Tag: apache
-
Python administrator moves to improve software security
by
in SecurityNewsThe administrators of the Python Package Index (PyPI) have begun an effort to improve the hundreds of thousands of software packages that are listed. The attempt, which began earlier last year, is to identify and stop malware-laced packages from proliferating across the open-source community that contributes and consumes Python software. As previously reported, hijacking Python…
-
AWS declares it’s Iceberg all the way until customers say otherwise
by
in SecurityNewsCloud giant explains its thinking behind support for Apache open table format First seen on theregister.com Jump to article: www.theregister.com/2025/01/20/aws_iceberg_support/
-
Apache CXF Vulnerability Triggers DoS Attack
by
in SecurityNewsColm O hEigeartaigh announced a critical vulnerability affecting various versions of Apache CXF, a widely-used framework for building web services. This issue, documented as CVE-2025-23184, poses a significant risk as it can lead to a Denial of Service (DoS) attack due to improper handling of temporary files. The vulnerability has been confirmed in specific versions…
-
The biggest data breach fines, penalties, and settlements so far
by
in SecurityNews
Tags: access, apache, attack, breach, business, china, ciso, communications, compliance, control, credentials, credit-card, cyberattack, cybercrime, cybersecurity, data, data-breach, email, finance, flaw, framework, GDPR, google, hacker, Hardware, identity, Internet, law, leak, linkedin, microsoft, mobile, monitoring, network, office, phone, privacy, regulation, risk, service, software, technology, tool, training, update, vulnerabilitySizable fines assessed for data breaches in recent years suggest that regulators are getting more serious about cracking down on organizations that don’t properly protect consumer data.Hit with a $ 1.3 billion fine for unlawfully transferring personal data from the European Union to the US, Meta tops the list of recent big-ticket sanctions, with one…
-
Azure compromise possible with Apache Airflow vulnerabilities
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/azure-compromise-possible-with-apache-airflow-vulnerabilities
-
Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation
by
in SecurityNewsCybersecurity researchers have uncovered three security weaknesses in Microsoft’s Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment.”Exploiting these flaws could allow attackers to gain persistent access as shadow administrators First seen on thehackernews.com…
-
Critical Apache Vulnerabilities: Update Now to Avoid Major Risks
by
in SecurityNewsThe Cyber Security Agency of Singapore has issued a warning about several critical vulnerabilities found in Apache software products. The Apache Software Foundation has rolled out security patches addressing these vulnerabilities, which could pose risks to users and organizations relying on these tools. Among the affected vulnerabilities are CVE-2024-43441, CVE-2024-45387, and CVE-2024-52046. First seen on…
-
Researchers warn of active exploitation of critical Apache Struts 2 flaw
by
in SecurityNewsExploitation activity was observed about a week after the CVE was disclosed.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/active-exploitation-apache-struts-2-flaw/736199/
-
Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization
by
in SecurityNews
Tags: apache, cve, cvss, flaw, framework, network, rce, remote-code-execution, software, vulnerabilityThe Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions.Tracked as CVE-2024-52046, the vulnerability carries a CVSS score of 10.0. It affects versions 2.0.X, 2.1.X, and 2.2.X.”The ObjectSerializationDecoder in Apache MINA uses Java’s First…
-
Apache fixes Traffic Control bug that attackers could exploit
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/apache-fixes-traffic-control-bug-that-attackers-could-exploit
-
Breach Roundup: Cyberattack Disrupts Japan Airlines
by
in SecurityNewsAlso, US Court Rules NSO Group Violated Hacking Laws With Pegasus Spyware. This week, cyberattack disrupts Japan Airlines, U.S. court rules NSO Group violated hacking laws, the European Space Agency’s web store hacked, FTC orders Marriott to overhaul data security, Sophos patches critical firewall flaws and Apache fixes critical SQL injection in Traffic Control. First…
-
Apache warns of critical flaws in MINA, HugeGraph, Traffic Control
The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apache-warns-of-critical-flaws-in-mina-hugegraph-traffic-control/
-
Apache fixed a critical SQL Injection in Apache Traffic Control
by
in SecurityNewsApache Software Foundation (ASF) addressed a critical SQL Injection vulnerability, tracked as CVE-2024-45387, in Apache Traffic Control. The Apache Software Foundation (ASF) released security updates to address a critical security vulnerability, tracked as CVE-2024-45387 (CVSS score 9.9), in Traffic Control. Traffic Control allows operators to set up a Content Delivery Network to quickly and efficiently deliver content…
-
Apache Auth-Bypass Vulnerability Lets Attackers Gain Control Over HugeGraph-Server
by
in SecurityNewsThe Apache Software Foundation has issued a security alert regarding a critical vulnerability in Apache HugeGraph-Server. The flaw, identified as CVE-2024-43441, could potentially allow authentication bypass due to an issue with assumed-immutable data in JWT tokens. The vulnerability impacts versions 1.0 to 1.3 of Apache HugeGraph-Server, prior to the release of version 1.5.0. Users running…
