cloud security

November 20, 2024

API Security: The Overlooked Threat Now Overshadowing Cloud Misconfigurations

The latest blog from the C-suite at FireTail attempts to answer the essential question: “Which is a bigger threat today - cloud misconfigurations or API vulnerabilities?”



November 12, 2024

Better Off Apart

In a world of cyber risks, authorization is one of the most critical steps in an API security strategy. However, when it comes to authorization, the C-suite of FireTail believes it is better kept apart.



October 16, 2024

Disclosure: Multiple Vulnerabilities in Granicus eFiling Platform

Granicus, a platform offering government solutions including an efiling platform called eUniversa, was recently discovered to be vulnerable to outside attack.



October 16, 2024

Star Health Data Leak: The Call is Coming from Inside the House

Star Health suffered a massive data leak via API access. The personal information of millions of victims has been compromised, and worst of all, there may have been an insider who facilitated the breach.



October 15, 2024

Ecovacs Hurl Obscenities at Unsuspecting Users

Ecovac customers in Australia were startled when their vacuums began talking back to them, most notably using racial slurs. This was made possible through remote access and manipulation of the “smart” devices.



October 9, 2024

Hackers Exploiting Docker Swarm, Kubernetes, & SSH Servers

Researchers from DataDog recently discovered that hacker groups are targeting Docker Swarm, Kubernetes and SSH servers in one orchestrated attack using Docker API endpoint vulnerabilities.



October 1, 2024

Versa is Vulnerable

Web application and service creation platforms rely on APIs for their functionality. However, one such platform, Versa Director, is vulnerable to API attacks and token theft.



October 1, 2024

New Vulnerability could allow for Remote Takeover of KIAs…

Researchers found a new vulnerability that affects KIA systems and could allow anyone remote control over their vehicles using only a license plate.



September 26, 2024

The Problem with APIs

APIs are everywhere and in every part of our lives. However, in recent years, attackers have been increasingly targeting APIs. So how do you secure an API, and whose responsibility is it?



September 20, 2024

Feeld Dating App API

APIs are used for everything, including dating apps. Feeld, a dating app targeted at multi-person relationships, recently faced an API vulnerability that exposed sensitive data, leaving users unsettled.



September 19, 2024

Escalating from Reader to Contributor in Azure API Management

APIs can have many different types of security challenges, even those of tech giants such as Microsoft. In this blog, we’ll explore a recent vulnerability that affected Microsoft’s Azure API Management, and explore what that implies for the cloud shared responsibility model



September 10, 2024

MoveIT Breaches have Lasting Impacts on Wisconsin Medicare

In Wisconsin, nearly a million Medicare users’ personally identifiable information has been exposed as a result of the moveIT breaches of yester-year.



September 10, 2024

FireTail Selected for TechCrunch Disrupt’s Startup Battlefield 2024

We are thrilled to announce that FireTail has been selected to compete in TechCrunch Disrupt’s prestigious Startup Battlefield 2024! Being part of this prestigious event is an honor and testament to the hard work our team has put into building a cutting-edge API security platform.



August 28, 2024

The Challenges of API Logging

APIs can run almost anywhere, including any type of compute platforms and network infrastructure services on AWS. In this blog, we’ll go over the different types of compute platforms, network infrastructure services, and how they relate to your APIs and API security.



August 28, 2024

A View from The C-Suite: The New CIS API Security Guide

FireTail partnered with the Center for Internet Security (CIS) to create an API security community. The end result is the first draft of The CIS API Security Guide, reviewed by cybersecurity experts from around the world before its release. Read more here.



August 2, 2024

Selenium Grid Target of Malware Attack

There is also a massive lack of awareness around APIs and API endpoints. Many developers buy 3rd party software packages without realizing that they contain a variety of APIs with their own unique vulnerabilities.



July 29, 2024

APIs and The Phantom Attack Path

APIs are a shortcut to the data. They pass through quietly, creating a phantom attack path that flows through all the other layers of protection. And although cybersecurity has come a long way, there still aren’t controls to mitigate these risks.



July 26, 2024

Cloudflare’s Application Security Report

Cloudflare released its latest Application Security Report, which contained some startling news. They found that nearly 7% of all web traffic is malicious. But what does this really mean?



July 23, 2024

Google Cloud Security Threat Horizons Report #10

Google Cloud Security released an updated Threat Horizons report containing information about the top security risks. Here are our notes from the report.



July 19, 2024

Life 360 Phone Number Leak

Location-sharing services, like much of the modern internet, are powered by APIs. Because these APIs handle personally identifiable information such as addresses, phone numbers and more, breaches in these apps can lead to serious safety issues for users everywhere.



