API Security

Insights and Protections On November 16, 2023, a significant security concern was published by Google’s Threat Analysis Group (TAG). They revealed an alarming vulnerability in Zimbra Collaboration, a widely-used email hosting tool for organizations. This vulnerability, designated with an identifier, CVE-2023-37580, is a glaring example of a reflected cross-site scripting (XSS) issue. It allows malicious scripts to be injected into unsuspecting users’ browsers through a deceptively simple method: clicking on a harmful link. Campaigns Exploiting…

In early November, the cybersecurity community witnessed the exploitation of a zero-day vulnerability in Confluence Data Center and Server. This critical vulnerability was related to Improper Authorization and assigned CVE-2023-22518 identifier. In this blog, we delve into the details of these vulnerabilities, their implications, and the necessary mitigation steps to protect your digital assets. The CVE-2023-22518 vulnerability targeted all versions of the on-premises Confluence Data Center. This “Improper Authorization” vulnerability flaw allowed an unauthenticated attacker…

In an age characterized by digital transformation, APIs serve as the backbone of modern applications, enabling diverse systems to communicate and share data seamlessly. This widespread API adoption, however, exposes organizations to a considerable attack surface, inviting the attention of cyber adversaries searching for vulnerabilities to exploit. A recent 2023 Enterprise Strategy Group (ESG) research report revealed that 75% of organizations change or update APIs on a daily or weekly basis, increasing their attack surface.…