Tag: apache
-
AWS Patches Critical ‘FlowFixation’ Bug in Airflow Service to Prevent Session Hijacking
Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflo… First seen on thehackernews.com Jump to article: thehackernews.com/2024/03/aws-patches-critical-flowfixation-bug.html
-
Session Takeover Bug in AWS Apache Airflow Reveals Larger Cloud Risk
A bug exposed users of an AWS workflow management service to cookie tossing, but behind the scenes lies an even deeper issue that runs across all of t… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/1-click-takeover-bug-aws-apache-airflow-risk
-
One-Click AWS Vulnerability Let Attackers Takeover User’s Web Management Panel
Tenable Research has identified a critical vulnerability within the AWS Managed Workflows for Apache Airflow (MWAA) service, which they have named >>F… First seen on gbhackers.com Jump to article: gbhackers.com/one-click-aws-vulnerability/
-
AWS fixes 1-click Apache Airflow session hijack flaw
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/aws-fixes-1-click-apache-airflow-session-hijack-flaw
-
Vulnerability Allowed Takeover of AWS Apache Airflow Service
AWS patches vulnerability that could have been used to hijack Managed Workflows Apache Airflow (MWAA) sessions via FlowFixation attack. The post hes … First seen on securityweek.com Jump to article: www.securityweek.com/vulnerability-allowed-one-click-takeover-of-aws-service-accounts/
-
1-Click Takeover Bug in AWS Apache Airflow Reveals Larger Risk
A bug exposed users of an AWS workflow management service to cookie tossing, but behind the scenes lies an even deeper issue that runs across all of t… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/1-click-takeover-bug-aws-apache-airflow-risk
-
Vulnerability Allowed One-Click Takeover of AWS Service Accounts
AWS patches vulnerability that could have been used to hijack Managed Workflows Apache Airflow (MWAA) sessions via FlowFixation attack. The post hes … First seen on securityweek.com Jump to article: www.securityweek.com/vulnerability-allowed-one-click-takeover-of-aws-service-accounts/
-
Cloud-y Linux Malware Rains on Apache, Docker, Redis & Confluence
Spinning YARN cyberattackers wielding a Linux webshell are positioning for broader cloud compromise by exploiting common misconfigurations and a known… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/cloud-y-linux-malware-rains-apache-docker-redis-confluence
-
Linux Malware Targets Docker, Apache Hadoop, Redis and Confluence
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/linux-malware-targets-docker/
-
Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining
Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part … First seen on thehackernews.com Jump to article: thehackernews.com/2024/03/hackers-exploit-misconfigured-yarn.html
-
Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware
Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-target-docker-hadoop-redis-confluence-with-new-golang-malware/
-
Attackers Target Max-Severity Apache ActiveMQ Bug to Drop Ransomware
First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/attackers-target-max-severity-apache-activemq-bug-to-drop-ransomware
-
New DDoS malware Attacking Apache big-data stack, Hadoop, Druid Servers
Concerning a development for organizations leveraging Apache’s big-data solutions, a new variant of the Lucifer DDoS botnet malware targeting Apache H… First seen on gbhackers.com Jump to article: gbhackers.com/ddos-malware-attacking-apache-servers/
-
‘Lucifer’ Botnet Turns Up the Heat on Apache Hadoop Servers
More than 3,000 unique attacks hitting Hadoop and Druid honeypots in just the past month indicate an attacker testing phase, portending fire and brims… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/lucifer-botnet-heat-apache-hadoop-servers
-
VulnRecap 1/29/24 Apple, Apache VMware Under Attack
First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/vulnerability-recap-january-29-2024/
-
Tenable warnt vor Ausnutzung einer Stored XSS-Schwachstelle
Unternehmen sollten Maßnahmen in Bezug auf bereits bereitgestellte Apache-Airflow-Instanzen in ihren AWS- oder GCP-verwalteten Diensten ergreifen, da … First seen on infopoint-security.de Jump to article: www.infopoint-security.de/tenable-warnt-vor-ausnutzung-einer-stored-xss-schwachstelle/a35685/
-
Apache ERP Zero-Day Underscores Dangers of Incomplete Patches
Apache fixed a vulnerability in its OfBiz enterprise resource planning (ERP) framework last month, but attackers and researchers found a way around th… First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/apache-erp-0day-underscores-dangers-of-incomplete-patches
-
Apache Tomcat Multiple Critical Vulnerabilities
Some;critical;vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions … First seen on http: Jump to article: thehackernews.com/2012/12/apache-tomcat-multiple-critical.html
-
DIY mass iFrame injecting Apache module sold online
Tags: apacheFirst seen on http: Jump to article: net-security.org/malware_news.php
-
Apache Server-Status Publicly Viewable on Top Sites
Tags: apacheA va… First seen on http: Jump to article: threatpost.com/en_us/blogs/apple-patches-kernel-passcode-lock-and-webkit-flaws-ios-601-110212
-
Apache Server Status Pages Put Popular Websites At Risk
First seen on http: Jump to article: packetstormsecurity.org/news/view/21690/Apache-Server-Status-Pages-Put-Popular-Websites-At-Risk.html
-
Misconfigured Apache sites expose user passwords, other private data: More than 2,000 websitesâ€â€some operated by …
First seen on http: Jump to article: bit.ly/Vg5RRd
-
Researchers found Apache Server-Status Enabled Security Vulnerability in Popular sites
Researchers found;Apache Server-Status Enabled on some popular site like;php.net , cisco, nba.com, Cloudflare, Metacafe, Ford, yellow.com, and others…. First seen on http: Jump to article: thehackernews.com/2012/10/researchers-found-apache-server-status.html
-
[Video] Load Balancing Apache Server
Tags: apacheIn this video you will learn how to setup Load Balancing on Apache server. In this video he is explaining how this Load Balancing works on two apache … First seen on http: Jump to article: feedproxy.google.com/~r/SecurityTube/~3/l3hDoKJ7nVw/5990
-
[Video] keimpx — New Open Source SMB Credential Scanner in Backtrack 5 R3
keimpx is an open source tool, released under a modified version of Apache License 1.1. It can be used to quickly check for the usefulness of credenti… First seen on http: Jump to article: feedproxy.google.com/~r/SecurityTube/~3/iajgGbNVfXQ/5933
-
[Video] FIMAP Tool – local and remote file inclusion with BackBox Linux
LFI ATTACK WITH FIMAP, target DVWA, arm BACKBOX LINUX.First you need to install DVWA*, then run Apache server (comes with BackBox Linux), then read ho… First seen on http: Jump to article: feedproxy.google.com/~r/SecurityTube/~3/FjZmFVhhBlc/5760
-
[Video] Blackhat 2010 – mod_antimalware: a novel apache module for containing web-based malware
mod_antimalware: a novel apache module for containing web-based malware infectionsDrive-by downloads planted on legitimate sites (e.g., via structural… First seen on http: Jump to article: feedproxy.google.com/~r/SecurityTube/~3/l9P3Ei930WQ/5356