July 19, 2024

Apache Hugegraph Under Attack

With new API threats popping up every day, no one is safe from vulnerability. This is especially dangerous when it comes to large, widely used servers such as Apache HugeGraph.



July 11, 2024

Apple Leaks Location Data

Some companies position privacy as a key value proposition of their products and services. But that may not always be as true as advertised.



July 10, 2024

Cuckoo for CocoaPods

A researcher at EvaSec recently discovered a vulnerability in the CocoaPods ecosystem that could potentially affect an undetermined (but huge) number of web users.



July 1, 2024

New Cryptomining Campaigns Use Exposed Docker APIs

A new type of API attack has been discovered- and it’s particularly pernicious. The target? Exposed Docker APIs. The objective? Spreading cryptojacking malware.



June 28, 2024

FireTail Using FireTail- Eating Our Own Dog Food

When Jeremy and I founded FireTail in 2022, our mission was to improve API security for everyone. And that included ourselves.



June 17, 2024

Google's GitHub Goof

Google probably didn’t want this to happen. The tech giant accidentally posted a whole host of sensitive internal documents to GitHub that partly detailed the way the search engine ranks web pages.



June 13, 2024

Sensitive Meeting Data Left Vulnerable to Cyber Infiltration

Let’s talk about a recent example of an API vulnerability that was exploited to gain access to data within the German government.



June 10, 2024

When the Internet Connects to You

Researcher Sam Curry recently discovered some alarming vulnerabilities in his modem, a Cox Panoramic wifi gateway. It all started when he noticed an unknown IP address was copying his same HTTP requests.



June 7, 2024

What CISOs Need to Know About API Security in 2024

In this talk, Jeremy will cover key knowledge from the cybersecurity landscape for CISOs in 2024. Tune in to hear valuable insights and takeaways every CISO can apply in their own security posture today. API security is the cornerstone of strong cybersecurity for CISOs.



May 29, 2024

Home Access Control APIs Leave Users in Hot Water

A lot of our API use happens at home, in places you might not even expect. What happens when these APIs are left vulnerable?



May 23, 2024

Vulnerabilities found in Fluent Bit Logging Tool API

Many companies use Fluent Bit, or tools built on top of the underlying fluentd package, for tracking performance, observability and system events, and create metrics and monitoring alerts. However recently, a new vulnerability has come to light on the platform.



May 21, 2024

API Security By Design

API security by design is all about breaking down how security considerations can be brought into the various stages of an APIs lifecycle and simplifying the API security process from the developers’ standpoint.



May 20, 2024

Graph API Vulnerabilities on the Rise

Many application developers are still grappling with the integration challenge. Microsoft’s Graph API attempts to solve this problem, however, their solution comes with its own drawbacks.



April 11, 2024

Revisiting Cambridge Analytica in 2024

The Cambridge Analytica Data Scandal led to the collapse of the company, court cases and massive fines for Meta. It highlighted the massive impact that technology was having on society, politics and democracy. Now, almost a decade later, we take a look at how a poorly configured API started it all.



April 5, 2024

I was Wrong about Endpoint Security

Based on trends in changing compute architectures, it seemed logical that Endpoint Detection and Response companies would shrink their overall install base. Instead, EDR has evolved into Extended Detection and Response.



March 1, 2024

An Update on the Evolution of Cloud Security

FireTail CEO, Jeremy Snyder, explores the evolution of cloud security and where we are at in 2024. Examining breaches like CapitalOne and identifying where breaches occur based on his 4 quadrant model, Jeremy looks at Platformization and how the need for end-to-end API security is more pronounced than ever.



January 17, 2024

Disclosure: Work Application Vulnerability

FireTail CTO Riley found a web application vulnerability. He noticed when the app was open, and he had tools open, one of the requests was going to an API instead of a web application.



December 18, 2023

Disclosure: Remote Data Service

Various APIs belonging to a data service are leaking their Git repositories, at a backend API which contain the APIs' source code.



November 16, 2023

Disclosure: Financial Application

Unauthorized users could gain access to sensitive financial information via an application's API using the data leaked via Github.



September 24, 2023

Disclosure: European Shipping Company

FireTail researcher Viktor Markopoulos discovered a vulnerability in a European Shipping Company’s APIs that allowed him to download internal files without authentication.



August 7, 2023

Disclosure: Fast Food Delivery Service

An unauthenticated API belonging to a fast food company exposed receipts from all of its stores in India.

