API economy

October 16, 2024

Star Health Data Leak: The Call is Coming from Inside the House

Star Health suffered a massive data leak via API access. The personal information of millions of victims has been compromised, and worst of all, there may have been an insider who facilitated the breach.



October 15, 2024

Ecovacs Hurl Obscenities at Unsuspecting Users

Ecovac customers in Australia were startled when their vacuums began talking back to them, most notably using racial slurs. This was made possible through remote access and manipulation of the “smart” devices.



September 10, 2024

MoveIT Breaches have Lasting Impacts on Wisconsin Medicare

In Wisconsin, nearly a million Medicare users’ personally identifiable information has been exposed as a result of the moveIT breaches of yester-year.



August 2, 2024

Selenium Grid Target of Malware Attack

There is also a massive lack of awareness around APIs and API endpoints. Many developers buy 3rd party software packages without realizing that they contain a variety of APIs with their own unique vulnerabilities.



July 23, 2024

Google Cloud Security Threat Horizons Report #10

Google Cloud Security released an updated Threat Horizons report containing information about the top security risks. Here are our notes from the report.



July 19, 2024

Life 360 Phone Number Leak

Location-sharing services, like much of the modern internet, are powered by APIs. Because these APIs handle personally identifiable information such as addresses, phone numbers and more, breaches in these apps can lead to serious safety issues for users everywhere.



July 19, 2024

Apache Hugegraph Under Attack

With new API threats popping up every day, no one is safe from vulnerability. This is especially dangerous when it comes to large, widely used servers such as Apache HugeGraph.



July 1, 2024

New Cryptomining Campaigns Use Exposed Docker APIs

A new type of API attack has been discovered- and it’s particularly pernicious. The target? Exposed Docker APIs. The objective? Spreading cryptojacking malware.



June 13, 2024

Sensitive Meeting Data Left Vulnerable to Cyber Infiltration

Let’s talk about a recent example of an API vulnerability that was exploited to gain access to data within the German government.



June 10, 2024

When the Internet Connects to You

Researcher Sam Curry recently discovered some alarming vulnerabilities in his modem, a Cox Panoramic wifi gateway. It all started when he noticed an unknown IP address was copying his same HTTP requests.



May 20, 2024

The State of API Security 2024

We're excited to announce the release of our latest State of API Security 2024 report! With the rapid adoption of microservice-based architectures, cloud-native solutions, containerization, and AI, the API attack surface is expanding faster than ever.



April 23, 2024

APIs at the Edge of Modern Cloud Apps

The cloud might be a popular talking point, but the edge of the cloud – where APIs and distributed computing intersect – is the true unsung hero of modern cloud application development and deployment. Today, we’re going to look at APIs at the edge of modern cloud applications.



April 17, 2024

APIs and Competitive Advantage in the Travel Sector

In the travel sector, securing a competitive edge is vital. In a hyperconnected industry, where demand fluctuates, pricing is dynamic and customers have endless options, efficient and well-secured APIs can make a huge difference.



March 13, 2024

The Importance of APIs in FinTech Ecosystems

Fintech is a growing industry, and with this growth comes data. With data - and the sensitivity of the data in financial services in particular - comes the need to implement security solutions effectively at scale. Thankfully, fintech providers can turn to many readily available solutions to increase their security posture and deliver better, more secure products at scale.



February 27, 2024

Connecting the Dots: API Security for Building Modern Internet Services

The modern web is more connected than ever before. The move from monoliths to containerization and microservice-based architectures means API security is a must. In this blog, we look at what it takes to build secure modern internet services.



January 17, 2024

Disclosure: Work Application Vulnerability

FireTail CTO Riley found a web application vulnerability. He noticed when the app was open, and he had tools open, one of the requests was going to an API instead of a web application.



November 13, 2023

API Gateways: Great for Management but Not for Security

Gateways are great, but not for security. API gateways are useful when it comes to API management but they were never designed with security in mind. They can't actively monitor API traffic, they don’t see inside payloads or detect real-time manipulation. They won’t stop most API attacks.



November 2, 2023

Unsecured APIs are now a Popular Delivery Mechanism in Ransomware Attacks

As they continue to rise in use, APIs are becoming a critical attack surface for ransomware groups.



September 27, 2023

FireTail Now Available on AWS Marketplace

The addition of FireTail marks a significant milestone in our mission to provide state-of-the-art API security solutions to organizations around the world. Now, AWS customers can unleash the power of FireTail quickly, easily and confident in the knowledge that the platform integrates perfectly with their cloud environment.



September 24, 2023

Disclosure: European Shipping Company

FireTail researcher Viktor Markopoulos discovered a vulnerability in a European Shipping Company’s APIs that allowed him to download internal files without authentication.



August 30, 2023

API Days Connect Hong Kong

We were delighted to have the opportunity to present at Apidays Hong Kong this year. The hybrid event was a wonderful way to connect with some of the brightest minds in API security from all across the region and our CEO, Jeremy Snyder, took to the stage to deliver a talk entitled ‘API Security: Analysis of Breaches, Attack Vectors and Strategies.’ Watch the full presentation now…

