Salt Security discovered a major API vulnerability in a widely used US fintech platform. The identity of the platform is not disclosed. Security researchers gained unauthorised access to potentially steal financial and transactional data.
The SSRF vulnerability was integrated into many of the platform’s systems. As a result, the vulnerability affected all connected US banks’ accounts and transaction data. Naturally, the fintech platform has been notified.
API vulnerabilities are on the rise. In a recent report, 95 percent of companies surveyed dealt with an API security incident in the past 12 months. In the same period, malicious API traffic increased by a staggering 681 per cent.
Banking apps are a favourite
Salt Security notes that modern banking apps are of particular interest to attackers. Many companies invest little in advanced API security. Traditionally, organizations use web application firewalls (WAFs) and API gateways to secure API traffic. That’s a problem. WAFs and gateways are unable to monitor poor configurations, which is where threats can arise.