Starbucks Internal API Proxy Bypass Exploit
Starbucks Internal API Proxy Bypass Exploit What is it? Find out how to detect and protect against future exploits like it.
api-breach
How a Trusted Client Hides API Vulnerability?
How a Trusted Client Hides API Vulnerability? A Case for Service Side Monitoring/Testing A critical vulnerability in Apple “Sign Me In” feature was reported last week (Reference) that would allow a bad actor to first login through the Apple Client using their own credentials, then abuse the same login session to request a JSON Web …
Data Leaks When API Services Miscommunicate
Data Leaks When API Services Miscommunicate How Monitoring All Call Traces Can Detect and Prevent Data Exfiltration Findadoctor.com Data Leakage It was reported that information about 1.4 million US doctors was leaked (https://apisecurity.io/issue-79-1-4-million-doctor-records-scraped-using-api/) when bad actors appear to have taken advantage of a GitLab file upload vulnerability (https://about.gitlab.com/blog/2020/03/30/how-to-exploit-parser-differentials/). The technical details of the vulnerability are …
Digging Deep to Defend Against Docker API Abuse
Digging Deep to Defend Against Docker API Abuse Another day, another API breach adds to the growing chorus against API vulnerabilities. The attack we speak about this time is targeting publicly exposed Docker APIs, leveraging the victim infrastructure for illegitimate cryptocurrency mining. Way to ruin Thanksgiving for Docker Admins, I say! In this blog, we …
Time to Think Beyond Access: 3 Lessons from Capital One Data Breach
Time to Think Beyond Access: 3 Lessons from Capital One Data Breach On July 19, 2019, Capital One determined that an outside individual gained unauthorized access and obtained certain types of personal information about Capital One credit card customers. That week the internet was abuzz with the information related to Capital One Data Breach. Around …
Time to Think Beyond Access: 3 Lessons from Capital One Data Breach Read More »
What Went Down At USPS Data Breach? Only CloudVector Could Have Prevented
What Went Down At USPS Data Breach? Only CloudVector Could Have Prevented A Data Exposure flaw at the United States Postal Service (USPS) website was disclosed last week by Brain Krebs from KrebsonSecurity. The flaw was identified in the APIs exposed by a web component on the USPS website and potentially exposed data from 60 Million users. …
What Went Down At USPS Data Breach? Only CloudVector Could Have Prevented Read More »
A Case For Securing API Actions. What Words Of Wisdom Two Thousand Years Ago Can Teach Us About APP Security
A Case For Securing API Actions. What Words Of Wisdom Two Thousand Years Ago Can Teach Us About APP Security Confucius taught us more than 2000 years ago: “Listen to his claims, but watch his actions.” Things are not what they claim to be. Such words of wisdom speak volume in light of the most …
Toppling The App Jenga Tower – Pulling The API Parameter Piece
Toppling The App Jenga Tower – Pulling The API Parameter Pieceext Here All of us have seen Jenga, Topple the Tower game. Today’s enterprise applications very much resemble the tower with a myriad of services and their instances each glued together by APIs much like the wooden blocks. Un-aware to the enterprise is the fact that …
Toppling The App Jenga Tower – Pulling The API Parameter Piece Read More »
