Tag Archive for: salt

Salt Security uncovers security flaws within ChatGPT extensions that allowed access to third-party websites and sensitive data

/in


PALO ALTO, Calif.March 13, 2024 /PRNewswire/ — Salt Security, the leading API security company, today released new threat research from Salt Labs highlighting critical security flaws within ChatGPT plugins, highlighting a new risk for enterprises. Plugins provide AI chatbots like ChatGPT access and permissions to perform tasks on behalf of users within third-party websites. For example, committing code to GitHub repositories or retrieving data from an organization’s Google Drives. These security flaws introduce a new attack vector and could enable bad actors to:

  • Gain control of an organization’s account on third-party websites
  • Allow access to Personal Identifiable Information (PII) and other sensitive user data stored within third-party applications

ChatGPT plugins extend the model’s abilities, allowing the chatbot to interact with external services. The integration of these third-party plugins significantly enhances ChatGPT’s applicability across various domains, from software development and data management to educational and business environments. When organizations leverage such plugins, it subsequently gives ChatGPT permission to send an organization’s sensitive data to a third-party website and allow access to private external accounts. Notably, in November 2023, ChatGPT introduced a new feature, GPTs, a similar concept to plugins. GPTs are custom versions of ChatGPT that any developer can publish, and contain an option called “Action” which connects it with the outside world. GPTs pose similar security risks as plugins.

The Salt Labs team uncovered three different types of vulnerabilities within ChatGPT plugins.

The first of which was noted within ChatGPT itself when users install new plugins. During this process, ChatGPT redirects a user to the plugin website to receive a code to be approved by that individual. When ChatGPT receives the approved code from a user, it automatically installs the plugin and can interact with that plugin on behalf of the user. Salt Labs researchers discovered that an attacker could exploit this function, to deliver users instead a code approval with a new malicious plugin, enabling an attacker to install their credentials on a…

Source…

Softcell partners with Salt Security, the leader in API security solutions

/in


Softcell Technologies Global Private Limited, a leading System Integrator in India, has established a strategic partnership with Salt Security to offer API security solutions to its enterprise customers.

As the digital landscape continues to expand, the importance of safeguarding Application Programmable Interfaces (APIs) has become paramount. According to a recent white paper published by the Indian Computer Emergency Response Team (CERT-In) along with Mastercard and Computer Security Incident Response Team – Financial Sector (CSIRT-Fin), there has been a 62% increase in the number of API attacks on the Indian financial sector as on June 2023, compared to June 2022. The report ‘API Security: Threats, Best Practices, Challenges, and Way forward using AI’ states that ”with this rise of digitization and API usage in the financial sector along with the availability of sensitive customer information, the financial sector is also becoming a preferred target for API attacks.” Recognizing this need to protect against API attacks, Softcell has joined forces with Salt Security, winner of the 2023 CISO Choice Awards, in the API Security category. The awards are judged by a panel of distinguished CISOs across the world.

”Softcell is proud to partner with Salt Security in delivering robust API security solutions to our clients in India,” stated Sunil Dalal, Managing Director at Softcell. ”This recognition further solidifies our joint efforts in addressing the critical need for advanced security measures within the API sphere.” ”Modern applications run on APIs. However, as they are highly complex and still relatively new, many companies do not have robust mechanisms in place to secure them,” said Nico Wagemans, VP EMEA, Salt Security. ”As they often boast access to an organization’s most sacred assets and data, attackers are increasing their exploits against APIs at an exponential rate. As the first entrant into the API security market, we have developed a solution enriched with mature algorithms and AI to provide organizations with unmatched visibility into their API ecosystem. We are honoured to receive this prestigious recognition by industry CISOs who acknowledge the breadth…

Source…

US Department of Labor finds Salt Lake City restaurant supply company illegally employed 22 minor-aged workers beyond hours allowed

/in


SALT LAKE CITY – A federal investigation has found a Salt Lake City restaurant supply company allowed 22 employees – ages 14 and 15 – to work as many as 46 hours per workweek, and to begin work after midnight – both illegal practices under child labor laws. 

Investigators with the U.S. Department of Labor’s Wage and Hour Division found Specialty Consulting Services LLC – operating as Standard Restaurant Supply – violated child labor work hours standards of the Fair Labor Standards Act. The employer also failed to keep accurate time records including the date of birth for one minor-aged employee, in violation of the FLSA’s recordkeeping  provision.

The division assessed $16,595 in penalties to resolve the child labor violations.

The investigation follows a March 2022 announcement by the division’s Southwest Region reminding Salt Lake City-area employers of the importance of complying with federal child labor laws, and its stepped up enforcement efforts. 

Minors as young as 14- and 15-years-old not only worked beyond permitted hours, but more than half of them were employed in violation of the Fair Labor Standards Act by being allowed to work long shifts often exceeding eight hours,” explained Wage and Hour Division District Director Kevin Hunt in Salt Lake City. “Our investigators continue to see an increase in child labor violations in several industries. We will take vigorous action whenever we discover young workers’ safety and well-being are being jeopardized by employers who fail to follow the law.”

Federal labor law prohibits the employment of workers under the age of 14 in non-agricultural settings. 14- and 15-year-olds must work outside of the hours of school and cannot work:

  • More than 3 hours on a school day, including Friday.
  • More than 18 hours per week when school is in session.
  • More than 8 hours per day when school is not in session.
  • More than 40 hours per week when school is not in session.
  • Before 7 a.m. or after 7 p.m. on any day, except from June 1 through Labor Day, when nighttime work hours are extended to 9 p.m.

“We urge employers in the region to gain a full understanding of child labor regulations and ensure…

Source…

Salt Security – the API Security Disruptor and Globee Gold Winner

/in


For the second year in a row, Salt Security has snagged the Globee® gold award in the Disruptor Company Awards. Judges from around the world, representing a wide spectrum of industry experts, participated in the judging process, and Salt Security earned this honor in the category of Cyber Security Software.

Given that Salt created the entire API security category, I love this industry recognition of our disruptor status. We clearly live out the definition –  a company creating a new market and, in the process, shaking up the status quo. Globee describes its criteria for the award as follows:

Cybersecurity Live - Boston

“Disruptors are highly persistent, mostly beginning from scratch without the constraints of traditionally accepted processes or business models. They use technology and modern tools to achieve end results. Disruptors do things differently and are not hindered by existing ways or industry stalwarts. They are ready to take on an enormous challenge and find solutions for the biggest pain points customers experience.”

We take so much pride in this label! Our CEO, Roey Eliyahu, always talks about the early days, “when we were the crazies out there, the only ones talking about the risks that APIs present and how vulnerable companies were on this front.” In Roey’s years in one of the most elite cybersecurity units of the Israel Defense Forces (IDF), when his charter was offensive and defensive hacking of the government’s military and civilian systems, he found APIs the easiest way to break in.

He also realized that as common as APIs already were, companies’ use of them would only grow. Mobile development, digital transformation, cloud migration, app modernization – they’re all driven by APIs. We’re using more APIs than ever, and they’re more capable than ever – raising the stakes for protecting them.  

Our digital lives run on APIs. By understanding the importance of APIs in today’s digital world – and by pinpointing the security weaknesses early on – Salt Security created this critical market of API security. We were first to market with our API Protection Platform – many have followed in our footsteps, but Salt remains the only company delivering the…

Source…