The VCE-2018-1002105 bug was recently reported for many versions of Kubernetes. The flaw allowed for both the swiping of sensitive information and the injection of malicious code. The fix requires an upgrade to the latest version. No malicious use of the hole has been reported to date.
- Articles (442)
- APIs (675)
- Mashups (26)
- SDKs (509)
- Libraries (23)
- Sample Source Code (289)
- Followers (8)
- Developers (25)
The following is a list of ProgrammableWeb articles that matched your search term. On an nearly 24/7 basis, ProgrammableWeb publishes new articles ranging from news to opinion to tutorials for both developers and API providers. All of our articles are categorized in such a way that you can find your way to related articles, APIs, SDKs, Libraries, Frameworks, Tutorials and Sample Source Code. If you have an interest in contributing any of the aforementioned content to ProgrammableWeb, be sure to read our guidelines for such contributions.
Ten APIs have been added to the ProgrammableWeb directory in categories including Podcasts, Location, and Machine Learning. Featured today is the GitHub Security Advisory API, two APIs for Mapfit, and an API for obtaining FEMA flood zone data. Here's a rundown of the latest additions.
Attackers know that API calls originating from inside an app are a blueprint for the infrastructure inside your data center. Further, they can use those same API calls to hide their malicious purposes, like a Trojan horse ready to slip through the front door. Apps are the new emerging threat vector.
The United States Postal Service confirmed recently that they have patched an API issue which exposed the account details for up to 60 million users. Additionally, in some cases, the vulnerability could have allowed hackers to modify other users’ account details.
Squarelink, an access tool for blockchain apps and services, has launched along with its public REST API. The API lets blockchain applications to retrieve transactions, data, and user account information upon permission by the user. The startup also plans on releasing open source client SDKs soon.
Google has evolved its bot-detecting reCAPTCHA API again. reCAPTCHA v3 goes beyond distorted text and identifying signals. v3 monitors a site user's interaction with a site and provides a score to the site owner/developer. The developer can use the risk score to evaluate needed actions.
Docker vulnerabilities have been the source of malicious attacks for years. A new trend in attacking Docker containers is to identify an unsecured Docker API, launch a new container, and use the container to start mining cryptocurrency. Trend Micro has identified an attacker looking for weaknesses.
Data Theorem, developer of application security systems, has announced two new solutions for API security analysis, API Inspect and API discover. Both tools aim to help customers gain a greater visibility into the status of their applications overall API security.
APIs, via B2B partnerships and B2C applications, can increase a company’s reach and make digital assets and services available to broader audiences. There are dangers posed by the adoption of insecure APIs in the enterprise. Hence, businesses need a strategy for building and operating secure APIs.
GitHub has just announced that they are launching a Security Advisory API that will provide data on vulnerabilities aggregated from millions of projects. Programmatic access to security advisories should allow developers to more proactively address issues.