Security News
Apache Guacamole, a popular infrastructure for enabling remote working, is vulnerable to a slew of security bugs related to the Remote Desktop Protocol, researchers have warned. "Once in control of the gateway, an attacker can eavesdrop on all incoming sessions, record all the credentials used, and even start new sessions to control the rest of the computers within the organization," explained Eyal Itkin, researcher from Check Point, in a posting on Thursday.
DataStax announced the general availability of DataStax Astra, a database-as-a-service for Apache Cassandra applications, simplifying cloud-native Cassandra application development. On Google Cloud, Astra deploys and manages enterprise clusters powered by Cassandra directly on top of Google Cloud's Platform infrastructure, so that data sits in the same Google Cloud global infrastructure as applications.
Confluent, the event streaming platform pioneer, announced the launch of elastic scaling for Apache Kafka. "Elasticity is a fundamental property of cloud data systems and our first step in Project Metamorphosis is bringing elastic scaling to Kafka and it's ecosystem in Confluent Cloud," said Jay Kreps, co-founder and CEO, Confluent.
DataStax released code for an Apache Cassandra Kubernetes operator to help enterprises and users succeed with scale-out, cloud-native data. This Kubernetes Operator for Apache Cassandra, cass-operator, is now available and ready for use by the community as we work together on a common operator.
A vulnerability in the popular Apache Tomcat web server is ripe for active attack, thanks to a proof-of-concept exploit making an appearance on GitHub. The Apache Tomcat open-source web server supports various JavaScript-based technologies, including the Apache JServ Protocol interface, which is where the vulnerability resides.
A vulnerability in the popular Apache Tomcat web server is ripe for active attack, thanks to a proof-of-concept exploit making an appearance on GitHub. The Apache Tomcat open-source web server supports various JavaScript-based technologies, including the Apache JServ Protocol interface, which is where the vulnerability resides.
For the first time ever, the Apache Pulsar PMC team is publishing a user survey report. The 2020 Apache Pulsar User Survey Report reveals Pulsar's accelerating rate of global adoption, details how organizations are leveraging Pulsar to build real-time streaming applications, and highlights key features on Pulsar's product roadmap.
WordPress and Apache Struts vulnerabilities were the most-targeted by cybercriminals in web and application frameworks in 2019 - while input-validation bugs edged out cross-site scripting as the most-weaponized weakness type. The firm found that WordPress and Apache Struts alone accounted for a combined 57 percent of exploited framework bugs during the year.
A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts. The Drupal content management system ranked third, followed by Ruby on Rails and Laravel, according to a report published this week by risk analysis firm RiskSense.
Among the report's key findings, total framework vulnerabilities in 2019 went down but the weaponization rate went up, WordPress and Apache Struts had the most weaponized vulnerabilities, and input validation surpassed cross-site scripting as the most weaponized weakness in the frameworks examined. "Even if best application development practices are used, framework vulnerabilities can expose organizations to security breaches. Meanwhile, upgrading frameworks can be risky because changes can affect the behavior, appearance, or inherent security of applications," said Srinivas Mukkamala, CEO of RiskSense.