fbpx

breach analysis

Subscribe for expert insights to protect your APIs.

Thanks! Your subscription has been recorded.

Recent MOVEit Exploits: SQL Injection to Web Shell to Data Exfiltration

Recent MOVEit Exploits: SQL Injection to Web Shell to Data Exfiltration

In the last few weeks, the security community has been shaken by a series of exploits targeting MOVEit, a popular file transfer software. These incidents have exposed critical vulnerabilities, allowing threat actors to compromise sensitive data and exploit organizations ranging from the BBS to several arms of the US Government.

Key Takeaways from the 2023 Verizon Data Breach Investigations Report

Key Takeaways from the 2023 Verizon Data Breach Investigations Report

Explore the major findings from the 2023 Verizon Data Breach Investigations Report in our latest blog post. We delve into the rise of social engineering attacks, the human element in breaches, the most affected sectors, and the significance of web application attacks in today’s cybersecurity landscape.

The Telecom Industry: Why APIs Are Becoming their Worst Nightmare

The Telecom Industry: Why APIs Are Becoming their Worst Nightmare

The Telecom Industry: Why APIs Are Becoming their Worst Nightmare In the last six months, the Telecom industry has been hit by some massive, high-profile data breaches -- all of which happened by exploiting unprotected APIs. Gartner predicted that by 2022 APIs would...

T-Mobile’s API Data Breach: The API Security Reckoning is Here

T-Mobile’s API Data Breach: The API Security Reckoning is Here

T-Mobile's API Data Breach: The API Security Reckoning is Here We are roughly three weeks into 2023, and here we are, contending with the second major API data breach of the year. If this is any indication of how this year will progress, we have some hard questions to...

How API Abuse Became the Top Vector  for Data Breaches

How API Abuse Became the Top Vector for Data Breaches

Introduction - What is API Abuse? API Abuse has recently become an important topic among security professionals, and for good reason. In the past two years, we’ve seen large scale data breaches happen as a result of APIs being abused and misused in some way. API Abuse...

2023 Cybersecurity Predictions:API Security Q&A w/ Richard Bird

2023 Cybersecurity Predictions:API Security Q&A w/ Richard Bird

2023 Cybersecurity Predictions: Insights on the Future of API Security from Traceable CSO, Richard Bird It's that time again! It's time for experts around the globe address the year we are leaving behind, assessing our success and failures as an industry, and thinking...

The Business Case for API Security: Why API Security? Why Now?

The Business Case for API Security: Why API Security? Why Now?

The Business Case for API Security: Why API Security? Why Now? We are just about to finish yet another year -- 2022. And in terms of cybersecurity and specifically, API Security, the past 12 months has been quite a challenge for many industries. As with any emerging...

The Perils of Overestimating the Security of Your APIs

The Perils of Overestimating the Security of Your APIs

In 2019, I hacked 30 bank mobile apps and APIs in coordination with domestic and international financial services and FinTech companies. In 2020-2021, I hacked 30 mobile health (mHealth) apps and FHIR APIs in coordination with healthcare providers, giving me access to thousands of patient records via their APIs due to broken authentication and authorization vulnerabilities. This year, in coordination with federal and state law enforcement agencies, I was able to take remote control of law enforcement vehicles through the automaker’s APIs.