How Ubiq Security uses APIs to simplify data protection

As cyberthreats continue to multiply, startups with tools to protect data are in high demand. But companies are now facing the growing complexity of managing security across their various data sources.

San Diego-based Ubiq Security believes APIs could play a key role in simplifying this task. The company hopes to encourage more developers and enterprises to build security directly into applications rather than looking for other services to plug the holes.

“How do you take the messy and complicated world of encryption and distill it down to a consumable, bite-sized chunk?” asked Ubiq CEO Wias Issa. “We built an entirely API-based platform that enables any developer of any skill set to be able to integrate encryption directly into an application without having any prior cryptography experience.”

Issa is a security veteran and said companies have generally been focused on security for their data storage systems. When they start layering applications

Read More

CynergisTek Launches New Service to Better Manage Risk of APIs and Navigate New Interoperability Rules

AUSTIN, Texas–(BUSINESS WIRE)–Nov 19, 2020–

CynergisTek, Inc. (NYSE AMERICAN: CTEK), a leader in information security, privacy, and compliance, today announced the launch of their API Sentry service, developed specifically for healthcare organizations to manage the risks associated with the use of APIs within their environment. CynergisTek’s API Sentry service is powered by APIsec.ai, which leverages unique technology to facilitate ongoing testing and identifies security vulnerabilities, business logic flaws, and access control issues that can lead to a loss of sensitive data.

Organizations have rapidly adopted APIs to accelerate the secure exchange of electronic health records, and market research has linked the uptick of API use in healthcare to growing use of apps and wearables prescribed by medical providers and remote patient monitoring. However, using these technical building blocks doesn’t come without risk: APIs now account for 40 percent of the overall attack-area for web-enabled apps.

“Streamlining the use of

Read More

Amazon Web Services APIs can allegedly be exploited to steal user data

News of yet another company exposing its data to all and sundry on cloud storage is so normal now that you can pre-write the news and insert the name of the company. This time, however, Amazon Web Services Inc. itself allegedly allows hackers to get access to user data through its application programming interfaces.

The claim came Tuesday from security researchers at Unit 42, the cybersecurity research arm of Palo Alto Networks Inc. The researchers have detailed 22 APIs across 16 different AWS services that can be used to leak the AWS Identity and Access Management users and roles in arbitrary accounts.

AWS services that allegedly can be abused by attackers include Amazon Simple Storage, Amazon Key Management Service and Amazon Simple Queue Service. “A malicious actor may obtain the roster of an account, learn the organization’s internal structure and launch targeted attacks against individuals,” the researchers noted.

The cause

Read More