Search results for API keys | Breaking Cybersecurity News | The Hacker News

As cloud infrastructure becomes the backbone of modern enterprises, ensuring the security of these environments is paramount. With AWS (Amazon Web Services) still being the dominant cloud it is important for any security professional to know where to look for signs of compromise. AWS CloudTrail stands out as an essential tool for tracking and logging API activity, providing a comprehensive record of actions taken within an AWS account. Think of AWS CloudTrail like an audit or event log for all of the API calls made in your AWS account. For security professionals, monitoring these logs is critical, particularly when it comes to detecting potential unauthorized access, such as through stolen API keys. These techniques and many others I've learned through the incidents I've worked in AWS and that we built into SANS FOR509 , Enterprise Cloud Forensics.  1. Unusual API Calls and Access Patterns A. Sudden Spike in API Requests One of the first signs of a potential security breach is ...

With the growing reliance on web applications and digital platforms, the use of application programming interfaces (APIs) has become increasingly popular. If you aren't familiar with the term, APIs allow applications to communicate with each other and they play a vital role in modern software development. However, the rise of API use has also led to an increase in the number of API breaches. These breaches occur when unauthorized individuals or systems gain access to an API and the data it contains. And as victims can attest, breaches can have devastating consequences for both businesses and individuals. One of the primary concerns with API breaches is the exposure of sensitive data. APIs often contain or provide access to personal or financial information, and if this data falls into the wrong hands, it can be used for fraudulent activities or identity theft. API breaches can also lead to severe reputational damage for businesses. Customers and stakeholders expect their informatio...

Researchers have uncovered a list of 3,207 mobile apps that are exposing Twitter API keys in the clear, some of which can be utilized to gain unauthorized access to Twitter accounts associated with them. The takeover is made possible, thanks to a leak of legitimate Consumer Key and Consumer Secret information, respectively, Singapore-based cybersecurity firm CloudSEK said in a report exclusively shared with The Hacker News. "Out of 3,207, 230 apps are leaking all four authentication credentials and can be used to fully take over their Twitter Accounts and can perform any critical/sensitive actions," the researchers said.  This can range from reading direct messages to carrying out arbitrary actions such as retweeting, liking and deleting tweets, following any account, removing followers, accessing account settings, and even changing the account profile picture. Access to the Twitter API  requires  generating secret keys and access tokens, which act as the usernames...

Microsoft has revealed that it's pursuing legal action against a "foreign-based threat–actor group" for operating a hacking-as-a-service infrastructure to intentionally get around the safety controls of its generative artificial intelligence (AI) services and produce offensive and harmful content. The tech giant's Digital Crimes Unit (DCU) said it has observed the threat actors "develop sophisticated software that exploited exposed customer credentials scraped from public websites," and "sought to identify and unlawfully access accounts with certain generative AI services and purposely alter the capabilities of those services." The adversaries then used these services, such as Azure OpenAI Service, and monetized the access by selling them to other malicious actors, providing them with detailed instructions as to how to use these custom tools to generate harmful content. Microsoft said it discovered the activity in July 2024. The Windows maker...

API attacks are on the rise. One of their major targets is eCommerce firms like yours.  APIs are a vital part of how eCommerce businesses are accelerating their growth in the digital world.  ECommerce platforms use APIs at all customer touchpoints, from displaying products to handling shipping. Owing to their increased use, APIs are attractive targets for hackers, as the following numbers expose:  API attack traffic increased by  681% in 2021    77% of retail respondents experienced API security incidents in 2021– according to  Noname security If left unaddressed, API abuse can damage your reputation, harm consumers, and affect the bottom line. Hence  API security  is worthy of consideration for eCommerce stakeholders. Why do eCommerce companies need APIs? API makes it easy for retailers and eCommerce platforms to handle product listings and orders. It transformed the static website into a completely customizable headless store. Ret...

Cybersecurity researchers have disclosed a now-patched security flaw in LangChain's LangSmith platform that could be exploited to capture sensitive data, including API keys and user prompts. The vulnerability, which carries a CVSS score of 8.8 out of a maximum of 10.0, has been codenamed AgentSmith by Noma Security. LangSmith is an observability and evaluation platform that allows users to develop, test, and monitor large language model (LLM) applications, including those built using LangChain. The service also offers what's called a LangChain Hub , which acts as a repository for all publicly listed prompts, agents, and models. "This newly identified vulnerability exploited unsuspecting users who adopt an agent containing a pre-configured malicious proxy server uploaded to 'Prompt Hub,'" researchers Sasi Levi and Gal Moyal said in a report shared with The Hacker News. "Once adopted, the malicious proxy discreetly intercepted all user communicatio...

