Cyber landscape

All
Product
All
A View from the C-Suite
All
Fintech
All
cloud security
All
AI
All
Awards
All
API economy
All
podcast
All
WAF
All
Events
All
Cybersecurity
All
Cyber landscape
All
Company
All
API security
API Security: The Overlooked Threat Now Overshadowing Cloud Misconfigurations
November 20, 2024

API Security: The Overlooked Threat Now Overshadowing Cloud Misconfigurations

The latest blog from the C-suite at FireTail attempts to answer the essential question: “Which is a bigger threat today - cloud misconfigurations or API vulnerabilities?”

Read more
Crossbarking via Chrome Extension
November 14, 2024

Crossbarking via Chrome Extension

Attackers used an attack method known as “crossbarking” via a malicious Chrome extension to inject custom code into the target’s Opera browser.

Read more
Better Off Apart
November 12, 2024

Better Off Apart

In a world of cyber risks, authorization is one of the most critical steps in an API security strategy. However, when it comes to authorization, the C-suite of FireTail believes it is better kept apart.

Read more
Microsoft Sharepoint Vulnerability Disclosure
November 11, 2024

Microsoft Sharepoint Vulnerability Disclosure

Microsoft Sharepoint recently patched vulnerabilities that highlighted the need for highly privileged user access to happen via secure APIs.

Read more
FireTail Joins Wiz Integration (WIN) Platform
October 22, 2024

FireTail Joins Wiz Integration (WIN) Platform

Technology Partnership Enables Mutual Customers to Reduce Cloud Risk and Enhance API Security.

Read more
Star Health Data Leak: The Call is Coming from Inside the House
October 16, 2024

Star Health Data Leak: The Call is Coming from Inside the House

Star Health suffered a massive data leak via API access. The personal information of millions of victims has been compromised, and worst of all, there may have been an insider who facilitated the breach.

Read more
Ecovacs Hurl Obscenities at Unsuspecting Users
October 15, 2024

Ecovacs Hurl Obscenities at Unsuspecting Users

Ecovac customers in Australia were startled when their vacuums began talking back to them, most notably using racial slurs. This was made possible through remote access and manipulation of the “smart” devices.

Read more
Hackers Exploiting Docker Swarm, Kubernetes, & SSH Servers
October 9, 2024

Hackers Exploiting Docker Swarm, Kubernetes, & SSH Servers

Researchers from DataDog recently discovered that hacker groups are targeting Docker Swarm, Kubernetes and SSH servers in one orchestrated attack using Docker API endpoint vulnerabilities.

Read more
Versa is Vulnerable
October 1, 2024

Versa is Vulnerable

Web application and service creation platforms rely on APIs for their functionality. However, one such platform, Versa Director, is vulnerable to API attacks and token theft.

Read more
New Vulnerability could allow for Remote Takeover of KIAs…
October 1, 2024

New Vulnerability could allow for Remote Takeover of KIAs…

Researchers found a new vulnerability that affects KIA systems and could allow anyone remote control over their vehicles using only a license plate.

Read more
The Problem with APIs
September 26, 2024

The Problem with APIs

APIs are everywhere and in every part of our lives. However, in recent years, attackers have been increasingly targeting APIs. So how do you secure an API, and whose responsibility is it?

Read more
Feeld Dating App API
September 20, 2024

Feeld Dating App API

APIs are used for everything, including dating apps. Feeld, a dating app targeted at multi-person relationships, recently faced an API vulnerability that exposed sensitive data, leaving users unsettled.

Read more
Escalating from Reader to Contributor in Azure API Management
September 19, 2024

Escalating from Reader to Contributor in Azure API Management

APIs can have many different types of security challenges, even those of tech giants such as Microsoft. In this blog, we’ll explore a recent vulnerability that affected Microsoft’s Azure API Management, and explore what that implies for the cloud shared responsibility model

Read more
MoveIT Breaches have Lasting Impacts on Wisconsin Medicare
September 10, 2024

MoveIT Breaches have Lasting Impacts on Wisconsin Medicare

In Wisconsin, nearly a million Medicare users’ personally identifiable information has been exposed as a result of the moveIT breaches of yester-year.

Read more
The Challenges of API Logging
August 28, 2024

The Challenges of API Logging

APIs can run almost anywhere, including any type of compute platforms and network infrastructure services on AWS. In this blog, we’ll go over the different types of compute platforms, network infrastructure services, and how they relate to your APIs and API security.

Read more
A View from The C-Suite: The New CIS API Security Guide
August 28, 2024

A View from The C-Suite: The New CIS API Security Guide

FireTail partnered with the Center for Internet Security (CIS) to create an API security community. The end result is the first draft of The CIS API Security Guide, reviewed by cybersecurity experts from around the world before its release. Read more here.

