Cyber Review 2024 - Join Jeremy Snyder & Mikko Hypponen for a look at the key developments in cybersecurity this year.
Many security teams are still not aware of all the APIs in their landscape. Read the latest blog from FireTail to learn about the importance of API discovery and how you can discover all the APIs in your landscape today.
This blog post will answer questions such as: But where do APIs live? And how do they interact? What languages do they use?
Attackers used an attack method known as “crossbarking” via a malicious Chrome extension to inject custom code into the target’s Opera browser.
Microsoft Sharepoint recently patched vulnerabilities that highlighted the need for highly privileged user access to happen via secure APIs.
The latest update to FireTail’s platform introduces enhanced logging capabilities for API Gateway V1, offering detailed insights into request and response data, including headers, bodies, and additional metrics.
Technology Partnership Enables Mutual Customers to Reduce Cloud Risk and Enhance API Security.
Granicus, a platform offering government solutions including an efiling platform called eUniversa, was recently discovered to be vulnerable to outside attack.
Star Health suffered a massive data leak via API access. The personal information of millions of victims has been compromised, and worst of all, there may have been an insider who facilitated the breach.
Ecovac customers in Australia were startled when their vacuums began talking back to them, most notably using racial slurs. This was made possible through remote access and manipulation of the “smart” devices.
Researchers from DataDog recently discovered that hacker groups are targeting Docker Swarm, Kubernetes and SSH servers in one orchestrated attack using Docker API endpoint vulnerabilities.
Web application and service creation platforms rely on APIs for their functionality. However, one such platform, Versa Director, is vulnerable to API attacks and token theft.
Researchers found a new vulnerability that affects KIA systems and could allow anyone remote control over their vehicles using only a license plate.
APIs are used for everything, including dating apps. Feeld, a dating app targeted at multi-person relationships, recently faced an API vulnerability that exposed sensitive data, leaving users unsettled.
APIs can have many different types of security challenges, even those of tech giants such as Microsoft. In this blog, we’ll explore a recent vulnerability that affected Microsoft’s Azure API Management, and explore what that implies for the cloud shared responsibility model
In Wisconsin, nearly a million Medicare users’ personally identifiable information has been exposed as a result of the moveIT breaches of yester-year.
We are thrilled to announce that FireTail has been selected to compete in TechCrunch Disrupt’s prestigious Startup Battlefield 2024! Being part of this prestigious event is an honor and testament to the hard work our team has put into building a cutting-edge API security platform.
APIs can run almost anywhere, including any type of compute platforms and network infrastructure services on AWS. In this blog, we’ll go over the different types of compute platforms, network infrastructure services, and how they relate to your APIs and API security.
There is also a massive lack of awareness around APIs and API endpoints. Many developers buy 3rd party software packages without realizing that they contain a variety of APIs with their own unique vulnerabilities.
Cloudflare released its latest Application Security Report, which contained some startling news. They found that nearly 7% of all web traffic is malicious. But what does this really mean?
Google Cloud Security released an updated Threat Horizons report containing information about the top security risks. Here are our notes from the report.
Location-sharing services, like much of the modern internet, are powered by APIs. Because these APIs handle personally identifiable information such as addresses, phone numbers and more, breaches in these apps can lead to serious safety issues for users everywhere.
With new API threats popping up every day, no one is safe from vulnerability. This is especially dangerous when it comes to large, widely used servers such as Apache HugeGraph.
Some companies position privacy as a key value proposition of their products and services. But that may not always be as true as advertised.
A researcher at EvaSec recently discovered a vulnerability in the CocoaPods ecosystem that could potentially affect an undetermined (but huge) number of web users.
What happens when the system designed to authenticate you to your online accounts is vulnerable itself? Threat actors recently verified phone numbers for millions of Authy users via an unsecured API endpoint.
A new type of API attack has been discovered- and it’s particularly pernicious. The target? Exposed Docker APIs. The objective? Spreading cryptojacking malware.
Google probably didn’t want this to happen. The tech giant accidentally posted a whole host of sensitive internal documents to GitHub that partly detailed the way the search engine ranks web pages.
Let’s talk about a recent example of an API vulnerability that was exploited to gain access to data within the German government.
Researcher Sam Curry recently discovered some alarming vulnerabilities in his modem, a Cox Panoramic wifi gateway. It all started when he noticed an unknown IP address was copying his same HTTP requests.
In this talk, Jeremy will cover key knowledge from the cybersecurity landscape for CISOs in 2024. Tune in to hear valuable insights and takeaways every CISO can apply in their own security posture today. API security is the cornerstone of strong cybersecurity for CISOs.
A lot of our API use happens at home, in places you might not even expect. What happens when these APIs are left vulnerable?
Many companies use Fluent Bit, or tools built on top of the underlying fluentd package, for tracking performance, observability and system events, and create metrics and monitoring alerts. However recently, a new vulnerability has come to light on the platform.
In February of 2021, Postman launched a public API platform where developers could collaborate to build software. Now in 2024, Postman has the largest collection of public APIs. Naturally, this makes it a prime target for attackers.
The Cambridge Analytica Data Scandal led to the collapse of the company, court cases and massive fines for Meta. It highlighted the massive impact that technology was having on society, politics and democracy. Now, almost a decade later, we take a look at how a poorly configured API started it all.
FireTail CEO Jeremy Snyder sits down with Philip Rees, CTO at Tidal Cloud to discuss the reasons, roadblocks and rewards of cloud migration as well as how Tidal Cloud uses FireTail to protect its API inventory.
FireTail CTO Riley found a web application vulnerability. He noticed when the app was open, and he had tools open, one of the requests was going to an API instead of a web application.
Apidays Paris 2023 was a wonderful event for cybersecurity professionals of all kinds and anyone interest in the power of APIs. Our co-founder and CEO Jeremy Snyder gave a talk that dove into the complex new challenges in API security, including how to bridge the gap between developers and security teams.
FireTail CEO Jeremy Snyder hosts an insightful discussion with a panel of cybersecurity experts. Mikko Hypponen, Sounil Yu and Ted Julian shared their thoughts on the emerging threats and cybersecurity trends likely to shape the next 12 months.
Various APIs belonging to a data service are leaking their Git repositories, at a backend API which contain the APIs' source code.
Unauthorized users could gain access to sensitive financial information via an application's API using the data leaked via Github.
SecOps Vision for 2024, powered by Techstrong Learn, gave industry professionals the opportunity to connect and share security strategies. FireTail CEO, Jeremy Snyder, was pleased to provide the assembled audience with insights into the importance of API security at the intersection of cloud and application security.
FireTail researcher Viktor Markopoulos discovered a vulnerability in a European Shipping Company’s APIs that allowed him to download internal files without authentication.
We were delighted to have the opportunity to present at Apidays Hong Kong this year. The hybrid event was a wonderful way to connect with some of the brightest minds in API security from all across the region and our CEO, Jeremy Snyder, took to the stage to deliver a talk entitled ‘API Security: Analysis of Breaches, Attack Vectors and Strategies.’ Watch the full presentation now…
An unauthenticated API belonging to a fast food company exposed receipts from all of its stores in India.
APIs facilitate smooth data exchange and streamline the user experience. However, developers' growing reliance on APIs has caused a rise in API cyber threats. Threats to API security can cause devastating consequences, including sensitive data breaches.
By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
%20%5BRecovered%5D.png)
%20%5BRecovered%5D.png)
.jpg)