By grigby1 

According to Cloudflare researchers, the use of Application Programming Interfaces (APIs) is increasing but poses greater management and security risks. APIs generated about 57 percent of global dynamic Internet traffic in 2023. However, the increased API traffic causes additional management and security issues, especially as there are more API endpoints than companies reported. The researchers discovered up to 30.7 percent more API endpoints than specified. These "Shadow APIs" are often used by developers or individual end users to run specific business applications.

By aekwall 

Hackers took over the US Securities and Exchange Commission's (SEC) X account and used it to spread false information regarding the approval of Bitcoin ETFs on security exchanges. According to the now-removed message, the SEC granted approval to Bitcoin ETFs for listing on registered national security exchanges. The news immediately impacted the cryptocurrency industry, with Bitcoin briefly reaching $48,000 before dropping to around $45,000 following the SEC's denial.

Cybercriminals are targeting hotels' backend Booking.com logins in order to take over the accounts and eventually harvest data on the hotels' customers. According to Perception Point's analysis of the campaign, threat actors are changing their tactics by focusing on specific industry practices and relationships to conduct targeted and convincing phishing attacks. Many of the phishing messages are addressed to hotel managers, claiming that former guests are leaving harsh reviews of the property online. The emails encourage hotels to sign in and respond to the complaints.

Exploring Artificial Intelligence (AI) is critical for remaining competitive, so CISOs must understand and address emerging AI threats. Large Language Model (LLM) vulnerabilities pose a significant threat to enterprise operations. It is essential for cyber teams to understand these vulnerabilities and how to mitigate them so enterprises can continue to innovate with LLMs without putting themselves at risk. This article continues to discuss the top LLM vulnerabilities and suggestions for mitigating them.

Healthcare services provider HMG Healthcare has recently disclosed a data breach impacting the personal health information of employees and residents at 40 affiliated nursing facilities.  The incident was identified in November 2023, but an investigation determined that the data breach occurred in August 2023.  The company noted that the incident involved hackers gaining access to their server and stealing unencrypted files.  Files on the server likely contained medical records and personal information.

China's Beijing Wangshendongjian Judicial Appraisal Institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature. This operation would allow the government to identify the phone numbers or email addresses of those who have shared content. In order to avoid censorship in the country, people turned to Apple's AirDrop feature. The feature does not require cellular service, sending images between devices via Bluetooth and a private Wi-Fi network. This article continues to discuss the AirDrop cracking claimed by the Chinese state-backed research institute.

Since early 2023, threat actors have been using a new Mirai-based botnet called NoaBot as part of a cryptocurrency mining campaign. According to Akamai security researcher Stiv Kupchik, the new botnet's capabilities include a wormable self-spreader and an SSH key backdoor to download and execute additional binaries or spread to new victims. Mirai source code was leaked in 2016, which has given rise to several botnets.

Security researchers at Patchstack discovered a critical vulnerability in the AI Engine plugin for WordPress, specifically affecting its free version with over 50,000 active installations.  The plugin is widely recognized for its diverse AI-related functionalities, allowing users to create chatbots, manage content, and utilize various AI tools such as translation, SEO, and more.  The researchers noted that the security flaw is an unauthenticated arbitrary file upload vulnerability in the plugin’s rest_upload function within the files.php module.