Apache

Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks

Jun 6, 2024 by iHash Leave a Comment

Jun 06, 2024NewsroomBotnet / DDoS Attack The distributed denial-of-service (DDoS) botnet known as Muhstik has been observed leveraging a now-patched security flaw impacting Apache RocketMQ to co-opt susceptible servers and expand its scale. "Muhstik is a well-known threat targeting IoT devices and Linux-based servers, notorious for its ability to infect devices and utilize … [Read more...] about Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks

Apache Cordova App Harness Targeted in Dependency Confusion Attack

Apr 23, 2024 by iHash Leave a Comment

Apr 23, 2024NewsroomSupply Chain Attack / Application Security Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness. Dependency confusion attacks take place owing to the fact that package managers check the public repositories before private registries, thus allowing a threat actor to publish a … [Read more...] about Apache Cordova App Harness Targeted in Dependency Confusion Attack

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems

Jan 11, 2024 by iHash Leave a Comment

Jan 11, 2024NewsroomVulnerability / Cyber Attack Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8), a bypass for another severe … [Read more...] about New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems

New Apache Log4j Update Released to Patch Newly Discovered Vulnerability

Dec 29, 2021 by iHash Leave a Comment

The Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems, making it the fifth security shortcoming to be discovered in the tool in the span of a month. Tracked as CVE-2021-44832, the vulnerability is rated 6.6 in severity on a … [Read more...] about New Apache Log4j Update Released to Patch Newly Discovered Vulnerability

Apache Issues 3rd Patch to Fix New High-Severity Log4j Vulnerability

Dec 18, 2021 by iHash Leave a Comment

The issues with Log4j continued to stack up as the Apache Software Foundation (ASF) on Friday rolled out yet another patch — version 2.17.0 — for the widely used logging library that could be exploited by malicious actors to stage a denial-of-service (DoS) attack. Tracked as CVE-2021-45105 (CVSS score: 7.5), the new vulnerability affects all versions of the tool from 2.0-beta9 … [Read more...] about Apache Issues 3rd Patch to Fix New High-Severity Log4j Vulnerability

How to Respond to Apache Log4j using Cisco Secure Analytics

Dec 18, 2021 by iHash Leave a Comment

IT and Security professionals worldwide are working to assess and mitigate their exposure to Apache Log4j vulnerability (CVE-2021-44228). The following guide has been put together for current Secure Network Analytics and Secure Cloud Analytics customers, providing suggested ways to leverage your deployment to assist in your detection and response efforts. To learn more about … [Read more...] about How to Respond to Apache Log4j using Cisco Secure Analytics

Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack

Dec 13, 2021 by iHash Leave a Comment

Threat actors are actively weaponizing unpatched servers affected by the newly identified "Log4Shell" vulnerability in Log4j to install cryptocurrency miners, Cobalt Strike, and recruit the devices into a botnet, even as telemetry signs point to exploitation of the flaw nine days before it even came to light. Netlab, the networking security division of Chinese tech giant Qihoo … [Read more...] about Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack

Log4Shell: critical vulnerability in Apache Log4j

Dec 12, 2021 by iHash Leave a Comment

Various information security news outlets reported on the discovery of critical vulnerability CVE-2021-44228 in the Apache Log4j library (CVSS severity level 10 out of 10). Millions of Java applications use this library to log error messages. To make matters worse, attackers are already actively exploiting this vulnerability. For this reason, the Apache Foundation recommends … [Read more...] about Log4Shell: critical vulnerability in Apache Log4j

New Patch Released for Actively Exploited 0-Day Apache Path Traversal to RCE Attacks

Oct 8, 2021 by iHash Leave a Comment

The Apache Software Foundation on Thursday released additional security updates for its HTTP Server product to remediate what it says is an "incomplete fix" for an actively exploited path traversal and remote code execution flaw that it patched earlier this week. CVE-2021-42013, as the new vulnerability is identified as, builds upon CVE-2021-41773, a flaw that impacted Apache … [Read more...] about New Patch Released for Actively Exploited 0-Day Apache Path Traversal to RCE Attacks

Poorly Configured Apache Airflow Instances Leak Credentials for Popular Services

Oct 7, 2021 by iHash Leave a Comment

Cybersecurity researchers on Monday discovered misconfigurations across older versions of Apache Airflow instances belonging to a number of high-profile companies across various sectors, resulting in the exposure of sensitive credentials for popular platforms and services such as Amazon Web Services (AWS), Binance, Google Cloud Platform (GCP), PayPal, Slack, and Stripe. "These … [Read more...] about Poorly Configured Apache Airflow Instances Leak Credentials for Popular Services

JBL Flip 6 Portable Bluetooth Speaker (Open Box) for $74

Navee V25 300W Foldable e-Scooter for $299

Smart Tracker Includes Key Ring – Works with Apple Find My App (2-Pack) for $34

Harmony Premium Plan Lifetime Subscription for $99

Lenovo 11.6" 100e Chromebook 2nd Gen (2019) MediaTek MT8173C 4GB RAM 16GB eMMC (Refurbished) for $54