CEO Amiram Shachar noted that these tools help identify anomalies in API traffic and build baselines that allow organizations to customize security policies.
Nearly 50 online merchants have already been compromised in intrusions exploiting Stripe's legacy application programming interface "api.stripe[.]com/v1/sources" for payment data validation part of an advanced web skimmer campaign that has been underway since August, according to The Hacker News.
TechCrunch reports that APIsec, an API security testing company, had its customers' data and other sensitive information dating back to 2018 inadvertently exposed by a misconfigured internal database, which was immediately secured upon the identification of UpGuard researchers earlier last month.
We get a visit from Tanya Janca to discuss her latest book, Alice and Bob Learn Secure Coding!
Segment Resources:
Tanya's latest book on Amazon
Tanya's previous book, Alice and Bob Learn Application Security on Amazon
Tanya's website, She Hacks Purple
Investigation into the incident, which was initially detected on Dec. 2, revealed that threat actors leveraged a Remote Support SaaS API key to conduct local app account password resets.
