This week, we have news of another API key leak, this time affecting users of Sumo Logic, who have been advised to rotate their keys out of caution. We also have articles on the risk of RBAC vulnerabilities for APIs and why CFOs should prioritize API security as a cost-saver and business enabler. We also have a book review, a report on the size of the API market, and, finally, news of a new tool from 42Crunch.
Breach: Sumo Logic advises customers to reset API keys
Sumo Logic confirmed it had discovered evidence of a potential security incident on the 3rd of November. It has since locked down the exposed infrastructure and rotated every potentially exposed credential “out of an abundance of caution.”
Although Sumo Logic insisted there was no indication of a compromise or a breach of customer data, they advised customers to rotate both keys used to access Sumo Logic or that were provided to Sumo Logic for accessing other systems. The attack was believed to have involved third-party access to a Sumo Logic AWS account.
Although Sumo Logic declined to comment further on the details of the incident, it assured customers that they were committed to “a safe and secure digital experience,”
This is another in a recent spate of API key leakage incidents coming on the back of the OpenSea and JumpCloud incidents reported in this newsletter.
Article: The risk of RBAC vulnerabilities
The first article this week is from GBHackers and discusses the risk of role-based access control (RBAC) vulnerabilities in systems built-up APIs. Most people, I am sure, ar ..
Support the originator by clicking the read the rest link below.
