Wallarm Releases 2025 API ThreatStats Report Revealing that APIs are the Predominant Attack Surface

Posted in Commentary with tags on January 29, 2025 by itnerd

Wallarm, a global leader in API security, today released its 2025 API ThreatStats Report, revealing that APIs have emerged as the predominant attack surface over the past year, with AI being the biggest driver of API security risks. Wallarm’s annual report bridges a critical gap between technical and strategic aspects of API security by sharing actionable insights tailored to the distinct responsibilities of CISOs and CIOs.

Wallarm’s researchers tracked 439 AI-related CVEs, a staggering 1,025% increase from the prior year. Nearly all (99%) were directly tied to APIs, including injection flaws, misconfigurations, and new memory corruption vulnerabilities stemming from AI’s reliance on high-performance binary APIs. With the exponential rise in AI adoption and exploits, Wallarm introduced a new ThreatStats Top 10 category, Memory Corruption and Overflow. This new category addresses vulnerabilities that arise from improper memory handling and access, resulting in security breaches such as unauthorized data access, crashes, and arbitrary code execution, and was driven by Wallarm’s analysis of how AI workloads interact with hardware, exposing APIs to issues like buffer overflows and integer overflows.

Additionally, more than 50% of all recorded CISA exploited vulnerabilities were API-related for the first time, a 30% increase from the year before, and this highlights the growing prevalence and criticality of API security in modern threat environments. API vulnerabilities surpass traditional exploit categories like kernel, browser, and supply chain vulnerabilities, underscoring their central role in cyberattacks.

Key insights and observations include:

  • AI as a catalyst for new vulnerabilities: In Wallarm’s survey of 200 US-based enterprise leaders on AI and API security, over 53% reported engaging in multiple AI deployments. These deployments are primarily enabled by API technology, cementing APIs as the foundation of enterprise AI adoption. However, while AI integration drives rapid API adoption across industries, it also introduces unique risks. For instance, Wallarm’s threat intelligence flagged significant vulnerabilities in AI tools like PaddlePaddle and MLflow, which underpin enterprise AI deployments. These tools were exploited at API endpoints, compromising training data, siphoning intellectual property, or injecting malicious payloads into machine learning pipelines. Additionally, APIs facilitating real-time data exchanges between AI models and applications often lack adequate security measures, making them susceptible to injection, abuse, and memory-related exploits.
  • Legacy and modern APIs both under attack: While legacy APIs such as those used in Digi Yatra and Optus incidents remain vulnerable due to outdated designs, modern RESTful APIs are equally at risk due to complex integration challenges and improper configurations. APIs now represent the largest category of exploited vulnerabilities in CISA KEV, with modern APIs representing over 33%. Exploits include improper authentication, injection attacks, and API endpoint misconfigurations, targeting enterprise-grade platforms with prominent attacks, including Invanti and Palo Alto Networks. Legacy APIs in web applications represent over 18% of exploited vulnerabilities. These vulnerabilities arise in older APIs typically used within web applications for AJAX backends, URL parameters, or direct calls to .php files. Often integrated into devices like cameras or IoT systems, these APIs lack the robust security measures of their modern counterparts, with key exploit types including URL-based injection, CSRF attacks, and outdated session handling mechanisms.
  • Growing exploitation of authentication and access control: The Twilio and Tech in Asia breaches demonstrated how attackers exploit weak authentication and access control mechanisms to gain unauthorized access. These issues are exacerbated by the decentralized nature of API management in large organizations, as API-related breaches escalate in frequency and severity. For instance, in last year’s Wallarm Annual Report based on 2023 data, API-related breaches were significant but sparse, with only a few incidents reported each quarter. In 2024, this picture changed dramatically, with an average of three monthly incidents—and, at times, as many as five to seven breaches each month. The rise of API-driven systems in sectors like healthcare, transportation, technology, and financial services has led to a surge in vulnerabilities, placing APIs squarely at the center of the cybersecurity landscape.

Underscoring the report’s central findings is that AI security is API security. As APIs drive innovation, particularly in AI-enabled systems, organizations need real-time API controls to protect their business operations, customer trust, and long-term success. Looking ahead to 2025, organizations must prioritize API security to safeguard their systems and unlock the full potential of APIs as the key driver of business transformation.