While application development has evolved rapidly, the API management suites used to access these services remain a spooky reminder of a different era. Introducing new API management infrastructure with these legacy models still poses challenges for organizations as they modernize. Transitioning from monolithic architectures to agile microservices empowers developers to make quick changes. Using serverless technologies and containers enables rapid scalability. Adopting cloud-native API management further enhances developer productivity and leaves the ghosts of outdated operations behind. This blog uncovers the risks of neglecting API modernization and highlights how Gloo Gateway enhances upstream projects like Envoy with essential enterprise features like security, observability, and API controls. What's more, as a Kubernetes-native solution, Gloo Gateway seamlessly integrates with the Kubernetes API for easy deployment. Gloo Gateway adds enterprise capabilities to upstream open sou...

As machine identities explode across cloud environments, enterprises report dramatic productivity gains from eliminating static credentials. And only legacy systems remain the weak link. For decades, organizations have relied on static secrets, such as API keys, passwords, and tokens, as unique identifiers for workloads. While this approach provides clear traceability, it creates what security researchers describe as an "operational nightmare" of manual lifecycle management, rotation schedules, and constant credential leakage risks. This challenge has traditionally driven organizations toward centralized secret management solutions like HashiCorp Vault or CyberArk, which provide universal brokers for secrets across platforms. However, these approaches perpetuate the fundamental problem: the proliferation of static secrets requiring careful management and rotation. "Having a workload in Azure that needs to read data from AWS S3 is not ideal from a security perspective...

In the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day? A Single Secret Can Wreak Havoc Imagine this: It's a typical Tuesday in June 2024. Your dev team is knee-deep in sprints, Jira tickets are flying, and Slack is buzzing with the usual mix of cat memes and code snippets. Little do you know, buried in this digital chatter is a ticking time bomb – a plaintext credential that gives unfettered access to your company's crown jewels. Fast forward a few weeks, and you're in the middle of a CISO's worst nightmare. Terabytes of customer data, including millions of bank account details, have been exfiltrated. Your company is splashed across headlines, and new incidents are surfacing daily. The culprit? A secret inadvertently shared in a Jira comment. This isn't a far-fetched scenario. It happen...

Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. "Several widely used extensions [...] unintentionally transmit sensitive data over simple HTTP," Yuanjing Guo, a security researcher in the Symantec's Security Technology and Response team, said . "By doing so, they expose browsing domains, machine IDs, operating system details, usage analytics, and even uninstall information, in plaintext." The fact that the network traffic is unencrypted also means that they are susceptible to adversary-in-the-middle (AitM) attacks, allowing malicious actors on the same network such as a public Wi-Fi to intercept and, even worse, modify this data, which could lead to far more serious consequences. The list of identified extensions are below - SEMRush Rank (extension ID: idbhoeaiokcojcgappfigpifhpkjgmab) and P...

JumpCloud, a provider of cloud-based identity and access management solutions, has swiftly reacted to an ongoing cybersecurity incident that impacted some of its clients. As part of its damage control efforts, JumpCloud has reset the application programming interface (API) keys of all customers affected by this event, aiming to protect their valuable data. The company has informed the concerned clients about the critical nature of this move, reinforcing its commitment to safeguarding their operations and organizations. This API key reset will, however, disrupt certain functionalities like AD import, HRIS integrations, JumpCloud PowerShell modules, JumpCloud Slack apps, Directory Insights Serverless apps, ADMU, third-party zero-touch MDM packages, Command Triggers, Okta SCIM integration, Azure AD SCIM integration, Workato, Aquera, Tray, and more. Despite the potential disruptions, JumpCloud maintains that the key reset is for the greater good of its clients. For those needing assis...

New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are pasting passwords and credentials into online tools like JSONformatter and CodeBeautify that are used to format and validate code. Cybersecurity company watchTowr Labs said it captured a dataset of over 80,000 files on these sites, uncovering thousands of usernames, passwords, repository authentication keys, Active Directory credentials, database credentials, FTP credentials, cloud environment keys, LDAP configuration information, helpdesk API keys, meeting room API keys, SSH session recordings, and all kinds of personal information. This includes five years of historical JSONFormatter content and one year of historical CodeBeautify content, totalling over 5GB worth of enriched, annotated JSON data. Organizations impacted by the leak span critical national infrastructure, government, finance, insurance, banking, technology, retail, aerospace, t...