   6 Commonly Overlooked API Security Risks #1 No API Visibili
Webinar: Learn How to Stop Hackers from Exploiting Hidden Identity Weaknesses

Webinar: Learn How to Stop Hackers from Exploiting Hidden Identity Weaknesses

Apr 10, 2024Webinar / Identity Security
We all know passwords and firewalls are important, but what about the invisible threats lurking beneath the surface of your systems? Identity Threat Exposures (ITEs) are like secret tunnels for hackers – they make your security way more vulnerable than you think. Think of it like this: misconfigurations, forgotten accounts, and old settings are like cracks in your digital fortress walls. Hackers exploit these weaknesses to steal login information, gain sneaky access, and move around your systems unnoticed, whether they're in the cloud or on-site. This upcoming webinar,  " Today's Top 4 Identity Security Threat Exposures: Are You Vulnerable? "  isn't just for tech experts—it's about protecting your business.  We'll use real-world examples and insights from Silverfort's latest report to show you the hidden dangers of ITEs. You'll learn about: The Top 4 Identity Threats You Might Be Overlooking:  We'll name them and explain why they're

The Business of Hackers-for-Hire Threat Actors

The Business of Hackers-for-Hire Threat Actors
Aug 10, 2022
Today's web has made hackers' tasks remarkably easy. For the most part, hackers don't even have to hide in the dark recesses of the web to take advantage of people any longer; they can be found right in plain sight on social media sites or forums, professionally advertised with their websites, and may even approach you anonymously through such channels as Twitter. Cybercrime has entered a new era where people don't steal just for the thrill of doing it anymore. They make it their business to carry out illegal cyber activities in small groups or individually to earn business from online criminals, selling offensive services like spyware as a service or commercial cybersecurity. For instance, a series of new DDoS for Hire are commoditizing the art of hacking and reducing the barrier to launching  DDoS attacks . Who are Hackers-for-Hire?  Hackers-for-hire are secret cyber experts or groups who specialize in infiltrating organizations to acquire intelligence in one way

UPCOMING WEBINAR: Implementing What's New in NIST CSF 2.0

cyber security
websiteArmorPointCybersecurity / Webinar
Learn three practical steps to implement the latest version of the NIST CSF on 4/15 at 3pm ET. Register Today!

How AppTrana Managed Cloud WAF Tackles Evolving Attacking Techniques

How AppTrana Managed Cloud WAF Tackles Evolving Attacking Techniques
Aug 17, 2020
Web applications suffer continuously evolving attacks, where a web application firewall (WAF) is the first line of defense and a necessary part of organizations' cybersecurity strategies. WAFs are getting more sophisticated all the time, but as its core protection starts with efficient pattern matching, typically using Regular Expressions, and classifying malicious traffic to block cyber attacks. Evading pattern matching However, unfortunately, this technique is no silver bullet against determined attackers. Once it's known that there is a protection layer enabled, malicious actors find ways to bypass it, and most of the time, they even succeed. It usually can be achieved when the same attacking payload, blocked by WAF , can be disguised to make it 'invisible' to the pattern matching mechanism to evade security. Context-Specific Obfuscation The web uses many technologies, and they all have different rules for what comprises valid syntax in their grammar

Why Application Security Should Be Considered An Enabler For Business

Why Application Security Should Be Considered An Enabler For Business
Jul 16, 2020
If you ask Alex, he won't admit being old-fashioned. He has been working in the IT industry for a while now and accepts that security is important for the business's health. But reluctant to take security as the business enabler. In today's environment, moving to digitization is a critical step required to drive innovation and business growth. When the application development takes the driver seat, security stalls the progress by saying NO to many things on the highway. — Is what he says. At that point, my friend Daniel got involved and argued that application security is no longer optional to our business as we rely on apps for our day-to-day activities. And, he added a powerful quote: "Because we've brakes in our cars, we can drive fast" - Robert Garigue Businesses will less likely advance if they don't have security (brakes) to do safely. The car's speed obtains improvement with brakes – the improvements to business are the improvement to th

Why Businesses Should Consider Managed Cloud-Based WAF Protection

Why Businesses Should Consider Managed Cloud-Based WAF Protection
Feb 28, 2020
The City of Baltimore was under cyber-attack last year, with hackers demanding $76,000 in ransom. Though the city chose not to pay the ransom, the attack still cost them nearly $18 million in damages, and then the city signed up for a $20 million cyber insurance policy. It's very evident that cyber-attacks are not only costly in terms of time and money but also bring extensive legal liability with them. According to Juniper Research 's prediction, the cost of a data breach could cross $150 million by 2020. With the rising cost of data breaches and cyber-attacks, cybersecurity has become a board room conversation on an unprecedented scale. In this ever-connected online world, web application security is the cornerstone of the overall cybersecurity of any company. When it comes to application security, web application firewall (WAF) based protection has been the first line of defense against web attacks for a while now. A web application firewall is deployed in fron

A Comprehensive Guide On How to Protect Your Websites From Hackers

A Comprehensive Guide On How to Protect Your Websites From Hackers
Oct 17, 2019
Humankind had come a long way from the time when the Internet became mainstream. What started as a research project ARPANET (Advanced Research Projects Agency Network) funded by DARPA has grown exponentially and has single-handedly revolutionized human behavior. When WWW (world wide web) came into existence, it was meant to share information over the Internet, from there part through natural evolution and part through webonomics driving innovations, Internet & www has metamorphosized into the lifeblood of the world. It is hard to imagine now how the world functioned before the time of the Internet. It has touched each aspect of human life and is now critical for day to day existence. No business today can exist without an online presence. It is no more just a medium to share information, but world economics runs over the web nowadays. Organizations, governments, and people all depend on this. New warfares will not happen in the real world but would be fought over the cyber

Let Experts Do Their Job – Managed WAF by Indusface

Let Experts Do Their Job – Managed WAF by Indusface
Aug 13, 2019
WAF (Web Application Firewall) has been the first line of defence when it comes to application security for a while now. Many organizations have adopted WAF in one form or the other and most cases, compliance has been the driver for adoption. But unfortunately, when it comes to the efficacy of WAF in thwarting attacks, it has not lived up to the expectations. In most organizations, WAF has always remained in log mode with a little process to monitor and react, rendering the solution ineffective. The major challenge with effective deployment of WAF is: Applications are unique, and there is no silver bullet set of rules that will protect them all, Most WAF's do not try to understand the risk profile of the application; they end up providing common out of box vanilla rules that seldom works. Each application has its own intricacies and the out of the box rules that many WAF vendors provide create a lot of FPs (False Positives) or FNs (False Negatives), For proper implement
Cybersecurity Resources