To download the report, visit https://www.wallarm.com/resources/2025-api-threatstats-tm-report.

Leave a comment »

Deepgram Accelerates Into 2025, Empowering 200,000+ Developers From Startups to Global Enterprises to Build Voice AI

Posted in Commentary with tags on January 29, 2025 by itnerd

Deepgram, the leading voice AI platform for developers building speech-to-text (STT), text-to-speech (TTS), and full speech-to-speech (STS) offerings, today announced record business growth and technical milestones achieved in the past year. Today, over 200,000 developers build with Deepgram’s voice-native foundational models, choosing Deepgram due to its unmatched accuracy, low latency, and pricing, as well as the flexibility for all voice-native AI models to be accessed through cloud APIs or self-hosted / on-premises APIs. Organizations that build on Deepgram’s infrastructure for STT, TTS, and AI Voice Agents include technology ISVs building voice products or platforms, co-sell partners working with large enterprises, and enterprises solving internal use cases. 

Looking forward to 2025, Deepgram will continue to innovate to extend its unique value proposition of offering the highest accuracy and lowest COGS at scale and highest model adaptability, and lowest latency. Through continued innovation, Deepgram expects to end 2025 as the industry’s only end-to-end speech-to-speech solution built to solve the four critical challenges of enterprise-ready voice AI:

  1. Accuracy / audio perception: Enterprise use cases require high recognition, understanding, and generation of specialized vocabulary in often challenging audio conditions. Deepgram solves this through novel, non-lossy compressions of these spaces for rapid processing paired with generation, training, and evaluation on synthetic data that precisely matches Deepgram customers’ real-world conditions.
  2. COGS at scale: Deepgram customers need to profitably build and scale voice AI solutions. Deepgram delivers this through its unique latent audio model with extreme compression combined with deep expertise in high-performance computing.
  3. Latency: Real-time conversation requires near-instantaneous responses. Deepgram achieves this using streaming state space model architectures, optimized specifically for the underlying hardware to deliver minimal processing delays.
  4. Context: Effective conversations are deeply contextualized. Deepgram will pass the speech Turing test thanks to its ability to train on vast bodies of data that thoroughly represent its customers’ use cases and pass that context through the entire system and interaction.

Additional Resources:

●      Read about Deepgram’s groundbreaking voice agent API

●      Watch a fun demo of Deepgram’s voice agent API

●      Try Deepgram’s interactive demo

●      Get $200 in free credits and try Deepgram for yourself

Leave a comment »

Threat Actors Mimic Amazon Prime Membership to Steal Credit Card Data 

Posted in Commentary with tags on January 28, 2025 by itnerd

Researchers have uncovered a new hacking campaign using PDF documents announcing an expired Amazon Prime membership with links to phishing pages that impersonate Amazon and request credit card data:

Javvad Malik, lead security awareness advocate at KnowBe4, commented:

“The initial attack vector, where users are beguiled into opening an email attachment containing a PDF file, is a stark reminder of the importance of remaining vigilant of emails. Emails still remain the most popular attack avenue for phishing, so it’s important that people have the right education and tools at their disposal to be able to effectively identify and report any suspicious activity. 

“Amazon’s proactive steps, including the takedown of numerous phishing websites and the implementation of advanced email verification technology, are commendable. However, the incident is a reminder that takedowns are like a game of whack-a-mole and more malicious sites will continue to crop up. So it’s important that users remain ever vigilant and informed about the potential threats we face online.”

This serves as a reminder that you need to treat anything and everything that hits your inbox with suspicion. On top of that, you should never click on links from any random email because bad things may happen to you.

Leave a comment »

KnowBe4’s Top 10 Tips to Take Charge of Your Data on Data Privacy Day

Posted in Commentary with tags on January 28, 2025 by itnerd

KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, celebrates Data Privacy Day with practical and impactful recommendations to help individuals and organizations take charge of their data security.

In an age where data is constantly collected, shared, and monetized, Data Privacy Day serves as an annual reminder about the importance of protecting and facilitating online privacy. Data Privacy Day began in the United States in January 2008 as an extension of the Data Protection Day celebration in Europe and is officially led by NCSA in North America. The National Cybersecurity Alliance has expanded it into Data Privacy Week, with the 2025 theme ‘Take Control of Your Data’, which encourages individuals to reclaim their digital autonomy through simple, actionable steps to make informed privacy choices. For organizations, the message emphasizes the need to respect and prioritize users’ data privacy.