Read more
APIs and The Phantom Attack Path
July 29, 2024

APIs and The Phantom Attack Path

APIs are a shortcut to the data. They pass through quietly, creating a phantom attack path that flows through all the other layers of protection. And although cybersecurity has come a long way, there still aren’t controls to mitigate these risks.

Read more
Cloudflare’s Application Security Report
July 26, 2024

Cloudflare’s Application Security Report

Cloudflare released its latest Application Security Report, which contained some startling news. They found that nearly 7% of all web traffic is malicious. But what does this really mean?

Read more
Google Cloud Security Threat Horizons Report #10
July 23, 2024

Google Cloud Security Threat Horizons Report #10

Google Cloud Security released an updated Threat Horizons report containing information about the top security risks. Here are our notes from the report.

Read more
Life 360 Phone Number Leak
July 19, 2024

Life 360 Phone Number Leak

Location-sharing services, like much of the modern internet, are powered by APIs. Because these APIs handle personally identifiable information such as addresses, phone numbers and more, breaches in these apps can lead to serious safety issues for users everywhere.

Read more
Apache Hugegraph Under Attack
July 19, 2024

Apache Hugegraph Under Attack

With new API threats popping up every day, no one is safe from vulnerability. This is especially dangerous when it comes to large, widely used servers such as Apache HugeGraph.

Read more
Apple Leaks Location Data
July 11, 2024

Apple Leaks Location Data

Some companies position privacy as a key value proposition of their products and services. But that may not always be as true as advertised.

Read more
Cuckoo for CocoaPods
July 10, 2024

Cuckoo for CocoaPods

A researcher at EvaSec recently discovered a vulnerability in the CocoaPods ecosystem that could potentially affect an undetermined (but huge) number of web users.

Read more
New Cryptomining Campaigns Use Exposed Docker APIs
July 1, 2024

New Cryptomining Campaigns Use Exposed Docker APIs

A new type of API attack has been discovered- and it’s particularly pernicious. The target? Exposed Docker APIs. The objective? Spreading cryptojacking malware.

Read more
Google's GitHub Goof
June 17, 2024

Google's GitHub Goof

Google probably didn’t want this to happen. The tech giant accidentally posted a whole host of sensitive internal documents to GitHub that partly detailed the way the search engine ranks web pages.

Read more
Sensitive Meeting Data Left Vulnerable to Cyber Infiltration
June 13, 2024

Sensitive Meeting Data Left Vulnerable to Cyber Infiltration

Let’s talk about a recent example of an API vulnerability that was exploited to gain access to data within the German government.

Read more
When the Internet Connects to You
June 10, 2024

When the Internet Connects to You

Researcher Sam Curry recently discovered some alarming vulnerabilities in his modem, a Cox Panoramic wifi gateway. It all started when he noticed an unknown IP address was copying his same HTTP requests.

Read more
What CISOs Need to Know About API Security in 2024
June 7, 2024

What CISOs Need to Know About API Security in 2024

In this talk, Jeremy will cover key knowledge from the cybersecurity landscape for CISOs in 2024. Tune in to hear valuable insights and takeaways every CISO can apply in their own security posture today. API security is the cornerstone of strong cybersecurity for CISOs.

Read more
Home Access Control APIs Leave Users in Hot Water
May 29, 2024

Home Access Control APIs Leave Users in Hot Water

A lot of our API use happens at home, in places you might not even expect. What happens when these APIs are left vulnerable?

Read more
API Security By Design
May 21, 2024

API Security By Design

API security by design is all about breaking down how security considerations can be brought into the various stages of an APIs lifecycle and simplifying the API security process from the developers’ standpoint.

Read more
Graph API Vulnerabilities on the Rise
May 20, 2024

Graph API Vulnerabilities on the Rise

Many application developers are still grappling with the integration challenge. Microsoft’s Graph API attempts to solve this problem, however, their solution comes with its own drawbacks.

Read more
Postman Delivering Secrets
April 30, 2024

Postman Delivering Secrets

In February of 2021, Postman launched a public API platform where developers could collaborate to build software. Now in 2024, Postman has the largest collection of public APIs. Naturally, this makes it a prime target for attackers.

Read more
APIs and Competitive Advantage in the Travel Sector
April 17, 2024

APIs and Competitive Advantage in the Travel Sector

In the travel sector, securing a competitive edge is vital. In a hyperconnected industry, where demand fluctuates, pricing is dynamic and customers have endless options, efficient and well-secured APIs can make a huge difference.

Read more
Revisiting Cambridge Analytica in 2024
April 11, 2024

Revisiting Cambridge Analytica in 2024

The Cambridge Analytica Data Scandal led to the collapse of the company, court cases and massive fines for Meta. It highlighted the massive impact that technology was having on society, politics and democracy. Now, almost a decade later, we take a look at how a poorly configured API started it all.

