Collaborate Disseminate
Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular open-source Java-based logging utility that’s seemingly used by most enterpri… Continue reading Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation
A critical zero-day vulnerability in Apache Log4j (CVE-2021-44228), a widely used Java logging library, is being leveraged by attackers in the wild – for now, fortunately, primarily to deliver coin miners. Reported to the Apache Software Foundati… Continue reading Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)
Two remote code execution (RCE) vulnerabilities in Apache Solr could be exploited by attackers to compromise the underlying server. One – CVE-2019-12409 – has already been patched, while the other – currently without a CVE number R… Continue reading Apache Solr RCEs with public PoCs could soon be exploited
Linux users running the enterprise-search platform Solr are potentially vulnerable to remote code execution attack. Continue reading Apache Solr Bug Gets Bumped Up to High Severity
Reddit revealed today that it has teamed with Lucidworks to provide a long-needed, modern search tool for the immensely popular online discussion platform. When you face the kind of scale that Reddit does with 270 million monthly active users generating 5 million comments and a staggering 40 million searches every day across a more than a million communities, it’s a daunting task to find… Read More Continue reading Reddit teams with Lucidworks to build new search framework