Tag Archive for: attracts

The growth of APIs attracts Cybercrime: How to prepare against cyber attacks

/in


Application Programming Interfaces (APIs) have profoundly transformed the internet’s fabric. In the pre-API era, digital interactions were limited by siloed systems functioning in isolation. APIs dismantled these barriers by introducing a universal language that diverse applications could comprehend. This linguistic bridge facilitated an unprecedented level of interconnectivity between software entities.

APIs are the conduits through which software components communicate, interact, and share functionalities; this has led to an environment where applications, platforms, and services seamlessly collaborate, transcending their capabilities. The internet, once a collection of discrete entities, has morphed into an intricate web of interwoven functionalities that users traverse effortlessly.

Moreover, APIs have been instrumental in democratizing technological innovation. By allowing developers to harness existing functionalities, APIs accelerate the creation of novel solutions, propelling the evolution of applications across domains like e-commerce, mobile apps, cloud computing, and beyond.

The concept of modularity has been reshaped by APIs, giving rise to microservices architecture. This approach, underpinned by APIs, enables applications to be composed of smaller, specialized services that communicate harmoniously. Consequently, scalability, maintenance, and flexibility are greatly enhanced.

In essence, APIs have unfurled a landscape where digital interactions are fluid, innovation is rapid, and the internet’s potential is boundless. The transformation they’ve ushered in has redefined how we envision, construct, and experience the digital realm.

As API adoption increases, so too have the attacks launched upon them. Unique attackers have grown by 400% within a six-month period. And API attacks can be highly damaging; an attack on the Australian telecoms giant Optus exposed the information of more than a third of Australia’s total population. This article will explore the evolving landscape of API-based cyber threats and outline practical strategies to bolster your defenses.

API-Related Cyber Threats

  • Injection Attacks: Like traditional software applications, APIs are…

Source…

EU’s eIDAS Proposal Attracts Growing Criticism

/in


BRUSSELS, July 13, 2022 /PRNewswire/ — There is a serious threat to existing internet security measures stemming from the European Commission’s proposed revision to the eIDAS regulation. If implemented, experts say it could open individuals browsing online to additional security risks and set a precedent to allow state-sponsored internet surveillance. As currently drafted, article 45.2 could undermine the EU’s own ambitions to be the frontrunner of a more secure, responsible and competitive internet that protects people from illegal activity.

Under the revised article 45.2 of the eIDAS regulation, browsers would be mandated to accept the EU-designed Qualified Web Authentication Certificates (QWACs) even though they have weaker security properties than those most browsers currently allow. Moreover, browsers would be prevented from applying any of the existing security due diligence checks to the entities which issue these certificates, thereby bypassing the critical first line of defense against cybercrime.

Article 45.2 is attracting growing attention from parliamentarians and cybersecurity experts alike. In her draft report, MEP Romana Jerković, the file’s rapporteur, deleted it in order to have more time to figure out an approach that doesn’t compromise security. Meanwhile, in a letter sent to MEPs and EU countries, academics said that mandating the use of QWACs could introduce “significant weaknesses into the global multi-stakeholder ecosystem for securing web browsing.” They added that the move could make it “more difficult to protect individuals from cybercriminals.”

Attempts have been made in the past to forcefully bypass browser security checks for rights-interfering ends, most notably in Kazakhstan in 2020 and Mauritius in 2021. In both cases, the governments aimed to use so called “man-in-the-middle” attacks to carry out state-sponsored surveillance of internet traffic.

Marshall Erwin, Chief Security Officer at Mozilla, said: “While this is not the intent of the EU, the inclusion of article 45.2 in eIDAS will make it more difficult to push back on these surveillance attempts in future. The EU sets many global standards and we’re concerned that if this is copied…

Source…

Amid growing sales, Android attracts more malware – CNN Money

/in

(gigaom.com) — 2011 is shaping up to be banner year for malware, which is at an all-time high for attacks and is … a significant threat for computer users. Even Apple’s Mac OS X platform was found to have fake anti-virus software for the first time …
Read more

Computer security attracts venture capitalists – Reuters UK

/in

SAN FRANCISCO (Reuters) – Silicon Valley venture capitalists are betting big on new technologies to protect computer networks, hoping they will profit from a spate of high-profile cyber attacks on corporate and government bodies. Many security start-ups …
Read more