iNews Vol - 155
?#CMOInsights
The hidden dangers of unsecured APIs
APIs constitute the essential connective tissue for the digital world we've built. They comprise over half (57%) of dynamic internet traffic, making them a prime target for cyberattacks.
The Indian Computer Emergency Response Team (CERT-IN) found that an exponential growth in API calls has led to an aggressive increase in API abuse in India. Recent reports indicate that improperly secured APIs were to blame for 45% of cloud-based security incidents last year.
Why have APIs become such an attractive target?
?
In the last year, API security has encountered difficulties in 5 critical areas:
?
High-profile breaches at Dropbox, Zendesk, and X (formerly Twitter) have made the industry look deeper into APIs and develop a robust API security strategy.
?
For CISOs, this means implementing a comprehensive API security strategy. Ask yourself:
?
With APIs powering everything from mobile apps to cloud infrastructure, securing them must be a top priority. Even properly designed APIs can be vulnerable to sophisticated attacks. While hackers' favoured techniques are well-known, pinpointing their next strike is extremely difficult.
?
Apart from upskilling and having dedicated APU security solutions, CISOs must look at fostering a culture of “security by design”. Such a culture requires top-down and bottom-up management approaches – making each individual responsible and accountable for cybersecurity.
?
You can read more about API Security in ALM from our latest blog: https://ivaluegroup.com/en-in/resources/blogs/the-importance-of-api-security-in-alm/
?
Here is the news for this week:
Here is how much Indians lost to cyber frauds between Jan and Apr of 2024
Between January and April 2024, Indian citizens suffered losses exceeding Rs 1,750 crore due to cybercriminal activities.
领英推荐
EU data protection board says ChatGPT still not meeting data accuracy standards
OpenAI's efforts to produce less factually false output from its ChatGPT chatbot are not enough to ensure full compliance with European Union data rules, a task force at the EU's privacy watchdog said.
Cybercrime surge in India: Over 7,000 daily complaints in 2024, key locations identified in Southeast Asia
India is grappling with a significant surge in cybercrime, registering an average of more than 7,000 complaints per day up to May this year so far.
CERT-In finds multiple vulnerabilities in Cisco products, advises users to update
The Indian Computer Emergency Response Team (CERT-In), which comes under the Ministry of Electronics & Information Technology, has issued an advisory over two serious vulnerabilities in networking giant Cisco products that could allow attackers to elevate privileges to root on the underlying operating system.
Hackers phish finance orgs using trojanized Minesweeper clone
Hackers are utilizing code from a Python clone of Microsoft's venerable Minesweeper game to hide malicious scripts in attacks on European and US financial organizations.
Moroccan cybercrime group impersonates nonprofits and abuses cloud services to rake in gift card cash
Microsoft researchers say the group, tracked as Storm-0539 or Atlas Lion, targets employees with major U.S. retailers who control gift card operations.
MIT Brothers Charged With Exploiting Ethereum to Steal $25 Million
The two MIT graduates discovered a flaw in a common trading tool for the Ethereum blockchain. Does it presage problems ahead for cryptocurrency?
The Blackbasta extortion group claims to have hacked Atlas, one of the largest national distributors of fuel in the United States.
The gang claims to have stolen 730GB of data from ATLAS, including Corporate data: Accounts, HR, Finance, Executive, department data, and users and employees’ data.