Data privacy is more critical than ever, especially when social media platforms, AI chatbots and connected devices have increased publicly available digital footprints. This creates opportunities for the misuse of personal information and data traces which can lead to incidents of identity theft, financial fraud, and even psychological harm.

Recognizing the shared responsibility of safeguarding data, DePaula shares the 10 top tips for individuals and organizations to help take control of their data in 2025:

Tips for Individuals

  1. Vet your apps and tools: Before using new apps, check their data usage policies, control options, and origin to ensure they are trustworthy.
  2. Optimize IoT device privacy: Adjust settings in your IoT device apps to enhance privacy, such as disabling voice recordings, limiting data storage, or controlling ad preferences.
  3. Educate your family: Discuss online safety with family members, especially children, covering topics like avoiding sharing personal information, recognizing suspicious links, and managing location sharing.
  4. Set up a reputable password manager: Use it for critical accounts and generate strong, unique passwords.
  5. Enable multi-factor authentication (MFA): Activate MFA, preferably with a FIDO token, for critical accounts as an added layer of protection.

Tips for Organizations

  1. Minimize data collection: Only collect and store data that is essential for business operations. Eliminate unnecessary personal or payment information.
  2. Communicate transparency in privacy policies: Clearly explain what data is collected, how it is used, and with whom it is shared.
  3. Train employees: Educate all employees on data protection regulations, while training them to recognize the latest social engineering attacks and other security risks.
  4. Encrypt personal data: Protect personal data—at rest and in transit—from unauthorized access or exposure.
  5. Vet vendors and partners: As a ‘responsible party’, your organization is responsible and accountable for protecting the data of its subject – even if the processing is outsourced to third parties. Ensure that any external parties handling your organization’s data maintain a high standard of privacy and protection.

For more insights and best practices on data privacy, visit www.knowbe4.com.

Leave a comment »

Cyware Launches Industry’s First Pre-Configured Threat Intelligence Platform with Team Cymru

Posted in Commentary with tags on January 28, 2025 by itnerd

Cyware, the leading provider of threat intelligence management, low-code/no-code security automation, and cyber fusion solutions, today announced an important collaboration with Team Cymru to pre-configure Team Cymru’s industry-leading threat feeds into Cyware’s Threat Intelligence Platform (TIP). This packaged solution delivers real-time visibility into botnets, malware, command and control (C2) infrastructure, and external malicious activity, empowering organizations to detect and respond faster to even the most sophisticated adversaries.

By incorporating Team Cymru’s threat feeds—including the Botnet Analysis and Reporting Service (BARS) feed and the Controller (C2) Feed—into Cyware’s advanced TIP, organizations gain access to more accurate and up-to-date intelligence. This enhanced intelligence is designed to allow security teams to identify, analyze, and mitigate malware and botnets with precision and speed to help fortify their defenses against cyberattacks.

With this solution, customers benefit from approximately 10,000 unique IPs daily and the processing of approximately 6-7 million unique events, providing detailed threat indicators and attributes that are often missing in traditional threat feeds. When combined with Cyware’s operationalized threat intelligence capabilities, it is designed to enable security teams to:

  • Stop malware and DDoS attacks before they impact networks and infrastructure
  • Harden network defenses by integrating threat indicators with firewalls, intrusion prevention systems (IPS), and intrusion detection systems (IDS)
  • Automate threat hunting for DNS-based attacks and monitor malicious communications
  • Gain geolocation, victimology information, and detailed campaign histories to contextualize threats

The combined solution also offers unique and critical insights into malware families, unique control protocols, and encryption mechanisms, allowing organizations to prioritize and block malicious activity more effectively. With these capabilities, Cyware and Team Cymru are redefining what it means to stay ahead of cyber threats as global adversaries gear up for disruption.

For more information on Cyware and Team Cymru’s integration, visit https://www.cyware.com/partners/technology-alliances/team-cymru.

