disclosure | The Blog Pros

July 26, 2022

API Security Weekly: Issue 171

This week, we have news of multiple API flaws and vulnerabilities: the parcel tracking portal at DPD that may have exposed customer data, an API vulnerability in the Apache Pulsar that allowed access data in different tenants, and an SQL injection vulnerability in Casdoor API. On the more positive side, we take a look at the emerging trends in the API industry.

Vulnerability: DPD Parcel Tracking Flaw May Have Exposed Customer Data

The big news this week was the disclosure of a vulnerability in the parcel tracking portal of DPG Group, which may have exposed customer data.

July 18, 2022

API Security Weekly: Issue 169

This week, we have details of a vulnerability in the popular WordPress plugin, WP HTML Mail, which potentially exposed 20,000 WordPress sites, and a vulnerability in TeslaMate software exposing dozens of Teslas to remote access. On more positive news, we have an introduction to vAPI, an open-source laboratory for learning API security, and an article on how to reduce API attack surfaces.

Vulnerability: WordPress Sites Exposed by Insecure REST API

This week, we have another vulnerability in a WordPress plugin: this time, the popular WP HTML Mail plugin. The vulnerability is tracked as CVE-2022-0218 with a CVSS score of 8.3, and it was discovered by Wordfence researcher Chloe Chamberland. The vulnerability may have impacted up to 20,000 WordPress installations, rendering them vulnerable as a result of the cross-site scripting (XSS) bug courtesy of an unprotected REST API endpoint in the plugin.

Packages for Store Routines in MariaDB 11.4
No categories
MariaDB 11.4 introduced many advanced features. One that grabbed my attention is the general support of packages for stored routines. Although this was previously available by activating the Oracle compatibility mode, now the feature is available gener... […]
Maintain Chat History in Generative AI Apps With Valkey
No categories
A while back I wrote up a blog post on how to use Redis as a chat history component with LangChain. Since LangChain already had Redis chat history available as a component, it was quite convenient to write a client application. But, that's not the same... […]
Knowledge Graph Enlightenment, AI, and RAG
No categories
In the previous edition of the YotG newsletter, the wave of Generative AI hype was probably at its all-time high. Today, while Generative AI is still talked about and trialed, the hype is subsiding. Skepticism is settling in, and for good reason. Repor... […]
Building an Effective Zero Trust Security Strategy for End-To-End Cyber Risk Management
No categories
You've probably heard a lot about zero-trust security lately, and for good reason. As we move more of our applications and data to the cloud, the traditional castle-and-moat approach to security just doesn't cut it anymore. This makes me come... […]
Phased Approach to Data Warehouse Modernization
No categories
A modernized database will help you focus on building innovative solutions rather than investing your time and effort in managing these legacy systems. Based on the scale of your existing data warehouse processes or jobs, it can be an enormous task to ... […]