The Latest News On The API Economy
Searching: No Search Term , Filtered By Category: "Healthcare", Category: "Compliance", Category: "Security"
Just two months after Google announced its intention to retire the consumer version of Goolge+, the company has reported another vulnerability and expedited the shutdown. Instead of August of 2019, Google will retire the service in April 2019. Google+ APIs will be shut down in the next 90 days.
The US Department of Veterans Affairs has announced its first Health API. The Health API adds to VA's growing suite of APIs as the agency looks to become more technology driven and API-first. The Health API will help Veterans gain better access to and control over their private health data.
The VCE-2018-1002105 bug was recently reported for many versions of Kubernetes. The flaw allowed for both the swiping of sensitive information and the injection of malicious code. The fix requires an upgrade to the latest version. No malicious use of the hole has been reported to date.
Ten APIs have been added to the ProgrammableWeb directory in categories including Podcasts, Location, and Machine Learning. Featured today is the GitHub Security Advisory API, two APIs for Mapfit, and an API for obtaining FEMA flood zone data. Here's a rundown of the latest additions.
Attackers know that API calls originating from inside an app are a blueprint for the infrastructure inside your data center. Further, they can use those same API calls to hide their malicious purposes, like a Trojan horse ready to slip through the front door. Apps are the new emerging threat vector.
The United States Postal Service confirmed recently that they have patched an API issue which exposed the account details for up to 60 million users. Additionally, in some cases, the vulnerability could have allowed hackers to modify other users’ account details.
The Centers for Medicare and Medicaid Services recently faced with the reality that their legacy system, one that processes 4% of the US GDP, needed to be modernized for a number of reasons. This is the story of what USDS is doing to address the situation and keep a mission critical system online.
Squarelink, an access tool for blockchain apps and services, has launched along with its public REST API. The API lets blockchain applications to retrieve transactions, data, and user account information upon permission by the user. The startup also plans on releasing open source client SDKs soon.
Google has evolved its bot-detecting reCAPTCHA API again. reCAPTCHA v3 goes beyond distorted text and identifying signals. v3 monitors a site user's interaction with a site and provides a score to the site owner/developer. The developer can use the risk score to evaluate needed actions.
Docker vulnerabilities have been the source of malicious attacks for years. A new trend in attacking Docker containers is to identify an unsecured Docker API, launch a new container, and use the container to start mining cryptocurrency. Trend Micro has identified an attacker looking for weaknesses.
Data Theorem, developer of application security systems, has announced two new solutions for API security analysis, API Inspect and API discover. Both tools aim to help customers gain a greater visibility into the status of their applications overall API security.
APIs, via B2B partnerships and B2C applications, can increase a company’s reach and make digital assets and services available to broader audiences. There are dangers posed by the adoption of insecure APIs in the enterprise. Hence, businesses need a strategy for building and operating secure APIs.
GitHub has just announced that they are launching a Security Advisory API that will provide data on vulnerabilities aggregated from millions of projects. Programmatic access to security advisories should allow developers to more proactively address issues.
Microsoft took its next step in protecting user data by making two products available for public preview under the confidential computing project. The DC-series virtual machines and Open Enclave SDK have completed private betas and are ready for public preview. The goal is to protect data in use.
Rapid7 has announced API access to its InsightAppSec security solution. InsightAppSec is a security suite based on Dynamic Application Security Testing (DAST). Prior to the API, usage of the DAST features were limited to the user UI options offered by Rapid7. Now, developers can get more granular.
Google announced yesterday that it is shutting down the consumer version of Google+. The news came alongside the reveal of an API vulnerability discovered earlier this year. The company will provide 10 months for users to download their content.
Facebook discovered a security attack that potentially compromised 50 million user accounts in late September. While Facebook has now reported that the actual affect was minimal, the company has released a tool that helps app developers understand whether their users were affected or not.
What happens when you are ready to take your API from a small subset of users to something more open? What are the things you want to make sure are locked down tight before rolling out an open API program? James Higginbotham offered some tips for making sure your API is ready.
Earlier this week GitLab announced the release of security updates aimed at fixing various flaws found in previous iterations. One issue was an insecure direct object reference that exposed confidential issues within all public projects, via the Events API.
Atlassian has updated the Confluence and Jira Cloud APIs to comply with Europe's GDPR privacy regulations. The company will officially retire older APIs towards the end of March 2019. For now, the Bitbucket Cloud API has not been updated but the company will make GDPR-related changes to it soon.