The Growing Menace of Shadow APIs
As organizations increasingly rely on APIs, the dangers of shadow APIs become more pronounced. These unofficial, unsupported APIs are vulnerable to malicious attacks that can cause significant data loss. With a lack of proper documentation, monitoring, and security, these APIs remain hidden risks for businesses of all sizes.
Identifying and Securing Shadow APIs
Several factors contribute to the invisibility of API usage, including poor management, inadequate governance, and insufficient documentation. To protect against the risks posed by shadow APIs, organizations must employ purpose-built security controls, such as access restriction, security policy enforcement, and data encryption.
Utilizing API discovery tools, companies can identify shadow APIs and take necessary steps to mitigate risks. Solutions like Noname Security’s API Security Platform offer comprehensive insights into all types of APIs, helping organizations maintain the integrity of their infrastructure.
Legion: The New Python-Based Hacking Tool on Telegram
A new credential harvester and hacking tool called Legion is making its rounds on Telegram. With links to the AndroxGh0st malware family, this Python-based tool allows threat actors to exploit vulnerable systems and hijack services for further attacks.
Transparent Tribe Targets Indian Educational Institutions
The Pakistan-based threat group known as Transparent Tribe has expanded its focus to include the Indian education sector. Using weaponized Microsoft Office documents and the Crimson RAT malware, the group exfiltrates sensitive data and captures screenshots for espionage purposes.
Windows Zero-Day Exploited in Nokoyawa Ransomware Attacks
The recent discovery of CVE-2023-28252, a privilege escalation flaw affecting Windows CLFS driver, has been exploited by ransomware cybercriminals to deliver the Nokoyawa ransomware. This family of ransomware targets Windows systems and has ties to the Karma and Nemty ransomware families.
LinkedIn and Microsoft Entra Strengthen Professional Verification
Microsoft introduces a new verification feature for LinkedIn members, allowing them to verify their workplace credentials with a Microsoft Entra Verified ID. This decentralized identity system ensures the authenticity of user profiles and promotes trust within the professional network.
Russian Cyber War Against Ukraine Continues
Russia continues to wage a cyber war against Ukraine, employing both high-tech and low-tech tactics. From wiper malware to missile and artillery attacks on Ukraine’s energy infrastructure, Russia aims to cause localized internet outages and disrupt the nation’s defenses.
Focusing on the 2% of Exposures to Protect Critical Assets
A recent report by XM Cyber highlights that addressing just 2% of all exposures can protect 90% of critical assets. By concentrating on quick wins and reducing permissions scope, organizations can improve their overall security posture.
The Dark Truth About Cybersecurity Breach Confidentiality
A Bitdefender report reveals that 42% of IT/security professionals have been instructed to keep breaches confidential, even when they should be reported. The issue is most prevalent in the United States, with 71% of professionals being told to remain silent.
SAP Addresses Two Critical Vulnerabilities
SAP’s April 2023 security updates include fixes for two critical vulnerabilities, CVE-2023-27267 and CVE-2023-28765. SAP administrators are urged to apply the available security patches as soon as possible.
Malicious Android Apps Sold on the Darknet
Kaspersky reports that malicious Android apps are being sold on darknet forums for up to $20,000. These apps, disguised as legitimate software, can be used by cybercriminals to infiltrate users’ devices and steal sensitive information.
Minnesota School District Cancels Classes Due to Cyberattack
A suspected cyberattack on a Rochester, Minnesota school district led to the cancellation of classes for all 42 schools in the system. The incident follows a recent ransomware attack on a Minneapolis school district that exposed sensitive student data, highlighting the growing concern for cybersecurity in the education sector.
Generative AI Revolutionizing Cybersecurity Tools
The integration of generative AI in cybersecurity tools is transforming the industry. Companies such as Microsoft, Armo, Logpoint, and AlertEnterprise are leveraging OpenAI’s ChatGPT to enhance their security offerings, addressing the talent gap and improving overall security posture.
As the RSA Conference 2023 approaches, more companies are expected to unveil innovative generative AI initiatives to advance the cybersecurity landscape. Though skeptics question the extent of generative AI’s impact on the industry, it is becoming increasingly evident that its integration is vital for companies seeking to improve their technology and address the growing demand for cybersecurity expertise.
The evolving landscape of cyber threats, from shadow APIs and Legion to the targeting of educational institutions, underscores the need for organizations to prioritize cybersecurity. By identifying and addressing vulnerabilities, implementing purpose-built security controls, and embracing innovative solutions like generative AI, organizations can mitigate risks, protect critical assets, and maintain the integrity of their infrastructure. As the cyber landscape continues to change, staying informed and vigilant is key to staying one step ahead of potential threats.
That wraps up todays cybersecurity brief. As always stay safe, stay vigilant, and we’ll see you tomorrow with another update!