Collaborate Disseminate
iPaaS apps are vulnerable because they transport highly sensitive data from core systems, include many different third-party apps in the process, and often lack security tools to govern and secure them all. In this video for Help Net Security, Alon Jac… Continue reading iPaaS: The latest enterprise cybersecurity risk?
Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular open-source Java-based logging utility that’s seemingly used by most enterpri… Continue reading Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation
A critical zero-day vulnerability in Apache Log4j (CVE-2021-44228), a widely used Java logging library, is being leveraged by attackers in the wild – for now, fortunately, primarily to deliver coin miners. Reported to the Apache Software Foundati… Continue reading Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)
If you’re active in the cybersecurity industry, you have likely heard the buzz about Struts 2 Java framework in 2017. In short, hackers were able to exploit a vulnerable application based on Struts 2 and stole hundreds of millions of PII records…. Continue reading The Hacker vs. Struts 2 Game – It Appears it has No Ending
Up to 24 Apache Struts Security Advisories listed the wrong versions that were impacted by vulnerabilities, researchers warn. Continue reading Apache Security Advisories Red Flag Wrong Versions in Patching Gaffe
Organizations running Apache web servers are urged to implement the latest security update to fix a serious privilege escalation flaw (CVE-2019-0211) that can be triggered via scripts and could allow unprivileged web host users to execute code with roo… Continue reading Patched Apache flaw is a serious threat for web hosting providers
The Apache Software Foundation revealed last week the existence of a critical Apache Struts flaw (CVE-2018-11776) similar to the one exploited in the Equifax breach and urged organizations and developers to upgrade their installations to versions 2.3.3… Continue reading PoC exploit for critical Apache Struts flaw found online
In September 2017, Equifax disclosed that a failure to patch one of its Internet servers against a pervasive software flaw — in a Web component known as Apache Struts — led to a breach that exposed personal data on 147 million Americans. Now security experts are warning that blueprints showing malicious hackers how to exploit a newly-discovered Apache Struts bug are available online, leaving countless organizations in a rush to apply new updates and plug the security hole before attackers can use it to wriggle inside. Continue reading Experts Urge Rapid Patching of ‘Struts’ Bug
Apache OpenOffice patches four vulnerabilities tied its suite of free office applications impacting it word processing and graphics applications. Continue reading Apache OpenOffice Update Patches Four Vulnerabilities
A critical vulnerability in Apache Struts, a popular open source framework for developing web applications, opens any server running an app built using it to remote attackers. It can be exploited easily, by sending a specially crafted web request to the application and, according to SANS ISC handler Adrien de Beaupre, a working exploit has already been spotted. About the vulnerability The flaw (CVE-2017-9805) was spotted during a static code analysis by researchers with software … More → Continue reading Easily exploitable Apache Struts vulnerability opens businesses to attack