Leave a comment »

Deepseek Is Apparently Under Attack

Posted in Commentary with tags on January 28, 2025 by itnerd

Chinese AI startup Deepseek says it is temporarily limiting registrations due to large-scale malicious attacks on its services. Here’s a look at their status page which can be found at https://status.deepseek.com/:

Erich Kron, security awareness advocate at KnowBe4, commented:

“One of the key tenets of cybersecurity is availability. Combined with confidentiality and integrity of data, these make up what is known as the CIA triad. Although most people think of confidentiality and battling data breaches when it comes to cybersecurity, the lack of availability can be just as crippling to an organization if they are not able to provide the services they promise to their customers. With the popularity of DeepSeek growing, it’s not a big surprise that they are being targeted by malicious web traffic. These sorts of attacks could be a way to extort an organization by promising to stop attacks and restore availability for a fee, it could be rival organizations seeking to negatively impact the competition, or it could even be people who have invested in a competing organization and want to protect their investment by taking out the competition.

“The cybersecurity world has become global, with attacks originating from any continent on the planet and targeting any organization with a web presence. Unfortunately many counter moves, such as pausing new user registration to allow computing resources to be freed up for other services, can bring back the use of the platform for some, but also makes for a bad experience for potentially new subscribers and can be very damaging to the organization. In a time where internet outages can impact organizations to the tune of millions of dollars lost per hour, or more, the threat of attacks such as this is very real and should be carefully considered and planned for.”

I find it interesting that Deepseek is under attack given how much “noise” that they’ve made in the last few days. Ignoring the fact that no citizen of a western country should sign up for this service, it will be interesting to see if an how they recover, and how they defend against attacks like this in the future.

1 Comment »

EnGenius Technologies Unveils EnGenius Cloud Advisory Board to Streamline Advanced Feature Discovery and Best Practices

Posted in Commentary with tags on January 28, 2025 by itnerd

EnGenius Technologies, a leading provider of cutting-edge networking solutions, is proud to announce the launch of EnGenius Cloud Advisory Board, an innovative new feature within the EnGenius Cloud platform. Designed to empower Managed Service Providers (MSPs), system integrators, network engineers, and IT professionals, EnGenius Cloud Advisory Board is an innovated tool that simplifies the discovery of advanced features tailored to various industry verticals. With its focused recommendations and best practice guidelines, this addition redefines how users optimize network performance across sectors such as chain stores, business offices, hotels and resorts, student housing, senior living, and multi-family units.

Streamlining Feature Discovery

Navigating the diverse ecosystem of cloud networking features can be a demanding task for IT professionals striving to deliver scalable, secure, and efficient solutions. Recognizing this, EnGenius has developed the Cloud Advisory Board to function as a dedicated resource that eliminates the guesswork in locating features best suited for specific industries. The tool intelligently filters through EnGenius Cloud’s rich set of functionalities, directing users to solutions that optimize network operations in their unique environments.

Transforming Industry Verticals

The EnGenius Cloud Advisory Board offers tailored recommendations for a wide array of industries, ensuring network solutions are optimized for their distinct operational requirements. Key benefits include:

  • Efficient Decision-Making: Quick access to reliable, organized information allows for faster and more informed decisions, reducing time spent on research or consultations.
  • Enhanced Accuracy: By compiling data from credible sources and offering real-time updates, the database ensures that decisions are based on the most accurate and current information available.
  • Cost-Effective: An advisory database reduces the need for external consultancy services, saving businesses money while still providing expert insights and advice.

By aligning advanced features with industry’s best practices, EnGenius Cloud Advisory Board positions users to achieve superior operational efficiency, customer satisfaction, and competitive edge.

Empowering Professionals with Best Practices

In addition to pinpointing advanced features, Cloud Advisory Board provides users with actionable insights and best practice guidelines for deploying EnGenius Cloud solutions in their respective industries. These expert recommendations cover critical areas, including network design, security, scalability, and performance optimization. As a result, IT professionals can confidently deploy tailored networking solutions that meet the highest standards of reliability and effectiveness.

Enhanced Value for MSPs, System Integrators, and IT Teams

EnGenius Cloud Advisory Board is particularly valuable for MSPs, system integrators, and IT teams who manage networks across diverse environments. By reducing the time spent on trial and error and simplifying the deployment of advanced features, the tool ensures these professionals can:

  • Deliver superior results to clients more efficiently.
  • Address industry-specific networking challenges with precision.
  • Keep pace with technological advancements in cloud networking.

