Tag: apache

Vulnerabilities in Azure Data Factory Open Door to Attacks

Dec 18, 2024 10:42 PM

Tags: apache, attack, cloud, data, flaw, hacker, malware, microsoft, vulnerability

Azure Data Factory’s Apache Airflow Integration Flaw Can Expose Cloud Environments. Security researchers say now-resolved vulnerabilities in a Microsoft Azure integration with the Apache Airflow workflow management platform showcase growing sophistication of attackers. Palo Alto Unit 42 researchers said the flaws could allow hackers to deploy malware and steal data. First seen on govinfosecurity.com Jump…
Threat actors are attempting to exploit Apache Struts vulnerability CVE-2024-53677

Dec 18, 2024 10:42 PM

Tags: apache, cve, exploit, malicious, threat, vulnerability

Researchers warn that threat actors are attempting to exploit a recently disclosed Apache Struts vulnerability CVE-2024-53677. Researchers warn that threat actors are attempting to exploit the vulnerability CVE-2024-53677 (CVSS score of 9.5) in Apache Struts. A remote attacker could exploit this vulnerability to upload malicious files, potentially leading to arbitrary code execution. >>An attacker can…
Exploitation of Recent Critical Apache Struts 2 Flaw Begins

Dec 18, 2024 12:42 PM

Tags: apache, attack, exploit, flaw, malicious, remote-code-execution, vulnerability

Researchers warn of malicious attacks exploiting a recently patched critical vulnerability in Apache Struts 2 leading to remote code execution (RCE). The post Exploitation of Recent Critical Apache Struts 2 Flaw Begins appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/exploitation-of-recent-critical-apache-struts-2-flaw-begins/
Jetzt patchen! Angreifer nutzen kritische Sicherheitslücke in Apache Struts aus

Dec 18, 2024 11:42 AM

Tags: apache, bug, exploit

Die Uploadfunktion von Apache Struts ist fehlerhaft und Angreifer können Schadcode hochladen. Sicherheitsforscher warnen vor Attacken. First seen on heise.de Jump to article: www.heise.de/news/Jetzt-patchen-Angreifer-nutzen-kritische-Sicherheitsluecke-in-Apache-Struts-aus-10212840.html
Azure Data Factory And Apache Airflow Integration Flaws Let Attackers Gain Write Access

Dec 18, 2024 10:42 AM

Tags: access, apache, breach, control, cyber, data, exploit, flaw, microsoft, service, unauthorized, vulnerability

Researchers have uncovered vulnerabilities in Microsoft Azure Data Factory’s integration with Apache Airflow, which could potentially allow attackers to gain unauthorized access and control over critical Azure resources. By exploiting these vulnerabilities, attackers could compromise the integrity of the Azure environment, potentially leading to data breaches, service disruptions, and other severe consequences. The identified vulnerabilities…
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

Dec 18, 2024 7:42 AM

Tags: apache, cve, cvss, exploit, flaw, threat, update, vulnerability

Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution.The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164,…
Critical security hole in Apache Struts under exploit

Dec 17, 2024 11:42 PM

Tags: apache, attack, exploit, rce, remote-code-execution, update

You applied the patch that could stop possible RCE attacks last week, right? First seen on theregister.com Jump to article: www.theregister.com/2024/12/17/critical_rce_apache_struts/
New critical Apache Struts flaw exploited to find vulnerable servers

Dec 17, 2024 7:42 PM

Tags: apache, cve, exploit, flaw, vulnerability

A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-critical-apache-struts-flaw-exploited-to-find-vulnerable-servers/
Azure Data Factory Bugs Expose Cloud Infrastructure

Dec 17, 2024 7:42 PM

Tags: access, apache, cloud, control, data, infrastructure, service, vulnerability

Three vulnerabilities in the service’s Apache Airflow integration could have allowed attackers to take shadow administrative control over an enterprise cloud infrastructure, gain access to and exfiltrate data, and deploy malware. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/azure-data-factory-bugs-expose-cloud-infrastructure
Apache Struts Arbitrary File Upload Vulnerability S2-067 (CVE-2024-53677)

