Collecting Cyber-News from over 60 sources

Tag: apache

Top 5 CVEs and Vulnerabilities of May 2024

Jun 3, 2024 8:04 PM

Tags: apache, cve, gitlab, software, vulnerability

May brought a fresh batch of security headaches. This month, we’re focusing on critical vulnerabilities in widely used software like Apache, Gitlab, a… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/06/top-5-cves-and-vulnerabilities-of-may-2024/
Three-Year-Old Apache Flink Flaw Under Active Attack

May 31, 2024 5:03 PM

Tags: apache, attack, flaw

First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/35922/Three-Year-Old-Apache-Flink-Flaw-Under-Active-Attack.html
CISA adds years-old Apache Flink bug to KEV catalog

May 28, 2024 10:20 PM

Tags: apache, cisa, kev

First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/cisa-adds-years-old-apache-flink-bug-to-kev-catalog
Kinsing Malware Attacking Apache Tomcat Server With Vulnerabilities

May 28, 2024 12:20 PM

Tags: apache, attack, cloud, malware, vulnerability

The scalability and flexibility of cloud platforms recently boosted the emerging trend of cryptomining attacks in the cloud. Unlike on-premises infras… First seen on gbhackers.com Jump to article: gbhackers.com/kinsing-malware-attacks-apache-tomcat-vulnerabilities/
CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog

May 27, 2024 2:20 PM

Tags: access, apache, cisa, control, cybersecurity, exploit, flaw, kev, vulnerability

CISA adds Apache Flink improper access control vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure… First seen on securityaffairs.com Jump to article: securityaffairs.com/163635/security/cisa-apache-flink-flaw-known-exploited-vulnerabilities-catalog.html
Kinsing Malware Attacking Apache Tomcat Servers To Deploy Cryptominers

May 21, 2024 11:43 AM

Tags: apache, backdoor, cloud, exploit, linux, malware, vulnerability

Kinsing malware, known for exploiting vulnerabilities on Linux cloud servers to deploy backdoors and cryptominers, has recently expanded its target to… First seen on gbhackers.com Jump to article: gbhackers.com/kinsing-malware-apache-tomcat-servers/
Apache OFBiz RCE Flaw Let Attackers Execute Malicious Code Remotely

May 14, 2024 9:19 AM

Tags: apache, flaw, malicious, rce, remote-code-execution

Many businesses use enterprise resource planning (ERP) systems like Apache OFBiz. However, it has been found to have significant security holes that l… First seen on gbhackers.com Jump to article: gbhackers.com/apache-ofbiz-rce-flaw/
ApacheMQ Authentication Flaw Let Unauthorized Users Perform Multiple Actions

May 6, 2024 3:40 PM

Tags: apache, authentication, flaw, open-source, tool, unauthorized

Apache ActiveMQ is a Java based communication management tool for communicating with multiple components in a server. It is an open-source widely used… First seen on gbhackers.com Jump to article: gbhackers.com/apachemq-authentication-flaw/
Apache Cordova App Harness Targeted in Dependency Confusion Attack

May 6, 2024 1:41 PM

Tags: apache, attack, vulnerability

Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness.Dependency confusion … First seen on thehackernews.com Jump to article: thehackernews.com/2024/04/apache-cordova-app-harness-targeted-in.html
Multiple Apache HTTP Server Vulnerabilities Fixed in Ubuntu

Apr 30, 2024 7:40 PM

Tags: apache, vulnerability

The Ubuntu security team recently addressed several Apache HTTP Server vulnerabilities in Ubuntu 23.10, Ubuntu 23.04, Ubuntu 22.04 LTS, Ubuntu 20.04 L… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/multiple-apache-http-server-vulnerabilities-fixed-in-ubuntu/
Dependency confusion vulnerability impacts archived Apache project

Apr 26, 2024 10:40 PM

Tags: apache, vulnerability

First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/dependency-confusion-vulnerability-impacts-archived-apache-project
Dependency Confusion Vulnerability Found in Apache Project

Apr 24, 2024 1:38 AM

Tags: apache, vulnerability

First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/dependency-confusion-flaw-found/
Critical Apache HugeGraph Flaw Let Attackers Execute Remote Code

Apr 24, 2024 1:38 AM

Tags: apache, exploit, flaw, open-source, vulnerability

Security researchers have identified a critical vulnerability in Apache HugeGraph, an open-source graph database tool. This flaw, if exploited, could … First seen on gbhackers.com Jump to article: gbhackers.com/critical-apache-hugegraph-flaw/
AWS fixes ‘FlowFixation’ vulnerability for account hijacking

Apr 22, 2024 3:38 PM

Tags: apache, flaw, vulnerability

A Tenable researcher discovered a session fixation flaw in AWS Managed Workflows for Apache Airflow that, combined with a misconfiguration, could enab… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366574976/AWS-fixes-FlowFixation-vulnerability-for-account-hijacking
AWS Patches Critical ‘FlowFixation’ Bug in Airflow Service to Prevent Session Hijacking

