API security
cloud security
API economy
Cyber landscape
Cybersecurity
June 13, 2024

Sensitive Meeting Data Left Vulnerable to Cyber Infiltration

Let’s talk about a recent example of an API vulnerability that was exploited to gain access to data within the German government.

Sensitive Meeting Data Left Vulnerable to Cyber Infiltration

Recently we published our State of API security 2024 report, and in it, we highlighted a new API attack vector - APIs shipped with 3rd party COTS (commercial off-the-shelf) software.

Let’s talk about a recent example of an API vulnerability that was exploited to gain access to data within the German government. The German government had implemented Cisco’s Webex conference software and were using the on-premises version of Webex to store data so it would stay within Germany. 

But in early May of this year, outside researchers discovered an IDOR/BOLA vulnerability that could have been exploited to access information about the times and dates of calls, as well as official’s names and personal meeting rooms, et cetera. A few months prior, Russia had published one of their meeting recordings held on the Webex platform, however, it has not been confirmed whether the incidents were connected.

The German government has since blocked access and stopped using Webex, but the incident has left many customers questioning the platform. As for Cisco’s Webex, they have responded with a security advisory in which they state that they are continuing to investigate vulnerabilities to strengthen their cybersecurity and avoid future vulnerabilities.

However, this incident serves to highlight how APIs present direct data access across modern software platforms. 

When customers install third-party software nowadays, they often overlook the fact that this software is shipped with APIs, whether the customer knows it or not. For the German government, this meant that even their on-premises recordings  sat behind APIs with vulnerabilities they were unprepared for. Customers are usually blind to these risks and don’t test or monitor these 3rd-party-provided APIs.

No one is exempt from cybersecurity risks and incidents. In an increasingly risk-filled landscape, API security is more important than ever.

Want to learn more about API security, or see how you can strengthen your API security posture? Schedule a free, 30-minute demo with FireTail today.

Lina Romero

Related posts

Star Health Data Leak: The Call is Coming from Inside the House
October 16, 2024

Star Health Data Leak: The Call is Coming from Inside the House

Star Health suffered a massive data leak via API access. The personal information of millions of victims has been compromised, and worst of all, there may have been an insider who facilitated the breach.

Read more
Ecovacs Hurl Obscenities at Unsuspecting Users
October 15, 2024

Ecovacs Hurl Obscenities at Unsuspecting Users

Ecovac customers in Australia were startled when their vacuums began talking back to them, most notably using racial slurs. This was made possible through remote access and manipulation of the “smart” devices.

Read more
Hackers Exploiting Docker Swarm, Kubernetes, & SSH Servers
October 9, 2024

Hackers Exploiting Docker Swarm, Kubernetes, & SSH Servers

Researchers from DataDog recently discovered that hacker groups are targeting Docker Swarm, Kubernetes and SSH servers in one orchestrated attack using Docker API endpoint vulnerabilities.

Read more

This site uses cookies

By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Got it!