AppTrana | Breaking Cybersecurity News | The Hacker News

API attacks are on the rise. One of their major targets is eCommerce firms like yours.  APIs are a vital part of how eCommerce businesses are accelerating their growth in the digital world.  ECommerce platforms use APIs at all customer touchpoints, from displaying products to handling shipping. Owing to their increased use, APIs are attractive targets for hackers, as the following numbers expose:  API attack traffic increased by  681% in 2021    77% of retail respondents experienced API security incidents in 2021– according to  Noname security If left unaddressed, API abuse can damage your reputation, harm consumers, and affect the bottom line. Hence  API security  is worthy of consideration for eCommerce stakeholders. Why do eCommerce companies need APIs? API makes it easy for retailers and eCommerce platforms to handle product listings and orders. It transformed the static website into a completely customizable headless store. Retailers use APIs for various functions, inclu

Security threats are always a concern when it comes to APIs. API security can be compared to driving a car. You must be cautious and review everything closely before releasing it into the world. By failing to do so, you're putting yourself and others at risk. API attacks are more dangerous than other breaches. Facebook had a 50M user account affected by an API breach, and an API data breach on the Hostinger account exposed 14M customer records.  If a hacker gets into your API endpoints, it could spell disaster for your project. Depending on the industries and geographies you're talking about, insecure APIs could get you into hot water. Especially in the EU, if you're serving the banking, you could face massive legal and compliance problems if you're discovered to be using insecure APIs.  To mitigate these risks, you need to be aware of the potential  API vulnerabilities  that cybercriminals can exploit.   6 Commonly Overlooked API Security Risks #1 No API Visibili

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

Today's web has made hackers' tasks remarkably easy. For the most part, hackers don't even have to hide in the dark recesses of the web to take advantage of people any longer; they can be found right in plain sight on social media sites or forums, professionally advertised with their websites, and may even approach you anonymously through such channels as Twitter. Cybercrime has entered a new era where people don't steal just for the thrill of doing it anymore. They make it their business to carry out illegal cyber activities in small groups or individually to earn business from online criminals, selling offensive services like spyware as a service or commercial cybersecurity. For instance, a series of new DDoS for Hire are commoditizing the art of hacking and reducing the barrier to launching  DDoS attacks . Who are Hackers-for-Hire?  Hackers-for-hire are secret cyber experts or groups who specialize in infiltrating organizations to acquire intelligence in one way

Web applications suffer continuously evolving attacks, where a web application firewall (WAF) is the first line of defense and a necessary part of organizations' cybersecurity strategies. WAFs are getting more sophisticated all the time, but as its core protection starts with efficient pattern matching, typically using Regular Expressions, and classifying malicious traffic to block cyber attacks. Evading pattern matching However, unfortunately, this technique is no silver bullet against determined attackers. Once it's known that there is a protection layer enabled, malicious actors find ways to bypass it, and most of the time, they even succeed. It usually can be achieved when the same attacking payload, blocked by WAF , can be disguised to make it 'invisible' to the pattern matching mechanism to evade security. Context-Specific Obfuscation The web uses many technologies, and they all have different rules for what comprises valid syntax in their grammar

If you ask Alex, he won't admit being old-fashioned. He has been working in the IT industry for a while now and accepts that security is important for the business's health. But reluctant to take security as the business enabler. In today's environment, moving to digitization is a critical step required to drive innovation and business growth. When the application development takes the driver seat, security stalls the progress by saying NO to many things on the highway. — Is what he says. At that point, my friend Daniel got involved and argued that application security is no longer optional to our business as we rely on apps for our day-to-day activities. And, he added a powerful quote: "Because we've brakes in our cars, we can drive fast" - Robert Garigue Businesses will less likely advance if they don't have security (brakes) to do safely. The car's speed obtains improvement with brakes – the improvements to business are the improvement to th

The City of Baltimore was under cyber-attack last year, with hackers demanding $76,000 in ransom. Though the city chose not to pay the ransom, the attack still cost them nearly $18 million in damages, and then the city signed up for a $20 million cyber insurance policy. It's very evident that cyber-attacks are not only costly in terms of time and money but also bring extensive legal liability with them. According to Juniper Research 's prediction, the cost of a data breach could cross $150 million by 2020. With the rising cost of data breaches and cyber-attacks, cybersecurity has become a board room conversation on an unprecedented scale. In this ever-connected online world, web application security is the cornerstone of the overall cybersecurity of any company. When it comes to application security, web application firewall (WAF) based protection has been the first line of defense against web attacks for a while now. A web application firewall is deployed in fron

Humankind had come a long way from the time when the Internet became mainstream. What started as a research project ARPANET (Advanced Research Projects Agency Network) funded by DARPA has grown exponentially and has single-handedly revolutionized human behavior. When WWW (world wide web) came into existence, it was meant to share information over the Internet, from there part through natural evolution and part through webonomics driving innovations, Internet & www has metamorphosized into the lifeblood of the world. It is hard to imagine now how the world functioned before the time of the Internet. It has touched each aspect of human life and is now critical for day to day existence. No business today can exist without an online presence. It is no more just a medium to share information, but world economics runs over the web nowadays. Organizations, governments, and people all depend on this. New warfares will not happen in the real world but would be fought over the cyber

WAF (Web Application Firewall) has been the first line of defence when it comes to application security for a while now. Many organizations have adopted WAF in one form or the other and most cases, compliance has been the driver for adoption. But unfortunately, when it comes to the efficacy of WAF in thwarting attacks, it has not lived up to the expectations. In most organizations, WAF has always remained in log mode with a little process to monitor and react, rendering the solution ineffective. The major challenge with effective deployment of WAF is: Applications are unique, and there is no silver bullet set of rules that will protect them all, Most WAF's do not try to understand the risk profile of the application; they end up providing common out of box vanilla rules that seldom works. Each application has its own intricacies and the out of the box rules that many WAF vendors provide create a lot of FPs (False Positives) or FNs (False Negatives), For proper implement