API Security Weekly: Issue #21

This week, we look at vulnerable APIs in Kubernetes, real estate services in Australia, and Amazon Ring cameras. We also take a look at upcoming healthcare API standards in the US and changes in attack trends between 2017 and 2018.

Vulnerabilities

Kubernetes continues to have API vulnerabilities (see our earlier issues 9 and 13). This time, it has turned out that PATCH API request payload was not sanitized. Attackers could craft a payload to overload the CPU and perform a denial of service (DoS) attack. To prevent the attack, upgrade Kubernetes to v1.11.8, v1.12.6, or v1.13.4, or remove the PATCH API call permission from untrusted users. https://goo.gl/wEKDUt