Apr 4, 2024 6:36 AM

Tags: apache, cybersecurity, service, vulnerability

Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflo… First seen on thehackernews.com Jump to article: thehackernews.com/2024/03/aws-patches-critical-flowfixation-bug.html
Session Takeover Bug in AWS Apache Airflow Reveals Larger Cloud Risk

Mar 27, 2024 2:37 AM

Tags: apache, cloud, data-breach, risk, service

A bug exposed users of an AWS workflow management service to cookie tossing, but behind the scenes lies an even deeper issue that runs across all of t… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/1-click-takeover-bug-aws-apache-airflow-risk
One-Click AWS Vulnerability Let Attackers Takeover User’s Web Management Panel

Mar 25, 2024 1:17 PM

Tags: apache, service, vulnerability

Tenable Research has identified a critical vulnerability within the AWS Managed Workflows for Apache Airflow (MWAA) service, which they have named >>F… First seen on gbhackers.com Jump to article: gbhackers.com/one-click-aws-vulnerability/
AWS fixes 1-click Apache Airflow session hijack flaw

Mar 23, 2024 8:16 PM

Tags: apache, flaw

First seen on scmagazine.com Jump to article: www.scmagazine.com/news/aws-fixes-1-click-apache-airflow-session-hijack-flaw
Vulnerability Allowed Takeover of AWS Apache Airflow Service

Mar 22, 2024 7:03 AM

Tags: apache, service, vulnerability

AWS patches vulnerability that could have been used to hijack Managed Workflows Apache Airflow (MWAA) sessions via FlowFixation attack. The post hes … First seen on securityweek.com Jump to article: www.securityweek.com/vulnerability-allowed-one-click-takeover-of-aws-service-accounts/
1-Click Takeover Bug in AWS Apache Airflow Reveals Larger Risk

Mar 21, 2024 8:03 PM

Tags: apache, data-breach, risk, service

A bug exposed users of an AWS workflow management service to cookie tossing, but behind the scenes lies an even deeper issue that runs across all of t… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/1-click-takeover-bug-aws-apache-airflow-risk
Vulnerability Allowed One-Click Takeover of AWS Service Accounts

Mar 21, 2024 3:35 PM

Tags: apache, service, vulnerability

AWS patches vulnerability that could have been used to hijack Managed Workflows Apache Airflow (MWAA) sessions via FlowFixation attack. The post hes … First seen on securityweek.com Jump to article: www.securityweek.com/vulnerability-allowed-one-click-takeover-of-aws-service-accounts/
Cloud-y Linux Malware Rains on Apache, Docker, Redis & Confluence

Mar 7, 2024 1:13 AM

Tags: apache, cloud, docker, exploit, linux, malware

Spinning YARN cyberattackers wielding a Linux webshell are positioning for broader cloud compromise by exploiting common misconfigurations and a known… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/cloud-y-linux-malware-rains-apache-docker-redis-confluence
Linux Malware Targets Docker, Apache Hadoop, Redis and Confluence

Mar 6, 2024 6:14 PM

Tags: apache, docker, linux, malware

First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/linux-malware-targets-docker/
Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining

Mar 6, 2024 6:14 PM

Tags: apache, crypto, docker, exploit, hacker, service, threat, vulnerability

Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part … First seen on thehackernews.com Jump to article: thehackernews.com/2024/03/hackers-exploit-misconfigured-yarn.html
Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware

Mar 6, 2024 1:13 PM

Tags: apache, docker, hacker, malware

Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-target-docker-hadoop-redis-confluence-with-new-golang-malware/
Attackers Target Max-Severity Apache ActiveMQ Bug to Drop Ransomware

Mar 4, 2024 11:42 AM

Tags: apache, ransomware

First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/attackers-target-max-severity-apache-activemq-bug-to-drop-ransomware
New DDoS malware Attacking Apache big-data stack, Hadoop, Druid Servers

Feb 26, 2024 9:39 AM

Tags: apache, botnet, data, ddos, malware

Concerning a development for organizations leveraging Apache’s big-data solutions, a new variant of the Lucifer DDoS botnet malware targeting Apache H… First seen on gbhackers.com Jump to article: gbhackers.com/ddos-malware-attacking-apache-servers/
‘Lucifer’ Botnet Turns Up the Heat on Apache Hadoop Servers

Feb 24, 2024 12:39 PM

Tags: apache, attack, botnet

More than 3,000 unique attacks hitting Hadoop and Druid honeypots in just the past month indicate an attacker testing phase, portending fire and brims… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/lucifer-botnet-heat-apache-hadoop-servers
VulnRecap 1/29/24 Apple, Apache VMware Under Attack

Feb 12, 2024 5:53 PM

Tags: apache, apple, attack, vmware

First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/vulnerability-recap-january-29-2024/
Tenable warnt vor Ausnutzung einer Stored XSS-Schwachstelle

Feb 12, 2024 1:46 AM

Tags: apache, vulnerability, xss

Unternehmen sollten Maßnahmen in Bezug auf bereits bereitgestellte Apache-Airflow-Instanzen in ihren AWS- oder GCP-verwalteten Diensten ergreifen, da … First seen on infopoint-security.de Jump to article: www.infopoint-security.de/tenable-warnt-vor-ausnutzung-einer-stored-xss-schwachstelle/a35685/