WordPress 5.8.1 Security and Maintenance Release

WordPress 5.8.1 was released earlier this evening.

This security and maintenance release features 60 bug fixes in addition to 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 5.4 have also been updated.

WordPress 5.8.1 is a short-cycle security and maintenance release. The next major release will be version 5.9.

3 security issues affect WordPress versions between 5.4 and 5.8. If you haven’t yet updated to 5.8, all WordPress versions since 5.4 have also been updated to fix the security issues.

Full details at https://wordpress.org/news/2021/09/wordpress-5-8-1-security-and-maintenance-release/

Apple Delays Plans to Scan Devices for Child Abuse Images After Privacy Backlash

Apple is temporarily hitting the pause button on its controversial plans to screen users’ devices for child sexual abuse material (CSAM) after receiving sustained blowback over worries that the tool could be weaponized for mass surveillance and erode the privacy of users.

“Based on feedback from customers, advocacy groups, researchers, and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features,” the iPhone maker said in a statement on its website.

The announcement, however, doesn’t make it clear as to the kind of inputs it would be gathering, the nature of changes it aims to devise, or how it intends to implement the system in a way that mitigates the privacy and security concerns that could arise once it’s deployed.

The changes were originally slated to go live with iOS 15 and macOS Monterey later this year, starting with the U.S.

Full article: https://thehackernews.com/2021/09/apple-delays-plans-to-scan-devices-for.html

Over 1 Million Sites Affected by Gutenberg Template Library & Redux Framework Vulnerabilities

Two vulnerabilities were discovered in the Gutenberg Template Library & Redux Framework plugin, which is installed on over 1 million WordPress sites. One vulnerability allowed users with lower permissions, such as contributors, to install and activate arbitrary plugins and delete any post or page via the REST API. A second vulnerability allowed unauthenticated attackers to access potentially sensitive information about a site’s configuration.

A patched version of the plugin, 4.2.13, was released on August 11, 2021.

Source: https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities

US govt warns orgs to patch massively exploited Confluence bug

US Cyber Command (USCYBERCOM) has issued a rare alert today urging US organizations to patch a massively exploited Atlassian Confluence critical vulnerability immediately.

“Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate,” said Cyber National Mission Force (CNMF). 

The USCYBERCOM unit also stressed the importance of patching vulnerable Confluence servers as soon as possible: “Please patch immediately if you haven’t already— this cannot wait until after the weekend.”

This warning comes after Deputy National Security Advisor Anne Neuberger encouraged organizations “to be on guard for malicious cyberactivity in advance of the holiday weekend” during a Thursday White House press briefing.

It’s the second alert of this kind in the last 12 months, the previous one (from June) notifying that CISA was aware that threat actors might attempt to exploit a remote code execution vulnerability affecting all vCenter Server installs.

CISA also urged users and admins today to immediately apply the Confluence security updates recently issued by Atlassian.

Original article: https://www.bleepingcomputer.com/news/security/us-govt-warns-orgs-to-patch-massively-exploited-confluence-bug/amp/