Jun 06, 2024NewsroomBotnet / DDoS Attack The distributed denial-of-service (DDoS) botnet known as Muhstik has been observed leveraging a now-patched security flaw impacting Apache RocketMQ to co-opt susceptible servers and expand its scale. "Muhstik is a well-known threat targeting IoT devices and Linux-based servers, notorious for its ability to infect devices and utilize … [Read more...] about Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks
Apache
Apache Cordova App Harness Targeted in Dependency Confusion Attack
Apr 23, 2024NewsroomSupply Chain Attack / Application Security Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness. Dependency confusion attacks take place owing to the fact that package managers check the public repositories before private registries, thus allowing a threat actor to publish a … [Read more...] about Apache Cordova App Harness Targeted in Dependency Confusion Attack
New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems
Jan 11, 2024NewsroomVulnerability / Cyber Attack Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8), a bypass for another severe … [Read more...] about New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems
New Apache Log4j Update Released to Patch Newly Discovered Vulnerability
The Apache Software Foundation (ASF) on Tuesday rolled out fresh patches to contain an arbitrary code execution flaw in Log4j that could be abused by threat actors to run malicious code on affected systems, making it the fifth security shortcoming to be discovered in the tool in the span of a month. Tracked as CVE-2021-44832, the vulnerability is rated 6.6 in severity on a … [Read more...] about New Apache Log4j Update Released to Patch Newly Discovered Vulnerability
Apache Issues 3rd Patch to Fix New High-Severity Log4j Vulnerability
The issues with Log4j continued to stack up as the Apache Software Foundation (ASF) on Friday rolled out yet another patch — version 2.17.0 — for the widely used logging library that could be exploited by malicious actors to stage a denial-of-service (DoS) attack. Tracked as CVE-2021-45105 (CVSS score: 7.5), the new vulnerability affects all versions of the tool from 2.0-beta9 … [Read more...] about Apache Issues 3rd Patch to Fix New High-Severity Log4j Vulnerability
How to Respond to Apache Log4j using Cisco Secure Analytics
IT and Security professionals worldwide are working to assess and mitigate their exposure to Apache Log4j vulnerability (CVE-2021-44228). The following guide has been put together for current Secure Network Analytics and Secure Cloud Analytics customers, providing suggested ways to leverage your deployment to assist in your detection and response efforts. To learn more about … [Read more...] about How to Respond to Apache Log4j using Cisco Secure Analytics
Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack
Threat actors are actively weaponizing unpatched servers affected by the newly identified "Log4Shell" vulnerability in Log4j to install cryptocurrency miners, Cobalt Strike, and recruit the devices into a botnet, even as telemetry signs point to exploitation of the flaw nine days before it even came to light. Netlab, the networking security division of Chinese tech giant Qihoo … [Read more...] about Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack
Log4Shell: critical vulnerability in Apache Log4j
Various information security news outlets reported on the discovery of critical vulnerability CVE-2021-44228 in the Apache Log4j library (CVSS severity level 10 out of 10). Millions of Java applications use this library to log error messages. To make matters worse, attackers are already actively exploiting this vulnerability. For this reason, the Apache Foundation recommends … [Read more...] about Log4Shell: critical vulnerability in Apache Log4j
New Patch Released for Actively Exploited 0-Day Apache Path Traversal to RCE Attacks
The Apache Software Foundation on Thursday released additional security updates for its HTTP Server product to remediate what it says is an "incomplete fix" for an actively exploited path traversal and remote code execution flaw that it patched earlier this week. CVE-2021-42013, as the new vulnerability is identified as, builds upon CVE-2021-41773, a flaw that impacted Apache … [Read more...] about New Patch Released for Actively Exploited 0-Day Apache Path Traversal to RCE Attacks
Poorly Configured Apache Airflow Instances Leak Credentials for Popular Services
Cybersecurity researchers on Monday discovered misconfigurations across older versions of Apache Airflow instances belonging to a number of high-profile companies across various sectors, resulting in the exposure of sensitive credentials for popular platforms and services such as Amazon Web Services (AWS), Binance, Google Cloud Platform (GCP), PayPal, Slack, and Stripe. "These … [Read more...] about Poorly Configured Apache Airflow Instances Leak Credentials for Popular Services