API Brief #3: Millions of WordPress sites get forced update to patch critical plugin flaw, Most QNAP NAS Devices Affected by Dirty Pipe Linux Flaw, OWASP Foundation and AppSec Phoenix Announce Member Benefit

First we have an interesting read about Millions of WordPress sites have received a forced update over the past day to fix a critical vulnerability in a plugin called UpdraftPlus. Next we have an article on The “Dirty Pipe” Linux kernel flaw which is a high-severity vulnerability. It grants root access to unprivileged users who have local access. QNAP said that as of yesterday, there was no mitigation available. Lastly OWASP Foundation and AppSec Phoenix Announce Member Benefit
18/02/2022

Millions of WordPress sites get forced update to patch critical plugin flaw

An interesting read this week Millions of WordPress sites get forced update to patch critical plugin flaw Dan Goodin wrote about Millions of WordPress sites have received a forced update over the past day to fix a critical vulnerability in a plugin called UpdraftPlus. The plugin allows untrusted subscribers, customers, and others to download the site’s private database as long as they have an account on the vulnerable site. Databases frequently include sensitive information about customers or security settings, leaving millions of sites susceptible to serious data breaches that spill passwords, user names, IP addresses, and more. A researcher at website security firm Jetpack said he found the vulnerability during a security audit of the plugin.
Mmillions of wordpress sites get forced update to patch critical plugin flaw
15/03/2022

Most QNAP NAS Devices Affected by Dirty Pipe Linux Flaw

In an article on Most QNAP NAS Devices Affected by Dirty Pipe Linux Flaw Lisa Vaas wrote about The “Dirty Pipe” Linux kernel flaw is a high-severity vulnerability in all major distros that grants root access to unprivileged users who have local access. QNAP said that as of yesterday, there was no mitigation available for the vulnerability. The company pointed users to a full list of the affected models: It said in its advisory to check “Kernel Version 5.10.60” on this link. Since Android is based on the Linux kernel, any device running version 5.8 or later is also vulnerable.
15/02/2022

OWASP Foundation and AppSec Phoenix Announce Member Benefit

Finally, OWASP Foundation and AppSec Phoenix have announced Member Benefits. Lisa Jones writes about OWASP that is extremely excited to announce the first NEW member benefit for 2022 . AppSec Phoenix will make the Community Edition and scanners of their application security posture platform free for all OWASP Members! See the joint Press Release for details or watch the YouTube Video Announcement. It is the first new member benefit to be made free for the first time in 2022.

APIBrief.com

A weekly dosage of API Security briefs to help you stay up-to-date.

Protect your API with the latest security news, updates, and events. Subscribe to our API newsletter

More briefs: