Tag: apache
-
Apache Cordova App Harness Targeted in Dependency Confusion Attack
Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness.Dependency confusion … First seen on thehackernews.com Jump to article: thehackernews.com/2024/04/apache-cordova-app-harness-targeted-in.html
-
Multiple Apache HTTP Server Vulnerabilities Fixed in Ubuntu
The Ubuntu security team recently addressed several Apache HTTP Server vulnerabilities in Ubuntu 23.10, Ubuntu 23.04, Ubuntu 22.04 LTS, Ubuntu 20.04 L… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/multiple-apache-http-server-vulnerabilities-fixed-in-ubuntu/
-
Dependency confusion vulnerability impacts archived Apache project
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/dependency-confusion-vulnerability-impacts-archived-apache-project
-
Dependency Confusion Vulnerability Found in Apache Project
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/dependency-confusion-flaw-found/
-
Critical Apache HugeGraph Flaw Let Attackers Execute Remote Code
Security researchers have identified a critical vulnerability in Apache HugeGraph, an open-source graph database tool. This flaw, if exploited, could … First seen on gbhackers.com Jump to article: gbhackers.com/critical-apache-hugegraph-flaw/
-
AWS fixes ‘FlowFixation’ vulnerability for account hijacking
A Tenable researcher discovered a session fixation flaw in AWS Managed Workflows for Apache Airflow that, combined with a misconfiguration, could enab… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366574976/AWS-fixes-FlowFixation-vulnerability-for-account-hijacking
-
AWS Patches Critical ‘FlowFixation’ Bug in Airflow Service to Prevent Session Hijacking
Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflo… First seen on thehackernews.com Jump to article: thehackernews.com/2024/03/aws-patches-critical-flowfixation-bug.html
-
Session Takeover Bug in AWS Apache Airflow Reveals Larger Cloud Risk
A bug exposed users of an AWS workflow management service to cookie tossing, but behind the scenes lies an even deeper issue that runs across all of t… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/1-click-takeover-bug-aws-apache-airflow-risk
-
One-Click AWS Vulnerability Let Attackers Takeover User’s Web Management Panel
Tenable Research has identified a critical vulnerability within the AWS Managed Workflows for Apache Airflow (MWAA) service, which they have named >>F… First seen on gbhackers.com Jump to article: gbhackers.com/one-click-aws-vulnerability/
-
AWS fixes 1-click Apache Airflow session hijack flaw
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/aws-fixes-1-click-apache-airflow-session-hijack-flaw
-
Vulnerability Allowed Takeover of AWS Apache Airflow Service
AWS patches vulnerability that could have been used to hijack Managed Workflows Apache Airflow (MWAA) sessions via FlowFixation attack. The post hes … First seen on securityweek.com Jump to article: www.securityweek.com/vulnerability-allowed-one-click-takeover-of-aws-service-accounts/
-
1-Click Takeover Bug in AWS Apache Airflow Reveals Larger Risk
A bug exposed users of an AWS workflow management service to cookie tossing, but behind the scenes lies an even deeper issue that runs across all of t… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/1-click-takeover-bug-aws-apache-airflow-risk
-
Vulnerability Allowed One-Click Takeover of AWS Service Accounts
AWS patches vulnerability that could have been used to hijack Managed Workflows Apache Airflow (MWAA) sessions via FlowFixation attack. The post hes … First seen on securityweek.com Jump to article: www.securityweek.com/vulnerability-allowed-one-click-takeover-of-aws-service-accounts/
-
Cloud-y Linux Malware Rains on Apache, Docker, Redis & Confluence
Spinning YARN cyberattackers wielding a Linux webshell are positioning for broader cloud compromise by exploiting common misconfigurations and a known… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/cloud-y-linux-malware-rains-apache-docker-redis-confluence
-
Linux Malware Targets Docker, Apache Hadoop, Redis and Confluence
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/linux-malware-targets-docker/
-
Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining
Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part … First seen on thehackernews.com Jump to article: thehackernews.com/2024/03/hackers-exploit-misconfigured-yarn.html
-
Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware
Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-target-docker-hadoop-redis-confluence-with-new-golang-malware/
-
Attackers Target Max-Severity Apache ActiveMQ Bug to Drop Ransomware
First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/attackers-target-max-severity-apache-activemq-bug-to-drop-ransomware
-
New DDoS malware Attacking Apache big-data stack, Hadoop, Druid Servers
Concerning a development for organizations leveraging Apache’s big-data solutions, a new variant of the Lucifer DDoS botnet malware targeting Apache H… First seen on gbhackers.com Jump to article: gbhackers.com/ddos-malware-attacking-apache-servers/
-
‘Lucifer’ Botnet Turns Up the Heat on Apache Hadoop Servers
More than 3,000 unique attacks hitting Hadoop and Druid honeypots in just the past month indicate an attacker testing phase, portending fire and brims… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/lucifer-botnet-heat-apache-hadoop-servers
-
VulnRecap 1/29/24 Apple, Apache VMware Under Attack
First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/vulnerability-recap-january-29-2024/
-
Tenable warnt vor Ausnutzung einer Stored XSS-Schwachstelle
Unternehmen sollten Maßnahmen in Bezug auf bereits bereitgestellte Apache-Airflow-Instanzen in ihren AWS- oder GCP-verwalteten Diensten ergreifen, da … First seen on infopoint-security.de Jump to article: www.infopoint-security.de/tenable-warnt-vor-ausnutzung-einer-stored-xss-schwachstelle/a35685/
-
Apache ERP Zero-Day Underscores Dangers of Incomplete Patches
Apache fixed a vulnerability in its OfBiz enterprise resource planning (ERP) framework last month, but attackers and researchers found a way around th… First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/apache-erp-0day-underscores-dangers-of-incomplete-patches
-
Apache Tomcat Multiple Critical Vulnerabilities
Some;critical;vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions … First seen on http: Jump to article: thehackernews.com/2012/12/apache-tomcat-multiple-critical.html
-
DIY mass iFrame injecting Apache module sold online
Tags: apacheFirst seen on http: Jump to article: net-security.org/malware_news.php
-
Apache Server-Status Publicly Viewable on Top Sites
Tags: apacheA va… First seen on http: Jump to article: threatpost.com/en_us/blogs/apple-patches-kernel-passcode-lock-and-webkit-flaws-ios-601-110212
-
Apache Server Status Pages Put Popular Websites At Risk
First seen on http: Jump to article: packetstormsecurity.org/news/view/21690/Apache-Server-Status-Pages-Put-Popular-Websites-At-Risk.html
-
Misconfigured Apache sites expose user passwords, other private data: More than 2,000 websitesâ€â€some operated by …
First seen on http: Jump to article: bit.ly/Vg5RRd
-
Researchers found Apache Server-Status Enabled Security Vulnerability in Popular sites
Researchers found;Apache Server-Status Enabled on some popular site like;php.net , cisco, nba.com, Cloudflare, Metacafe, Ford, yellow.com, and others…. First seen on http: Jump to article: thehackernews.com/2012/10/researchers-found-apache-server-status.html