DATA SECURITY

Salt Security to Launch Salt Labs to Increase Global Awareness of API Security Threats

Salt Security | July 16, 2021

The leading API security company, Salt Security, has announced today the launch of a now-public forum for publishing research on API vulnerabilities, Salt Labs. It will be a resource for enterprises looking to harden infrastructure against API risk through its vulnerability and threat research and industry reports. In addition, advancing the operation of Salt Security to offer complete API security and accelerate business improvement by making APIs attack-proof will also be a basis of more widespread public consciousness of API safety threats.

API security concerns are a significant inhibitor of business modernization. For example, 66% of establishments have delayed the placement of a new application because of API security anxieties, according to the Salt Security State of API Security Report. To counter these concerns, Salt Labs will provide research and reports that organizations can use to progress their API security pose and alleviate threats affecting API-centric businesses.

Several API security gaps are highlighted in today's inaugural vulnerability research at a large financial institution. Salt Labs researchers identified inadequate authorization for function access, susceptibility to parameter tampering, insufficient data access, and improper input filtering across the financial platform used by thousands of financial partners and customers. The Salt Labs researchers exploit these vulnerabilities to demonstrate that:

1. Any user could launch an application-level denial of service attack that would render entire applications unavailable.
2. Any user could read any financial records of any customer, despite lacking the proper authorization.
3. Any user could tamper with authentication parameters and take over any account.
4. Any user could delete any customer's user accounts across the financial platform.

About Salt Security

Salt Security was originated in 2016 by alumni of the Israeli Defense Forces (IDF) and serial businessperson executives in the cybersecurity field and is based in Silicon Valley and Israel. Salt Security protects the APIs that form the core of every new application. Its API Security Platform is the industry's first patented solution to stop the next generation of API attacks, using machine learning and AI to mechanically and unceasingly recognize and protect APIs.

Spotlight

No matter how well an organization is secured, it will eventually be breached. Network penetration is immediate: It only takes minutes for the hackers to penetrate the network. And one compromised account is all it takes for a bad actor to gain an initial foothold. But once they are in, it can take weeks or even months before the real damage is done. 

Spotlight

No matter how well an organization is secured, it will eventually be breached. Network penetration is immediate: It only takes minutes for the hackers to penetrate the network. And one compromised account is all it takes for a bad actor to gain an initial foothold. But once they are in, it can take weeks or even months before the real damage is done. 

Related News

DATA SECURITY

Paubox to protect healthcare providers with One-of-its-kind Security tool

Paubox | July 01, 2021

Zero Trust Email, a new feature to the Paubox Email Suite, is announced by the leader in HIPAA compliant email, Paubox. Zero Trust Email, the only technology of its kind, has the purpose of protecting the sensitive data and information of healthcare organizations from cybersecurity attackers. A solution for protecting the data and information of healthcare organizations was necessary as at least 93% of healthcare organizations reported one cybersecurity breach during the last three years. Various accounts on servers run by American infrastructure companies such as AWS, GoDaddy, and Mailgun, are being set up by bad actors. This lets cybercriminals to pass virus checks and industry standard spam. Paubox has rolled out Zero Trust Email in response to it. According to Founder CEO of Paubox, Hoala Greevy, A core tenet of Zero Trust security is multi-factor authentication (MFA). Zero Trust Email needs an additional piece of evidence from the sender’s mail server to pass our Inbound Security checks. This additional layer of verification is critical to keeping bad actors away and under control. According to Cost of Data Breach report of IBM, in 2019, healthcare industry had almost lost $7 billion USD due to damages from data breaches caused by cyberattacks. Extra network admittance points created by a rising remote work force only open healthcare organizations to more cybersecurity susceptibilities and attacks. Zero Trust Email can minimize the damage due to both internal and external attacks in healthcare organizations.

Read More

PLATFORM SECURITY

Cyware & GuidePoint Security Partner to Share Threat Intelligence

GuidePoint Security | April 21, 2022

Cyware, the industry's leading supplier of platform-agnostic Cyber Fusion Centers with next-gen SOC capabilities, today announced a collaboration with GuidePoint Security, a leader of cybersecurity solutions. GuidePoint Security joins a renowned group of Cyware Technology Partner Program solution providers, managed security service providers (MSSPs), and systems integrators in assisting clients in making wiser choices and minimizing risk. GuidePoint is broadening its threat management portfolio and expanding its service offerings with actionable threat intelligence and incident response solutions as a result of its new relationship with Cyware. GuidePoint's enterprise solutions for Cyware will allow clients to aggregate, analyze, and autonomously exchange data for enhanced threat visibility, as well as provide users with threat response collaboration capabilities. “Our partnership with GuidePoint couldn’t have come at a better time when the global threat landscape is witnessing a massive deterioration because of high impact threats targeting enterprises globally. Together, GuidePoint and Cyware will enable enterprises, ISACs/ISAOs, MSSPs, and government bodies to bring together siloed security operations, operationalize threat data more efficiently, and collaborate on threat response using next-gen cyber fusion solutions.” Amit Patel, Senior Vice President, Global Sales, Cyware The Cyber Fusion Center platform from Cyware combines SOAR and actionable threat intelligence to provide a cohesive, automated, and modular solution for bi-directional threat intelligence sharing, comprehensive case and workflow management, and unified orchestration for enterprises, ISACs/ISAOs, MSSPs, industry groups, National CERTs, and government organisations around the world. GuidePoint is a renowned cybersecurity adviser and solutions provider, with thousands of businesses around the nation relying on its expertise. Customers can depend on the company's proven experience, customized solutions, and services to help them make smarter cybersecurity choices that reduce risk. GuidePoint is the most recent multinational IT business to use Cyware as one of the engines powering its security service. Cyware collaborates with some of the world's most notable technology companies to provide enhanced solutions and intelligence.

