Microsoft has introduced a new source code analyzer tool dubbed Microsoft Application Inspector. The tool is designed to "identify interesting features in source code" and can help enable developers understand software components your apps use.
The Open Web Application Security Project (OWASP) has released its OWASP API Security Top 10 2019. This is the first version of the API Top 10. OWASP will likely update the guidelines every three to fours years, similar to the other OWASP Top 10 series.
Cisco has patched a critical vulnerability in the REST API of Cisco's Elastic Services Controller that could lead to an attacker bypassing authentication on the REST API.
Security researchers from Imperva have found thousands of Docker hosts exposed to a new vulnerability and exposed remote Docker API. The new research describes the threat along with sample scripts and what can be done about it.
Researchers at Trend Micro have recently spotted malicious activity abusing systems running misconfigured Docker containers.
Google has patched a reCAPTCHA security vulnerability that allows an attacker to bypass a system.
Security firm Trustlook has found at least 25,936 malicious apps using one of Facebook’s APIs, such as a login API or messaging API. Such malicious apps could then use and abuse a range of Facebook login profiles, such as name, location and email address, according to recent blog post.
Appthority has discovered a significant data exposure vulnerability called Eavesdropper that impacts nearly 700 enterprise apps associated with 85 Twilio developer accounts.
A new attack that uses Docker containers to hide, persist and plant malware was demonstrated at Black Hat by a team of security researchers from Aqua Security.
Security firm Sucuri warned back in June how compromised CCTV devices were used in multiple denial-of-service (DDoS) attacks every day. In the report, nearly 25,000 compromised devices from all over the world were used in various attacks on small businesses.