API Brief #2: Coinbase API vulnerability bug, Dirty Pipe Privilege Escalation Vulnerability in Linux, Linux has been bitten by its most highseverity vulnerability in years

24/02/2022

Coinbase API vulnerability bug

Great fast read about Coinbase API vulnerability bug. While he investigated the issue, API Mike blogged that Coinbase halted all trading and withdrawals while they investigated the issue. The bug has since been fixed, and the exchange has resumed trading. This bug is just the latest in a long line of cryptocurrency exchange hacks. In the future, as cryptocurrency becomes more mainstream, we can expect more secure exchanges and more secure wallets. But for now, we have to be careful and vigilant about where we store our cryptocurrency. The hacks are a reminder that cryptocurrency is still very new and that safety is very important.
Coinbase API attack
10/03/2022

Dirty Pipe Privilege Escalation Vulnerability in Linux

This week’s must-read article Dirty Pipe Privilege Escalation Vulnerability in Linux CISA is aware of a privilege escalation vulnerability in Linux kernel versions 5.8 and later known as “Dirty Pipe.” A local attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review (CVE-2022-0847) and update to Linux kernel versions 5.16.11, 5.15.25, and 5.10.102 or later. There is a way to fix the problem. You can update to the latest version of the Linux kernel.
08/03/2022

Linux has been bitten by its most highseverity vulnerability in years

Lastly, an interesting read this week Linux has been bitten by its most highseverity vulnerability in years According to Dan Goodin, Linux has yet another high-severity vulnerability that allows untrusted users to execute code easily. The vulnerability first appeared in Linux kernel version 5.8, which was released in August 2020. Other malicious operations made possible by the vulnerability include starting a cron job that acts as a backdoor, adding a new user account to /etc/passwd and /etc/shadow, and changing a script or code used by privileged services or programs. The name “Dirty Pipe” is supposed to both allude to similarities to Dirty Cow and convey information about the new vulnerability’s origins.

APIBrief.com

A weekly dosage of API Security briefs to help you stay up-to-date.

Protect your API with the latest security news, updates, and events. Subscribe to our API newsletter

More briefs: