This week Confidence Staveley joined RSAC as a guest speaker for a webcast on API governance. She delivered the session live from her API Kitchen. But Confidence wasn’t the only one talking about security issues in cloud-native architectures.
API Threats and Vulnerabilities
Wallarm, an API security company, published a 2023 API ThreatStats report highlighting the top API security threats impacting organizations. And, according to CIO News, wide adoption of cloud computing has driven the growth of the cloud API market, but, “cloud API security issues hamper growth to a certain extent.” The sentiment was echoed in blog post penned by Impart Security, in which the author wrote about API security that, “Teams know they need a solution, [and security] teams are starting to realize that the solutions that they’ve implemented over the past few years aren’t solving their problems.”
The threat actors dubbed Kinsing made headlines this week when researchers discovered they were exploiting the Looney Tunables vulnerability. According to an Aqua Security blog, “The Kinsing threat actor represents a significant threat to cloud-native environments, particularly Kubernetes clusters, docker API, Redis servers, Jenkins servers and others.”
To learn more about API security, explore the variety of content available in our Library or visit RSAC Marketplace. Here you’ll find a vast array of cybersecurity vendors and service providers who can assist with your specific needs.
Cybersecurity Headlines of the Week
Nov. 10: Multiple news outlets reported, that ICBC, the world’s largest bank, experienced a cyberattack on its financial systems.
Nov. 9: According to Retail Touch Points, SEC regulations, the geopolitical unrest across the globe, and AI technologies are expected to heighten cybersecurity pressures for retailers this holiday season.
Nov. 9: “OpenAI has suggested that the significant outages on November 8, experienced by users across ChatGPT and the application programming interface, were caused by a suspected Distributed Denial of Service attack,” Forbes reported.
Nov. 9: A new report published by Mandiant (now part of Google Cloud) revealed that Sandworm, the Russian-backed hacking group, shut off electrical power in Ukraine back in October 2022.
Nov. 8: Developer tools have been targeted with a highly invasive malware while posing as a “legitimate obfuscation tool.”
Nov. 8: According to The Hacker News, “Meta-owned WhatsApp is officially rolling out a new privacy feature in its messaging service called "Protect IP Address in Calls" that masks users' IP addresses to other parties by relaying the calls through its servers.”
Nov. 7: Security Week reported, “Foreign threat actors can easily obtain sensitive information on US military members from data brokers, according to a new Duke University study whose results were published on Monday.”
Nov. 7: The Cybersecurity and Infrastructure Security Agency (CISA) joined the Federal Emergency Management Agency (FEMA) to publish a planning guide for cyber incidents for state, local, tribal, and territorial government agencies.
Nov. 7: Though the newly appointed Speaker of the House, Mike Johnson, has repeatedly expressed his support for Covenant Eyes, a porn-monitoring software, the Cybersecurity 202 reported, “experts say the software can be used coercively, raises potential privacy issues, and may not achieve what it purports to achieve.”
Nov. 6: Elon Musk’s AI startup, xAI, has developed a ChatGPT chatbot rival, named Grok, which allegedly has a passion for sarcasm.
Nov. 6: Reuters reported, "Electronics makers Siemens, Ericsson, and Schneider Electric, along with industry group DigitalEurope warned on Monday that onerous proposed EU rules targeting cybersecurity risks of smart devices could disrupt supply chains on a scale similar to during the pandemic.”
Nov. 6: FedScoop announced the 2023 FedScoop 50 award winners, honoring, “the brilliant leaders, innovative decision-makers and tireless workers making the federal government more efficient and effective through the use of technology.”