Monthly API security breaches occurred in the organizations of 20% of developers and API professionals, even though 51% noted that over half of the development efforts of their organizations have been directed toward APIs, VentureBeat reports.
Elevated API security incidence noted in the Postman study should prompt organizations to bolster API identification and security efforts. Inadequately protected shadow or published APIs may be causing more frequent API security incidents among some companies, which may also have more legacy systems and a lacking understanding of the API landscape, according to Postman CEO Abhinav Asthana.
Asthana added that increasing mobile app prevalence has also emphasized the importance of increased API transparency and visibility.
"Many mobile apps have a number of backend APIs used to support it and they are often overlooked. Attackers have been abusing these backend mobile APIs for quite some time because they are often not secured and provide much more valuable content. You cant protect what you dont know about," said Asthana.
As companies migrate to the cloud, the industry needs a new way to manage data and network security, but security analysts warn that only the most well-heeled enterprises can afford the new zero-trust open approach Oracle touts.
Operators of the Bumblebee malware loader have launched a new campaign involving the exploitation of 4shared Web Distributed Authoring and Versioning services following a two-month hiatus, according to BleepingComputer.
Infrequently used Amazon Web Services products AWS Fargate, AWS Amplify, and Amazon SageMaker, have been targeted by the new Indonesian cloud-native cryptojacking operation AMBERSQUID for cryptomining activities, according to The Hacker News.