Read More

SOFTWARE SECURITY

Green Hills Software Expands Leadership in Automotive Cybersecurity

prnewswire | October 28, 2020

Green Hills Software, the worldwide leader in embedded safety and security, announced today it has adopted the two new international security standards and regulations for automotive cybersecurity – ISO/SAE 21434 and UNECE WP.29 for the INTEGRITY real-time operating system (RTOS) and associated products and services. For decades, Green Hills has been an industry-recognized leader helping electronics manufacturers create and deploy embedded systems at the highest levels of safety and security. By offering compliant products and associated evidence reports for these new standards, Green Hills will build upon its proven pedigree as the foundational run-time software provider trusted by OEMs and their Tier 1 suppliers for automotive electronics. Utilizing these new security standards enables manufacturers to design and deploy purpose-built, secure, software-defined systems in connected vehicles, including highly automated driving, high performance compute clusters, domain controllers, vehicle gateways, telematics, keyless entry, diagnostic connections and electric vehicle charging stations, to name a few. As reliance on vehicle connectivity grows and demand for software-defined services rises, the risk of cyberattacks against connected vehicles continues to rise. With over 100 ECUs and hundreds of millions of lines of code, connected vehicles are a target-rich platform for cyberattacks. Multiple points of entry to modern connected vehicles provide opportunities for malicious vehicle control, fraud, and data-breaches that threaten companies, drivers, and road users. A single exploited security vulnerability could put an entire fleet of vehicles at risk, numbering in the millions. With nearly 80% of new cars connected1 to the internet, cybersecurity breaches have the potential to put billions of dollars in sales and lawsuits at risk – not to mention the damage to brand reputation. As a result, governmental bodies and independent regulators are drafting two related measures for managing cybersecurity threats throughout a connected vehicle's lifecycle. Green Hills is collaborating with its customers and adopting cybersecurity assessment policies for the following: The draft ISO/SAE 21434 "Road vehicles – Cybersecurity engineering" Standard was recently published by SAE International and ISO (Organization for Standardization). It is a baseline for vehicle manufacturers and suppliers to ensure cybersecurity risks are managed efficiently and effectively from both a product lifecycle and organizational perspective spanning concept, development, production, operation, maintenance, and decommissioning. The WP.29 regulations from the United Nations Economic Commission for Europe (UNECE) make OEMs responsible for cybersecurity mitigation in four cybersecurity areas spanning the entire vehicle lifecycle: managing cyber risks; securing vehicles by design; detecting and responding to security incidents; and providing safe and secure over-the-air (OTA) software updates. While WP.29 defines concrete examples of threats and mitigations, OEMs can choose how they show the threats are addressed, such as complying with ISO/SAE 21434. The regulation is expected to be finalized in early 2021 and applied initially to many member nations including European nations, South Korea, UK, and Japan, and will likely influence vehicle homologation polices in the US, Canada and China. WP.29 will be legally binding within adopting countries, and while the ISO/SAE 21434 standard is not a regulation, it is expected to be widely accepted in the global industry like ISO 26262 is today. "Connected cars bring significant risks and rewards to OEMs and their suppliers," said Chris Rommel, Executive Vice President, IoT & Industrial Technology at VDC Research. "Green Hills has earned a high stature in the industry for supplying security-critical foundational software to companies building life-critical systems like aircraft avionics, vehicle ADAS and medical equipment, and its support of these new cybersecurity standards is noteworthy." "ISO/SAE 21434 and WP.29 are valuable additional steps towards protecting connected vehicles from cybersecurity vulnerabilities," said Dan Mender, VP of Business Development at Green Hills Software. "Green Hills has decades of experience developing and delivering security-certified technologies at the highest levels. Adopting these standards expands our offerings to global automotive OEMs and their suppliers bringing the industry's leading secure software run-time environment to next-generation connected vehicle electronics." Reference (1) Source: VDC Research Group, Inc.: Automotive Cybersecurity Software & Services Market report, 2019 Strategic Insights Security & The Internet of Things Research Program. About Green Hills Software Founded in 1982, Green Hills Software is the worldwide leader in embedded safety and security. In 2008, the Green Hills INTEGRITY-178 RTOS was the first and only operating system to be certified by NIAP (National Information Assurance Partnership comprised of NSA & NIST) to EAL 6+, High Robustness, the highest level of security ever achieved for any software product. Our open architecture integrated development solutions address deeply embedded, absolute security and high-reliability applications for the military/avionics, medical, industrial, automotive, networking, consumer and other markets that demand industry-certified solutions. Green Hills Software is headquartered in Santa Barbara, CA, with European headquarters in the United Kingdom. Green Hills, the Green Hills logo and INTEGRITY are trademarks or registered trademarks of Green Hills Software in the U.S. and/or internationally. All other trademarks are the property of their respective owners.

Read More