Read more
API Security in an Era of Open Banking
February 29, 2024

API Security in an Era of Open Banking

Open Banking can best be thought of as a “microservices” approach to banking. It's a powerful concept that enables porting from service to service, and allows consumers to integrate this data with other providers. APIs are at the core and effective API security is a must.

Read more
They Fought the Law (And The Law Won) - API Security, Regulatory Compliance, And Avoiding Massive Fines
February 29, 2024

They Fought the Law (And The Law Won) - API Security, Regulatory Compliance, And Avoiding Massive Fines

The reality is that failing to invest in a proven API security posture might save you dollars in the short-term, but can cost millions in the long-term. We take a look at how increasing regulatory oversight is leading to massive fines.

Read more
Connecting the Dots: API Security for Building Modern Internet Services
February 27, 2024

Connecting the Dots: API Security for Building Modern Internet Services

The modern web is more connected than ever before. The move from monoliths to containerization and microservice-based architectures means API security is a must. In this blog, we look at what it takes to build secure modern internet services.

Read more
There's No AI Without APIs
February 19, 2024

There's No AI Without APIs

Everybody is talking about AI right now. It's the hottest topic in tech. But few people are talking about the APIs that underpin these AI platforms. Here we look at why effective API security is a must for any organization who wants to harness the power of AI.

Read more
Leaky Spoutible API Exposes User Data: What Went Wrong?
February 8, 2024

Leaky Spoutible API Exposes User Data: What Went Wrong?

At FireTail, we usually say that two or more things need to go wrong in order for attackers to be successful. So what went wrong with Spoutible's leaky API? Basically, everything.

Read more
API Security in Serverless Computing: Risks and Mitigations
January 18, 2024

API Security in Serverless Computing: Risks and Mitigations

Few technologies have become as ubiquitous in as short a timeframe as serverless computing. Serverless offers both benefits and downsides to API security. However, with proper knowledge of the best practices, we can reap these benefits while mitigating the threats.

Read more
Disclosure: Work Application Vulnerability
January 17, 2024

Disclosure: Work Application Vulnerability

FireTail CTO Riley found a web application vulnerability. He noticed when the app was open, and he had tools open, one of the requests was going to an API instead of a web application.

Read more
The worst API ever?
December 22, 2023

The worst API ever?

As we approach the end of the year, it's often the case that we look back and chat with colleagues about the highs and lows of the last twelve months. One such friend recently shared a story with us about the worst API they found in the wild during 2023. Could this be the worst API ever?

Read more
Webinar: The Cyber Landscape Outlook 2024
December 19, 2023

Webinar: The Cyber Landscape Outlook 2024

FireTail CEO Jeremy Snyder hosts an insightful discussion with a panel of cybersecurity experts. Mikko Hypponen, Sounil Yu and Ted Julian shared their thoughts on the emerging threats and cybersecurity trends likely to shape the next 12 months.

Read more
Disclosure: Remote Data Service
December 18, 2023

Disclosure: Remote Data Service

Various APIs belonging to a data service are leaking their Git repositories, at a backend API which contain the APIs' source code.

Read more
FireTail Advisory Board Welcomes Mikko Hypponen and Sounil Yu
November 16, 2023

FireTail Advisory Board Welcomes Mikko Hypponen and Sounil Yu

We are delighted to welcome two outstanding individuals to our advisory board – Mikko Hypponen and Sounil Yu. These new additions bring unparalleled expertise and strategic insights that will drive continued innovation and address the evolving API security needs of today's leading organizations.

Read more
Getting Personal: CISOs in the Crosshairs as API Breaches Surge
November 16, 2023

Getting Personal: CISOs in the Crosshairs as API Breaches Surge

With an ever-changing threat landscape, increased regulatory oversight and a desire among authorities to hold individual executives accountable for data breaches, these are tough times for CISOs. And as APIs become the attack vector of choice for bad actors, it’s more important than ever to prioritize effective API security at your organization.

Read more
Disclosure: Financial Application
November 16, 2023

Disclosure: Financial Application

Unauthorized users could gain access to sensitive financial information via an application's API using the data leaked via Github.

Read more
Behavioral Analysis & API Security: After the Fact and Behind the Curve
November 13, 2023

Behavioral Analysis & API Security: After the Fact and Behind the Curve

API security solutions focused on ML/AI pattern recognition analyze behavior ‘out-of-band’ to identify anomalies, reporting issues after the fact. Prone to false positives, this approach also means attackers will have some success before you learn from it. That’s not acceptable.

Read more
OpenAI Updates Will Open API Floodgates
November 10, 2023

OpenAI Updates Will Open API Floodgates

Recently announced OpenAI changes mean users will be able to call any API. That’s great for business and the economy but a potential headache for security teams.

