Monthly Archives: August 2022

News

Traceable AI debuts API testing product for its security platform

Read Time:42 Second

Traceable AI today announced the general availability of xAST, an API security testing solution, as part of its API Security Platform. The new feature set, after extensive beta testing with some of the company’s larger customers, is available for immediate use, and builds on the Traceable’s existing visibility and risk analysis features.

The idea is to reduce the impact of potential API vulnerabilities early in the software development process, by making it easy to actively test an API that has made it through development but before it goes into production. Traceable uses an “in-app” approach to API testing, which means it’s observing the behavior of software while it’s actually running, as opposed the “contract” model, which merely analyzes which behaviors an API should exhibit.

To read this article in full, please click here

Read More

Advisories

WordPress 6.0.2 Security and Maintenance Release

Read Time:1 Minute, 44 Second

WordPress 6.0.2 is now available!

This security and maintenance release features 12 bug fixes on Core, 5 bug fixes for the Block Editor, and 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.

WordPress 6.0.2 is a short-cycle release. You can review a summary of the main updates in this release by reading the RC1 announcement.

The next major release will be version 6.1 planned for November 1, 2022.

If you have sites that support automatic background updates, the update process will begin automatically.

You can download WordPress 6.0.2 from WordPress.org, or visit your WordPress Dashboard, click “Updates”, and then click “Update Now”.

For more information on this release, please visit the HelpHub site.

Security updates included in this release

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:

Fariskhi Vidyan for finding a possible SQL injection within the Link API.

Khalilov Moe for finding an XSS vulnerability on the Plugins screen.

John Blackbourn of the WordPress security team, for finding an output escaping issue within the_meta().

Thank you to these WordPress contributors

The WordPress 6.0.2 release was led by @sergeybiryukov and @gziolo.

WordPress 6.0.2 would not have been possible without the contributions of more than 50 people. Their asynchronous coordination to deliver several enhancements and fixes into a stable release is a testament to the power and capability of the WordPress community.

Alex ConchaAndrei DraganescuannezazuAnton VlasenkoAri StathopoulosBen DwyerCarolina NymarkColin StewartDarren CouttsDilip BhedaDion HulseeMKeyFabian KägyGeorge MamadashviliGreg ZiółkowskihuublironprogrammerJb AudrasJohn BlackbournJonathan DesrosiersjonmackintoshJonny Harris, Kelly Choyce-DwanLena MoritaLinkon MiyanLovro HrustmarybaumNick DiegoNik Tsekouras, Olga GlecklerPascal BirchlerpaulkevanPeter WilsonSergey BiryukovStephen BernhardtTeddy PatriarcaTimothy JacobstommusrhodusTomoki Shimomura, Tonya Morkwebcommsat AbhaNonStopNewsUK, and zieladam.

Read More

Advisories

CVE-2021-29864

Read Time:25 Second

IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 206089

Read More