Leave a comment »

Guest Post: Only 6% of S&P 500 companies scored an A for their cybersecurity

Posted in Commentary with tags on January 28, 2025 by itnerd

ccording to the latest Cybernews Business Digital Index analysis, only 6% of S&P 500 companies achieved an A rating, while 89% of analyzed companies scored a D (almost 49%) and F (40%) for their cybersecurity efforts. 

The new analysis results reflect weak cybersecurity postures and show that most organizations haven’t raised their security standards. 

Detailed data collected from multiple sources, including IOT search engines, IP and Domain name reputation databases, and custom scanners, shows the digital security posture of S&P 500 companies.

Manufacturing and real estate industries are the most vulnerable

According to the Business Digital Index, which grades businesses based on their online security measures, the Manufacturing, Real Estate and Development industries have the weakest digital security. 

The biggest S&P 500 category is Manufacturing, with 138 companies on the list. 40% of the scored companies received a D rating, and 53% received an F rating. Only 3% of analyzed organizations earned an A rating for security measures. 

The second-biggest category on the list is Finance and Insurance. According to the analysis, 94% of companies analyzed received a security rating of D or worse, with 22% falling into the F category. 

A very similar situation exists with companies in the Healthcare and Pharmaceuticals category. Almost 10% of the companies analyzed in this category achieved an A grade. 52% of the healthcare sector scored D and 38% F. 

40% of Real Estate and Development category companies received D and 48% F scores. Most (48%) of Retail and Wholesale category companies were rated D, and 38.5% got an F

The report also shows that almost 86% of companies in the Energy and Natural Resources category analyzed scored a D or worse for their cybersecurity efforts.

The Technology and IT industry has the largest share of A-level security companies (almost 13%). However, 42% of analyzed Technology and IT category companies worldwide scored D, and 39% got a barely passing grade of F. 

Data breaches are one of the top issues 

Researchers found that the top three issues across industries are data breaches, secure sockets layer (SSL) configuration, and system hosting issues.

Even 96% of all analyzed companies had data breaches. This is an alarming systemic issue, with Real Estate and Development, Finance and Insurance, and Manufacturing leading the way in these incidents.

Nearly every S&P 500 company (almost 98%) suffers from poor SSL practices, reflecting weak encryption standards. 

Furthermore, 88.5% of companies have system hosting issues, and this problem is particularly prevalent in the Healthcare and Pharmaceuticals (97.6%) sector. 

The Manufacturing industry consistently ranks among the highest in vulnerabilities across all categories, particularly in software patching total vulnerabilities (63%), data breaches (97.8%), and SSL configuration issues (100%).

Meanwhile, the least affected industry is Real Estate and Development. This industry has lower incidence rates across categories, such as software patching critical vulnerabilities (16%) and web application security issues (48%).

Research Methodology

The Cybernews research team analyzed 485 companies on the S&P 500 list. Fifteen companies could not be analyzed to evaluate an organization’s cybersecurity posture. 

The report evaluates risk across seven key areas: software patching, web application security, email security, system reputation, SSL Configuration, system hosting, and data breach history. The report’s Methodology is here.

Leave a comment »

Atomicwork Secures $25M in Series A Funding

Posted in Commentary with tags on January 28, 2025 by itnerd

Atomicwork, a leading innovator in agentic service management solutions for Enterprise IT, today announced that it has raised $25 million in their Series A funding round. The round was led by Khosla Ventures and Z47, with participation from Battery VenturesBlume Ventures, and Peak XV Partners. This new infusion of capital accelerates Atomicwork’s mission to transform IT service management (ITSM) with its innovative AI-native platform that modernizes how businesses operate and drive growth.

A New Era for Enterprise IT Service Management

Today’s enterprises face a pivotal moment. As operations expand globally and digital systems multiply, traditional ITSM tools are reaching their limits. These legacy solutions – built for an earlier era of process management – can’t keep pace with modern business demands. 

CEOs and CIOs recognize the need for transformative change. The challenge isn’t just about managing IT anymore – it’s about empowering organizations to thrive in an increasingly dynamic digital landscape. 

Atomicwork’s agentic service management platform combines an enterprise knowledge graph with agentic AI to offload work from IT teams, allowing them to focus on driving business impact rather than managing everyday processes. By radically simplifying enterprise workflows, managing incidents in real-time, and enabling self-healing, Atomicwork is helping businesses stay ahead in today’s fast-moving digital business environment. 

Global businesses like Zuora and Pepper Money use Atomicwork to empower their teams with seamless service, intelligent automation, and actionable insights, driving productivity and transforming their digital workplace experience. 

Backing by Industry Leaders

The funding round comes on the heels of strong product adoption and backing from 40+ global CIOs, CTOs and industry veterans. 

Future growth and expansion

These Series A funds will be used to further scale and deploy Enterprise AI agents and invest in GTM expansion. The company plans to enhance its platform support for key enterprise integrations and ensure seamless scalability. 

Leave a comment »

Hammerspace Achieves 10x Revenue Growth in 2024 Fueled by AI Storage and Hybrid Cloud Computing Demand

Posted in Commentary with tags on January 28, 2025 by itnerd

Hammerspace, the company orchestrating the next data cycle, today announced that it has achieved record-breaking 2024 results and business momentum with 10X revenue growth and a 32% increase in the number of customers for the full-year ended December 31, 2024. Hammerspace also posted strong customer retention and account expansion metrics while growing its leadership position in new geographies. The demands for high-performance data storage, global data access and the paradigm of an orchestrated data world are driving rapid adoption. 

Two seismic shifts are fueling unprecedented growth at Hammerspace and across the industry: the rising need for cost- and power-efficient infrastructure to support GPU computing at scale and the rapid adoption of hybrid cloud and multi-data center architectures.

With AI, Enterprise HPC and other data-intensive workloads increasing worldwide, Hammerspace unveiled its Tier 0 capabilities and MLPerf®1.0 benchmark results in November 2024. Tier 0, a new tier of ultra-fast shared storage that uses the local NVMe storage in GPU servers as shared storage, is gaining traction quickly. Designed to eliminate storage bottlenecks and maximize GPU performance, Tier 0 transforms GPU computing infrastructure by improving resource utilization and power efficiency while reducing AI storage costs.  
 

Exceptional Customer Retention and Growth Efficiency

Hammerspace posted notable customer satisfaction, retention and growth efficiency metrics, with Gross Revenue Retention (GRR) > 95%, reflecting strong customer satisfaction and retention strength, and Net Revenue Retention (NRR) > 330%, highlighting growth efficiency and the company’s ability to grow organically within its customer base. The outstanding GRR and NRR metrics are a testament to the demand for users to consolidate workloads and data into a single data platform, as well as the strength of the Hammerspace platform’s capabilities.

The company also expanded its workforce by 75% in 2024, with the most significant growth concentrated in its go-to-market and customer support teams.

2024 was a breakout year in market and use case expansion. Hammerspace customers now span markets ranging from hyperscalers and supercomputing to government, enterprise, and media and entertainment. A few notable new accounts in 2024 included Meta for Llama large language model training, the National Science Foundation (NSF) and Department of Defense (DoD) for aggregating and analyzing research data, and Mathematic Studio for visual effects design in multiple global sites while completing production in France.
 

Meta’s engineering team said in its ‘Building Meta’s GenAI Infrastructure’ blog, “We have also partnered with Hammerspace to co-develop and land a parallel network file system (NFS) deployment to meet the developer experience requirements for this AI cluster. Among other benefits, Hammerspace enables engineers to perform interactive debugging for jobs using thousands of GPUs as code changes are immediately accessible to all nodes within the environment. When paired together, the combination of our Tectonic distributed storage solution and Hammerspace enable fast iteration velocity without compromising on scale.”

Industry Recognition

Hammerspace’s robust growth, leading technology innovation and market success have gained significant customer and industry-wide recognition, making it the most highly awarded unstructured data platform in 2024. Among its notable achievements in 2024 and recent accolades, the company’s awards and recognitions include:
 

Global and Management Team Expansion
Hammerspace has jump-started 2025 by expanding its global footprint and hiring Jeff Giannetti as Chief Revenue Officer to spearhead international growth. In January 2025, Hammerspace launched operations in Asia, establishing resources in China, South Korea, Japan, Singapore and India. Hammerspace is currently scheduling meetings at the at the upcoming Supercomputing Japan in Tokyo on February 3-4, 2025.

Leave a comment »

« Older Entries
Newer Entries »