Read more
Unsecured APIs are now a Popular Delivery Mechanism in Ransomware Attacks
November 2, 2023

Unsecured APIs are now a Popular Delivery Mechanism in Ransomware Attacks

As they continue to rise in use, APIs are becoming a critical attack surface for ransomware groups.

Read more
Web Application Firewalls & API Security: Why WAFs Always Fall Short
October 4, 2023

Web Application Firewalls & API Security: Why WAFs Always Fall Short

While Web Application Firewalls, or WAFs, are often touted as a go-to solution for web app security, they frequently fall short – and in many cases, offer little more than an artificial sense of protection that is not backed by actual protection. But why isn’t a WAF good enough? Where do they fall short, and what is the better alternative? Let’s dive a bit deeper.

Read more
FireTail Joins European Cyber Security Organisation
October 2, 2023

FireTail Joins European Cyber Security Organisation

Since 2016, ECSO has been leading the way in European cybersecurity, building upon the foundation left behind by the Public-Private Partnership in Cybersecurity (cPPP). At FireTail, we are excited to be a part of this journey to bring even greater innovation to the European Cybersecurity landscape.

Read more
Disclosure: European Shipping Company
September 24, 2023

Disclosure: European Shipping Company

FireTail researcher Viktor Markopoulos discovered a vulnerability in a European Shipping Company’s APIs that allowed him to download internal files without authentication.

Read more
The Complex Connections between Generative AI and API Security
September 14, 2023

The Complex Connections between Generative AI and API Security

APIs and Artificial Intelligence are two of the most important developments in tech of the last 10 years. In this post, we look at the dual impacts that connect these two hot topics that make our online worlds work.

Read more
Unlimited airline miles courtesy of Points.com’s insecure APIs
September 6, 2023

Unlimited airline miles courtesy of Points.com’s insecure APIs

Poorly secured APIs at Points.com resulted in serious vulnerabilities that could have exposed the loyalty programs of some of the world’s best-known airlines and hospitality brands.

Read more
CYFIRMA & FireTail: Working Together for Complete Visibility and Robust API Security
September 1, 2023

CYFIRMA & FireTail: Working Together for Complete Visibility and Robust API Security

FireTail is proud to announce our partnership with CYFIRMA, a leading provider of external threat management solutions.

Read more
Moovit API Vulnerability - letting attackers move free of charge
September 1, 2023

Moovit API Vulnerability - letting attackers move free of charge

During Defcon, a security researcher presented his findings from assessing a global transportation system, leveraging APIs.

Read more
moveIT - a series of breaches, all enabled by APIs
August 25, 2023

moveIT - a series of breaches, all enabled by APIs

A file transfer software called moveIT experienced a vulnerability starting in mid-2023 that created a mass breach across many organizations and geographies. The breach is started by injection against an API administrative endpoint, and data is exfiltrated via administrative API calls.

Read more
Disclosure: Fast Food Delivery Service
August 7, 2023

Disclosure: Fast Food Delivery Service

An unauthenticated API belonging to a fast food company exposed receipts from all of its stores in India.

Read more
FireTail at InfoSecurity Europe 2023 - APIs: The attack vector that connects us all...and where traditional security fails
June 27, 2023

FireTail at InfoSecurity Europe 2023 - APIs: The attack vector that connects us all...and where traditional security fails

FireTail founder Jeremy Snyder discussed API security, some traditional approaches to cybersecurity, and why the two just don't work together as well as you might think.

Read more
FireTail at API Days Helsinki 2023 - Learning from Outliers
June 12, 2023

FireTail at API Days Helsinki 2023 - Learning from Outliers

FireTail founder Jeremy Snyder discussed what we can learn about API security from Malcolm Gladwell's 'Outliers'

Read more
FireTail at API Days New York City 2023 - A decade of API breaches, courtesy of application logic flaws
May 24, 2023

FireTail at API Days New York City 2023 - A decade of API breaches, courtesy of application logic flaws

FireTail founder Jeremy Snyder discussed FireTail's research into API security incidents and data breaches at API Days New York City.

Read more
FireTail at UK Cyberweek 2023 - API security
April 11, 2023

FireTail at UK Cyberweek 2023 - API security

FireTail founder Jeremy Snyder discussed API security to a standing-room-only crowd at UK Cyberweek in London in April 2023.

Read more
FireTail at APISecure 2023 - Learning from a decade of API breaches
March 21, 2023

FireTail at APISecure 2023 - Learning from a decade of API breaches

FireTail founder Jeremy Snyder presented at APISecure 2023; Learning from a decade of API breaches and why application-centric security is the right path

Read more
FireTail’s 2022 Review on Macro, Industry, and Thoughts About What’s Next
January 11, 2023

FireTail’s 2022 Review on Macro, Industry, and Thoughts About What’s Next

FireTail founder and CEO shares some thoughts on 2022 and what's ahead for 2023.

Read more

This site uses cookies

By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Got it!