Found 17 bookmarks
Custom sorting
Deloitte Says No Threat to Sensitive Data After Hacker Claims Server Breach
Deloitte Says No Threat to Sensitive Data After Hacker Claims Server Breach
A notorious hacker has announced the theft of data from an improperly protected server allegedly belonging to Deloitte. The hacker known as IntelBroker announced late last week on the BreachForums cybercrime forum the availability of “internal communications” obtained from Deloitte, specifically an internet-exposed Apache Solr server that was accessible with default credentials.
#securityweek#EN#2024#Deloitte#IntelBroker#data-breach#exposed#Apache#Solr
·securityweek.com·
Deloitte Says No Threat to Sensitive Data After Hacker Claims Server Breach
Improving Apache httpd Protections Proactively with Orange Tsai of DEVCORE
Improving Apache httpd Protections Proactively with Orange Tsai of DEVCORE
  • In collaboration with renowned security researcher Orange Tsai and DEVCORE, Akamai researchers have issued early-release remediations to Apache CVEs for our Akamai App & API Protector customers. Tsai presented his research at Black Hat USA 2024 and outlined the details for many Apache HTTP Server (httpd) vulnerabilities that were recently patched. Before his Black Hat presentation, the Akamai Security Intelligence Group (SIG) proactively contacted Tsai to facilitate the sharing of technique details for proactive defense for our customers. * App & API Protector customers who are in automatic mode have existing and updated protections.
#akamai#OrangeTsai#EN#2024#DEVCORE#vulnerabilities#Apache#httpd#CVE-2024-38475#CVE-2024-38472#CVE-2024-39573#CVE-2024-38477
·akamai.com·
Improving Apache httpd Protections Proactively with Orange Tsai of DEVCORE
7 December 2023 - Apache Struts version 6.3.0.2 General Availability
7 December 2023 - Apache Struts version 6.3.0.2 General Availability
7 December 2023 - Apache Struts version 6.3.0.2 General Availability The Apache Struts group is pleased to announce that Apache Struts version 6.3.0.2 is available as a “General Availability” release. The GA designation is our highest quality grade. The Apache Struts is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework has been designed to streamline the full development cycle, from building, to deploying, to maintaining applications over time. This version addresses a potential security vulnerability identified as CVE-2023-50164 and described in S2-066 - please read the mentioned security bulletins for more details. This is a drop-in replacement and upgrade should be straightforward.
#apache.org#EN#2023#CVE-2023-50164#Apache#Struts#annonce#Vulnerability
·struts.apache.org·
7 December 2023 - Apache Struts version 6.3.0.2 General Availability
Cyber experts and officials raise alarms about exploits against Citrix and Apache productsoited vulnerability (KEV) list.
Cyber experts and officials raise alarms about exploits against Citrix and Apache productsoited vulnerability (KEV) list.
Several new vulnerabilities with critical severity scores are causing alarm among experts and cyber officials. Zero-day bugs affecting products from Citrix and Apache have recently been added to the Cybersecurity and Infrastructure Security Agency’s (CISA) known exploited vulnerability (KEV) list. Incident responders at the cybersecurity company Rapid7 warned of hackers connected to the HelloKitty ransomware exploiting a vulnerability affecting Apache ActiveMQ, classified as CVE-2023-46604. Apache ActiveMQ is a Java-language open source message broker that facilitates communication between servers.
#therecord#EN#2023#CVE-2023-46604#Apache#ActiveMQ#Citrix
·therecord.media·
Cyber experts and officials raise alarms about exploits against Citrix and Apache productsoited vulnerability (KEV) list.
CVE-2022-45047: Apache MINA SSHD unsafe deserialization vulnerability
CVE-2022-45047: Apache MINA SSHD unsafe deserialization vulnerability
Recently, Apache MINA fixed an unsafe deserialization vulnerability. The bug exists in the class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider, an attacker could exploit this vulnerability to deserialize and thus achieve remote code execution. Track as CVE-2022-45047, the flaw severity is important.
#securityonline#EN#2022#CVE-2022-4504#Apache#MINA#SSHD#unsafe#deserialization
·securityonline.info·
CVE-2022-45047: Apache MINA SSHD unsafe deserialization vulnerability
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software
Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution on affected installations. "This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra," Omer Kaspi, security researcher at DevOps firm JFrog, said in a technical write-up published Tuesday.
#thehackernews#EN#2022#bug#Apache#Cassandra#CVE-2021-44521
·thehackernews.com·
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software
CVE-2022-45047: Apache MINA SSHD unsafe deserialization vulnerability
CVE-2022-45047: Apache MINA SSHD unsafe deserialization vulnerability
Recently, Apache MINA fixed an unsafe deserialization vulnerability. The bug exists in the class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider, an attacker could exploit this vulnerability to deserialize and thus achieve remote code execution. Track as CVE-2022-45047, the flaw severity is important.
#securityonline#EN#2022#CVE-2022-4504#Apache#MINA#SSHD#unsafe#deserialization
·securityonline.info·
CVE-2022-45047: Apache MINA SSHD unsafe deserialization vulnerability
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software
Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution on affected installations. "This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra," Omer Kaspi, security researcher at DevOps firm JFrog, said in a technical write-up published Tuesday.
#thehackernews#EN#2022#bug#Apache#Cassandra#CVE-2021-44521
·thehackernews.com·
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software
Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution on affected installations. "This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra," Omer Kaspi, security researcher at DevOps firm JFrog, said in a technical write-up published Tuesday.
#thehackernews#EN#2022#bug#Apache#Cassandra#CVE-2021-44521
·thehackernews.com·
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software