Dec 16, 2024 2:42 PM

Tags: apache, cve, cyber, malicious, network, vulnerability

Overview Recently, NSFOCUS CERT monitored that Apache released a security bulletin, fixing the Apache Struts arbitrary file upload vulnerability S2-067 (CVE-2024-53677). Due to a logical defect in the file upload function, an unauthenticated attacker can perform path traversal by controlling the file upload parameters, thereby uploading malicious files to achieve remote code execution. The CVSS…The…
Hackers Exploiting Apache Struts2 Vulnerability to Upload Malicious Payloads

Dec 16, 2024 1:42 PM

Tags: apache, cve, cvss, cyber, exploit, framework, hacker, malicious, open-source, vulnerability

Hackers have begun exploiting a newly discovered vulnerability in Apache Struts2, a widely used open-source framework for developing Java web applications. The vulnerability, assigned the identifier CVE-2024-53677, has a critical CVSS score of 9.5, indicating its potential for severe impact if left unaddressed. Background on the Vulnerability Apache Struts2 announced the vulnerability last week, highlighting…
Apache issues patches for critical Struts 2 RCE bug

Dec 12, 2024 3:05 PM

Tags: apache, rce, remote-code-execution

More details released after devs allowed weeks to apply fixes First seen on theregister.com Jump to article: www.theregister.com/2024/12/12/apache_struts_2_vuln/
Mauri Ransomware Leverages Apache ActiveMQ Vulnerability to Deploy CoinMiners

Dec 10, 2024 9:07 AM

Tags: apache, cyber, exploit, malicious, ransomware, remote-code-execution, vulnerability

The Apache ActiveMQ server is vulnerable to remote code execution (CVE-2023-46604), where attackers can exploit this vulnerability by manipulating serialized class types in the OpenWire protocol to load malicious class configurations from external sources. Successful exploitation allows attackers to execute arbitrary code on the vulnerable server, leading to potential system compromise, which has been actively…
Mitel MiCollab VoIP authentication bypass opens new attack paths

Dec 5, 2024 10:48 PM

Tags: access, advisory, apache, apt, attack, authentication, cve, exploit, flaw, injection, linux, phone, software, sql, unauthorized, update, voip, vulnerability

Security researchers have discovered a new issue in the Mitel MiCollab enterprise VoIP platform that allows attackers to access administrative features without authentication.The discovery was made by researchers from security firm watchTowr back in May while trying to replicate a different vulnerability that Mitel patched at the time (CVE-2024-35286). The new issue is a path…
[Updated] Log4Shell: Critical Severity Apache Log4j Remote Code Execution Being Actively Exploited (CVE-2021-44228 CVE-2021-45046)

Dec 1, 2024 2:19 AM

Tags: apache, cve, exploit, rce, remote-code-execution, update, vulnerability

Update December 17th, 2021: Log4j 2.15.0 Vulnerability Upgraded from Low to Critical Severity (CVSS 9.0) RCE possible in non-default configurations Th… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2021/12/10/log4shell-critical-severity-apache-log4j-remote-code-execution-being-actively-exploited-cve-2021-44228/
CVE-2023-46604 Apache ActiveMQ RCE vulnerability

Dec 1, 2024 2:19 AM

Tags: apache, cve, detection, rce, remote-code-execution, threat, vulnerability

Written by Joshua Cartlidge of the Kudelski Security Threat Detection & Research Team Summary On October 25, 2023, Apache disclosed an ActiveMQ Re… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/11/03/cve-2023-46604-apache-activemq-rce-vulnerability/
Apache Fixes OFBiz Remote Code Execution Flaw

Dec 1, 2024 12:18 AM

Tags: apache, flaw, remote-code-execution

First seen on duo.com Jump to article: duo.com/decipher/apache-fixes-ofbiz-remote-code-execution-flaw
Apache OfBiz: Schwachstelle ermöglicht Codeschmuggel

Nov 20, 2024 9:53 AM

Tags: apache, exploit, software, vulnerability

Eine aktualisierte Version der ERP-Software Apache OfBiz schließt Sicherheitslecks, die das Ausführen von Schadcode ermöglichen. First seen on heise.de Jump to article: www.heise.de/news/Apache-OfBiz-Schwachstelle-ermoeglicht-Codeschmuggel-10075408.html
Apache Kafka Vulnerability Let Attackers Escalate Privileges

