Clik here to view.
Kasa Camera Vulnerability Discovery: Responsible Disclosures Feel Like...
When APIs Say Too Much As a Midwesterner and hobby farmer I spend a lot of time solving problems. A few months ago I encountered a problem where a live 2-month-old cucumber plant just suddenly had no...
View ArticleClik here to view.
Tales from the Front Lines: How Third-Party APIs Simplify Enumeration Attacks
As a mechanism to offload PCI risks, many retailers are now using third-party credit card processing for their online transactions. The retailer’s benefit is they are no longer handling the credit card...
View ArticleTales from the Front Lines: Large Retailer Achieves Near Immediate Time-to-Value
One of our newest customers is a large, community-based retailer that had a mobile application and API account takeover problem. Roughly 12 months ago, they selected a JavaScript and SDK-based bot...
View ArticleTales from the Front Lines: Retailer Prepares for Holiday Bot Battle in a...
Following on the retail win posted previously, this week’s win is a clothing and home décor retailer that had an account takeover/credential validation challenge that their incumbent solution was...
View ArticleClik here to view.
Bot-as-a-Service: The Consumerization of Botting
We are fast approaching the end of 2020. A year that was different in many ways due to the COVID-19 pandemic, and the impacts on retail were no exception. There has been widespread coverage of retail...
View ArticleTechnology & Collaboration: The Winning Formula to Defeat Shopping Bots
As an innovator, software is always the first thing I think about when addressing a problem. But, in a recent blog about shopping bots and the holiday season, Sandy Carielli at Forrester reminded me...
View ArticleTales From the Front Lines: Retail Customer Stops $200k Gift Card Fraud Scheme
Our standard customer engagement process is to deploy API Spartan into a customer environment to prove our value. We are often deployed alongside an existing general-purpose bot mitigation solution,...
View ArticleClik here to view.
Reality Check: Automated Shopping Bots are a Business Problem
Last week, I had the pleasure of participating in a webinar on automated shopping bots with Sandy Carielli, Security and Risk Analyst at Forrester Research. The webinar highlighted two things for me:...
View ArticleSolving the #1 API Security Challenge Enterprises Face – API Visibility
Research shows that the number one challenge most organizations have is that they do not know how many APIs they have – and that they cannot protect what they cannot see. API Sentinel helps them...
View ArticleClik here to view.
How This Cool Sneakerhead Mom Beat the Bots
If you grew up in the 80s like I did, you probably remember watching Michael Jordan dominate the basketball court for the Chicago Bulls. I spent many evenings with my family watching him fly high...
View ArticleAPI Security Need to Know: Lessons Learned From the Peloton Security Incident
By now most have heard about the Peloton data breach incident and no doubt the security team at Peloton is working long, hard hours to pull themselves out of this horrible situation. The damage is done...
View ArticleTales From the Front Lines: New Applications Protected in Just 33 Minutes
In this week’s blog, we will talk about two recent customer scenarios where the value of our no JavaScript or SDK approach became evident in minutes: when customers needed to prevent an attack on a new...
View ArticleAnatomy of a Retail Shopping Bot
Whether they are participating in it or competing against it, retailers worldwide are preparing for Amazon Prime Day. No doubt threat actors are doing the same, choosing their targets, assembling the...
View ArticleClik here to view.
Enabling Retail Deals and Repelling the “Steals”
Retailers, shoppers and threat actors alike are preparing for the big day: Amazon Prime Day, when there are retail sales opportunities to be had as retailers run their own sale event to compete with,...
View ArticleClik here to view.
Threat Advisory: Recent High Volume Bot Traffic from IPVanish VPN Against...
TL;DR A spike in malicious bot traffic with similar characteristics across more than 20 customers emanating from the same VPN vendor and its affiliated companies. Between July 21st and August 4th,...
View ArticleClik here to view.
Ulta Beauty Reduces Costs by Blocking API-based Enumeration Attacks
Executive Summary Cequence Security assisted the Ulta Beauty CTI team to mitigate a persistent, high volume inventory API scraping attack. While the goal of the attack was uncertain, potential...
View ArticleClik here to view.
Credential Stuffing Attack Prevention Saves $1.6M
In another example of pandemic influenced actions, the largest Canadian pizza chain was targeted by a credential stuffing attack that was successfully mitigated resulting in a $1.6M savings. Most...
View ArticlePoshmark Prevents Automated Attacks and Streamlines Online Experience
In today’s blog we are going to review how Poshmark enabled API security using the Cequence Unified API Protection (UAP) solution to block automated account takeover (ATO) attacks that were...
View ArticlePrep the Halls: Readying Your Retail Environment for the Holiday Rush
Long before the clock ticks past midnight into the morning hours of Black Friday, excited shoppers are eagerly preparing to hit the pavement and the websites of their favorite retailers. Using...
View ArticleClik here to view.
Cequence 2023 Holiday Season API Security Threat Report – Retail Fraud Up...
Retail cybercriminals have graduated from relatively quick, unsophisticated smash and grab-style attacks to playing the long game, spreading attacks out over the course of the year in preparation for a...
View Article