Apache – Page 8 – WindowsTechs.com

How to track which php file executed a malware binary

Posted on February 27, 2022 by MOHAMMAD RASIM

I have a server that seems to be compromised checking the processes running I see an executable that seems to be a mining malware and the hacker uses it to mine litecoin at the address MKkb4o9jUYmcQRRkpJWK82mW2S1ZZMtaLg, the executable fil… Continue reading How to track which php file executed a malware binary→

Issues with uploading file

Posted on February 11, 2022 by Vinny

I’m performing a pentest on a website running Apache that has an empty /uploads directory. I’ve performed thorough enumeration of all directories and functionality on the website, and there is no clear way to upload anything to this myster… Continue reading Issues with uploading file→

FreeRadius and Apache Mutual authentication

Posted on February 7, 2022 by zsomborv

I set EAP-TLS on my FreeRadius server, and i want to try the certificate-based authentication for a testing. I set up an Apache as a webservice and enabled ssl on it. I could redirect the basic username-password authentication to the radiu… Continue reading FreeRadius and Apache Mutual authentication→

Possible http information disclosure

Posted on January 21, 2022 by doneal24

We recently had a vulnerability scan that returned an information disclosure that I’ve never heard about before. The scanning company provided this information.

Our researcher used an open source tool called BurpSuite to intercept
an HTTP… Continue reading Possible http information disclosure→

White House hosts open-source software security summit in light of expansive Log4j flaw

Posted on January 13, 2022 by Tim Starks

Tech giants and federal agencies will meet at the White House on Thursday to discuss open-source software security, a response to the widespread Log4j vulnerability that’s worrying industry and cyber leaders. Among the attendees are companies like Apple, Facebook and Google, as well as the Apache Software Foundation, which builds Log4j, a ubiquitous open-source logging framework for websites. “Building on the Log4j incident, the objective of this meeting is to facilitate an important discussion to improve the security of open source software — and to brainstorm how new collaboration could rapidly drive improvements,” a senior administration official said in advance of the meeting. The huddle convenes in light of a vulnerability discovered last month known as Log4Shell that could affect up to hundreds of millions of devices, and as federal officials, businesses and security researchers race to contain the potential fallout. It’s the latest of several Biden White House summits […]

The post White House hosts open-source software security summit in light of expansive Log4j flaw appeared first on CyberScoop.

Continue reading White House hosts open-source software security summit in light of expansive Log4j flaw→

If hackers are exploiting the Log4j flaw, CISA says we might not know yet

Posted on January 10, 2022 by Tim Starks

Federal officials cautioned Monday that, while the widespread Log4j vulnerability hasn’t led to any major known intrusions in the U.S., there could be a “lag” between when the flaw became known, and when attackers exploit it. Cybersecurity and Infrastructure Security Agency Director Jen Easterly said that there were months between the discovery of the vulnerability that led to the 2017 Equifax breach, which exposed the personal information of nearly 150 million Americans, and word of the breach itself, invoking one of the most notable hacks in history. “We do expect Log4j to be used in intrusions well into the future,” Easterly said on a call with reporters. “There may be a lag between when this vulnerability is being used and when it is being actively deployed.” Apache Struts, an open-source tool, was at the center of the Equifax breach, and Apache’s Log4j is a ubiquitous open-source logging tool. Easterly said […]

The post If hackers are exploiting the Log4j flaw, CISA says we might not know yet appeared first on CyberScoop.

Continue reading If hackers are exploiting the Log4j flaw, CISA says we might not know yet→

S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript]

Posted on January 6, 2022 by Paul Ducklin

We’re back for 2022 – listen now! Continue reading S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript]→

Log4Shell vulnerability Number Four: “Much ado about something”

Posted on December 29, 2021 by Paul Ducklin

It’s a Log4j bug, and you ought to patch it. But we don’t think it’s a critical crisis like the last one. Continue reading Log4Shell vulnerability Number Four: “Much ado about something”→

successfull log4j exploitation, or just normal traffic?

Posted on December 26, 2021 by dalaix

First, thanks in advance and sorry if I’m asking some really silly thing, this is not my expertise 🙂
I have a webserver just for testing my things. Last week I checked if it was vulnerable to log4j CVE and it seemed only Jenkins was using… Continue reading successfull log4j exploitation, or just normal traffic?→

Microsoft Sentinel Launches New Log4j Vulnerability Solution In Public Preview

Posted on December 22, 2021 by Rabia Noureen

Microsoft has announced some important updates for Microsoft Sentinel, its scalable cloud-native SIEM tool that provides AI-powered security analytics in enterprise environments. The Redmond giant has launched a new solution in public preview that should help IT Admins to detect Apache Log4j vulnerabilities. Last week, Microsoft acknowledged the emergence of an Apache Log4j vulnerability (CVE-2021-44228) […] Continue reading Microsoft Sentinel Launches New Log4j Vulnerability Solution In Public Preview→