Nov 19, 2024 7:54 AM

Tags: apache, cyber, data-breach, saas, unauthorized, vulnerability

A newly identified vulnerability tracked as CVE-2024-31141, has been discovered in Apache Kafka Clients that could allow attackers to escalate privileges and gain unauthorized filesystem read access. This vulnerability, rated as Moderate in severity, affects multiple versions of Apache Kafka Clients and has raised concerns in environments where applications are exposed to untrusted users, such as SaaS products. Affected Versions…
Sicherheitspatches: Apache Traffic Server über mehrere Lücken angreifbar

Nov 15, 2024 9:53 AM

Tags: apache

Um Netzwerke zu schützen, sollten Admins die aktuellen Versionen von Apache Traffic Server installieren. First seen on heise.de Jump to article: www.heise.de/news/Sicherheitsupdates-Angreifer-koennen-Apache-Traffic-Server-crashen-lassen-10036352.html
Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications

Oct 16, 2024 9:55 AM

Tags: apache, exploit, flaw, programming, remote-code-execution, software

A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the ex… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html
Apache Avro SDK Flaw Could Enable Java Apps RCE

Oct 10, 2024 9:54 PM

Tags: apache, flaw, rce, remote-code-execution

First seen on scworld.com Jump to article: www.scworld.com/brief/apache-avro-sdk-flaw-could-enable-java-apps-rce
RCE in Java apps likely with critical Apache Avro SDK vulnerability

Oct 10, 2024 9:54 PM

Tags: apache, rce, remote-code-execution, vulnerability

First seen on scworld.com Jump to article: www.scworld.com/brief/rce-in-java-apps-likely-with-critical-apache-avro-sdk-vulnerability
Critical Apache Avro SDK RCE flaw impacts Java applications

Oct 9, 2024 4:06 PM

Tags: apache, exploit, flaw, programming, rce, remote-code-execution, software, vulnerability

A critical vulnerability in the Apache Avro Java Software Development Kit (SDK) could be exploited to execute arbitrary code on vulnerable instances. … First seen on securityaffairs.com Jump to article: securityaffairs.com/169469/security/apache-avro-java-sdk-critical-flaw.html
CVE-2024-45195 – Kritische Schwachstelle in Apache OFBiz erlaubt Code-Ausführung

Sep 26, 2024 7:13 AM

Tags: apache, cve, vulnerability

First seen on security-insider.de Jump to article: www.security-insider.de/ofbiz-updates-sicherheitsluecken-schliessen-a-f0c2bba805a440d188cad18437132f49/
CISA warns of actively exploited Apache HugeGraph-Server bug

Sep 23, 2024 5:11 PM

Tags: apache, cisa, cybersecurity, exploit, flaw, infrastructure, kev, vulnerability

The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a re… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-apache-hugegraph-server-bug/
U.S. CISA adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Server, and Microsoft SQL Server bugs to its Known Exploited Vulnerabilities catalog

Sep 21, 2024 6:29 PM

Tags: apache, cisa, cybersecurity, exploit, infrastructure, kev, microsoft, oracle, sql, vulnerability, windows

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows, Apache HugeGraph-Server, Oracle JDeveloper, Oracle WebLogic Serve… First seen on securityaffairs.com Jump to article: securityaffairs.com/168592/security/u-s-cisa-windows-apache-hugegraph-oracle-jdeveloper-oracle-weblogic-sql-server-bugs-to-its-known-exploited-vulnerabilities-catalog.html
Apache OFBiz behebt neuen kritischen Fehler

Sep 20, 2024 4:30 AM

Tags: apache

First seen on csoonline.com Jump to article: www.csoonline.com/de/a/apache-ofbiz-behebt-neuen-kritischen-fehler
CVE-2024-38856 and CVE-2024-45195 Apache OFBiz Security Vulnerabilities August 2024

Sep 20, 2024 12:29 AM

Tags: apache, breach, cve, data, vulnerability

Critical Security Vulnerabilities (CVE-2024-38856 and CVE-2024-45195) in Apache OFBiz Expose Enterprise Systems to Potential Data Breaches and Disrupt… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/cve-2024-38856-and-cve-2024-45195-apache-ofbiz-security-vulnerabilities-august-2024/
Apache Flaw: High Severity Vulnerability Fix Via Update

Sep 18, 2024 4:29 PM

Tags: apache, flaw, update, vulnerability

Organizations worldwide leverage technological solutions for increased efficiency and productivity. However, given the rapid advancements of online th… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/apache-flaw-high-severity-vulnerability-fix-via-update/