-
Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS, Patch Now
by
in SecurityNewsThe Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the database.The SQL injection vulnerability, tracked as CVE-2024-45387, is rated 9.9 out of 10.0 on the CVSS scoring system.”An SQL…
-
Apache Foundation fixed a severe Tomcat vulnerability
by
in SecurityNewsThe Apache Software Foundation fixed a Tomcat server software flaw that could lead to remote code execution under certain conditions. The Apache Software Foundation (ASF) addressed an important vulnerability, tracked as CVE-2024-56337, in its Tomcat server software. The researchers warn that exploiting this vulnerability could result in remote code execution under certain conditions. Apache Tomcat…
-
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks
by
in SecurityNews
Tags: apache, attack, cve, flaw, mitigation, rce, remote-code-execution, software, update, vulnerabilityThe Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions.The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigation for CVE-2024-50379 (CVSS score: 9.8), another critical security flaw in the same product…
-
Apache fixes remote code execution bypass in Tomcat web server
by
in SecurityNewsApache has released a security update that addresses an important vulnerability in Tomcat web server that could lead to an attacker achieving remote code execution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apache-fixes-remote-code-execution-bypass-in-tomcat-web-server/
-
Orgs Scramble to Fix Actively Exploited Bug in Apache Struts 2
by
in SecurityNewsA newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn’t enough to fix it. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/actively-exploited-bug-struts-2
-
Breach Roundup: US Seeks Extradition of Alleged LockBit Coder
by
in SecurityNewsAlso: Interpol Says ‘Pig Butchering’ Shames Victims, A Data Leak Scandal in Mexico. This week, U.S. asks Israel to extradite an alleged LockBit coder, don’t say pig butchering, and an Apache Struts flaw. A hunt for alleged data thieves in Mexico, Europe probes TikTok and Netfilix fined 4.75 million. A ransomware attack against Texas medical…
-
CVE-2024-50379: A Critical Race Condition in Apache Tomcat
by
in SecurityNewsAn Apache Tomcat web server vulnerability has been published, exposing the platform to remote code execution through a race condition failure. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/cve-2024-50379-a-critical-race-condition-in-apache-tomcat/
-
Apache Tomcat Conditional Competition Code Execution Vulnerability (CVE-2024-50379)
by
in SecurityNewsOverview Recently, NSFOCUS CERT detected that Apache issued a security announcement, fixing the Apache Tomcat conditional competition code execution vulnerability (CVE-2024-50379). Due to the inconsistency between Windows file system and Tomcat in case-distinguishing processing of paths, when the write function of default servlet is enabled (set readonly=false and allow PUT method), unauthenticated attackers can construct…The…
-
Java-Webframework – Upload-Fehler wird zur kritischen Sicherheitslücke in Apache Struts
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/-apache-struts-update-sicherheitsluecke-cyberangriffe-vermeidung-a-b065b1855e7fa826f76896bc115a878f/
-
Vulnerabilities in Azure Data Factory Open Door to Attacks
by
in SecurityNewsAzure Data Factory’s Apache Airflow Integration Flaw Can Expose Cloud Environments. Security researchers say now-resolved vulnerabilities in a Microsoft Azure integration with the Apache Airflow workflow management platform showcase growing sophistication of attackers. Palo Alto Unit 42 researchers said the flaws could allow hackers to deploy malware and steal data. First seen on govinfosecurity.com Jump…
-
Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677
by
in SecurityNewsResearchers warn that threat actors are attempting to exploit a recently disclosed Apache Struts vulnerability CVE-2024-53677. Researchers warn that threat actors are attempting to exploit the vulnerability CVE-2024-53677 (CVSS score of 9.5) in Apache Struts. A remote attacker could exploit this vulnerability to upload malicious files, potentially leading to arbitrary code execution. >>An attacker can…
-
Exploitation of Recent Critical Apache Struts 2 Flaw Begins
by
in SecurityNewsResearchers warn of malicious attacks exploiting a recently patched critical vulnerability in Apache Struts 2 leading to remote code execution (RCE). The post Exploitation of Recent Critical Apache Struts 2 Flaw Begins appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/exploitation-of-recent-critical-apache-struts-2-flaw-begins/
-
Jetzt patchen! Angreifer nutzen kritische Sicherheitslücke in Apache Struts aus
by
in SecurityNewsDie Uploadfunktion von Apache Struts ist fehlerhaft und Angreifer können Schadcode hochladen. Sicherheitsforscher warnen vor Attacken. First seen on heise.de Jump to article: www.heise.de/news/Jetzt-patchen-Angreifer-nutzen-kritische-Sicherheitsluecke-in-Apache-Struts-aus-10212840.html
-
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected
by
in SecurityNewsThreat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution.The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164,…
-
Critical security hole in Apache Struts under exploit
by
in SecurityNewsYou applied the patch that could stop possible RCE attacks last week, right? First seen on theregister.com Jump to article: www.theregister.com/2024/12/17/critical_rce_apache_struts/