September 2023 Security Update: API Security, Government Security Risks

The security landscape continues to expand and evolve with risks to API security, new vulnerabilities discovered, and government agencies in the crosshairs.

Jay McCall

September 12, 2023

OWASP Top 10 API Security Risks

OWASP released its Top 10 API Security Risks for 2023. The list includes:

Broken object-level authorization
Broken authentication
Broken object property-level authorization
Unrestricted resource consumption
Broken function-level authorization
Unrestricted access to sensitive business data
Server-side request forgery
Security misconfiguration
Improper inventory management
Unsafe consumption of APIs

Action Items:

Implement authorization checks for every function that requires user ID to access data.
Implement authentication mechanisms correctly.
Restrict resource consumption to mitigate risks of DDoS attacks.
Ensure clear access control policies with a clear separation between admins and users.
Properly inventory hosts and deployed versions to limit exposure.
Strengthen security when using third-party APIs.
For more information, visit OWASP’s Top 10 API Security Risks landing page.

Cyberattacks Against Governments Are Rising in 2023

Data from the Atlas VPN team show 49 significant cyberattacks against government agencies, an 11 percent increase over the same period in 2022. The attacks impacted government organizations in at least 27 countries.

An analysis of the data by the Center for Strategic and International Studies shows that 16 percent, the largest portion of the attacks, targeted the U.S. government and its agencies. These attacks included a hack of remote desktop software in January 2023 and a worldwide cyberattack in June linked to Russian hackers.

Action Items:

Solutions providers that work with government agencies should take a security-first approach to providing technology, patch vulnerabilities as soon as they are discovered, and monitor systems for suspicious activity.
Comply with software bill of materials (SBOM) requests.
Assist agencies with data management, storage, and secure backup.
Review the Executive Order on Improving the Nation’s Cybersecurity.

Ransomware Actors Exploit Cisco Vulnerability

Cisco warned that ransomware groups are exploiting a zero-day vulnerability in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD). The vulnerability, CVE-2023-20269, is medium severity impacting the VPN feature of ASA. It allows attackers to conduct brute force attacks against accounts and then establish clientless SSL VPN sessions to execute actions in the victim’s system.

Action Items:

Bleeping Computer reports that until Cisco fixes the vulnerability, system administrators can:

Use dynamic access policies to stop VPN tunnels with DefaultADMINGroup or DefaultL2LGroup.
Deny access with Default Group Policy.
Implement LOCAL user database restrictions.
Point all non-default profiles to a sinkhole AAA server (dummy LDAP) server and enable logging to detect attacks early.
Use multifactor authentication (MFA) for VPN connections.

Ransomware Actors Indicted

On September 7, 2023, the U.S. Department of Justice announced indictments against TrickBot malware and Conti ransomware group members. The nine Russian nationals had allegedly attacked more than 900 victims around the world, including hospitals, schools, and businesses. Trickbot was a suite of malware tools developed to install Conti ransomware as well as to steal money.

Conti, a Ransomware as a Service variant, used vulnerabilities in remote monitoring and management software and remote desktop software as backdoors. Then, actors used tools on the victims’ networks to obtain credentials and escalate privileges.

Action Items:

Read the details of the indictments here.
Learn more about Conti, Trickbot, and cyberattack exploits.

CISA Adds Two CVEs to Its Catalog

The Cybersecurity & Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities Catalog with two new entries:

CVE-2023-41064: ImageIO buffer overflow for Apple iOS, iPad OS and macOS

CVE-2023-41061: Wallet code execution vulnerability for Apple iOS, iPadOS, and watch OS.

Action Items:

Review these and other known vulnerabilities.
Reduce exposure by updating software or fixing with patches.

For more security updates and insights, visit DevPro Journal’s Security resources page.

September 2023 Security Update: API Security, Government Security Risks

OWASP Top 10 API Security Risks

Cyberattacks Against Governments Are Rising in 2023

Ransomware Actors Exploit Cisco Vulnerability

Ransomware Actors Indicted

CISA Adds Two CVEs to Its Catalog

Latest Software Developer News

Epson OmniLink TM-m50II-H POS Receipt Printer Now Available

Epson OmniLink m-Series Receipt Printers Certified for Slice Register POS Systems Built Exclusively for Local Pizzerias

MicroTouch Collaborates with Exertis Almo to Bring Integrators New Interactive Touch Displays

New GitLab Research Reveals Rising Demand for Security and Efficiency in Software Development, Increasing Use of AI/ML in Security

Solo.io Expands Gloo Platform with Addition of Gloo Fabric to Enable Secure, Multi-cloud Networking for Distributed Applications

Epson OmniLink TM-m50II POS Receipt Printer Now Available

Most Popular

3 Ways AIOps Can Benefit the Finance Industry

Marketing Insights: What Has the Pandemic Taught Us?

Software in the New Normal: Purposefully Programmed for Today’s Modern Users

Three Things Your Channel Partners Need to Succeed in 2022