According to a survey by @radware, on average a successful cyberattack these days costs enterprises $1.1 mln in direct costs and $1.67 mln with indirect (52% higher than a year ago), 37% enterprises reported reputation loss following an attack. https://t.co/ZOYGmOU2kb

According to @NadavAvital from @Imperva threat research team, 264 new API vulnerabilities were reported in 2018 - an increase of 23% from the 214 vulnerabilities reported in 2017. Percentage-wise, this is a smaller increase than the 56% in 2017 from 2016: https://t.co/1q6oc83Dc9

An #OAuth breach in #Fortnite: an old unused subdomain had a misconfigured WAF & SQL injection, and SSO API didn't verify parameters, so @_CPResearch_ could inject an XSS script and steal login tokens from users clicking a link. https://t.co/vTGqEt7JZa

Weekly API Security Newsletter issue #14 is out. Main stories by @noamr / @safetydet, @SkipHovsmith, @dangoodin001 / @arstechnica, @TechJournalist / @eWEEKNews, @bernardh_ / @programmableweb, @PenTestPartners https://t.co/avBNwPCioH

A combination of API vulnerabilities at #Amadeus and #ElAl allowed @noamr from @safetydet to use brute-force enumeration to retrieve airline ticket reservation codes, then extract passenger details, then change reservations. https://t.co/5k1eICswML via @TheHackersNews