Security News

CISA Warns of Actively Exploited Apache Flink Security Vulnerability

2024-05-23 16:44

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, the open-source, unified stream-processing and batch-processing...

#apache #cisa #security #vulnerability #CVE-2020-17519

Apache Cordova App Harness Targeted in Dependency Confusion Attack

2024-04-23 14:00

Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness. Dependency confusion attacks take place owing to the fact...

#apache #attack

Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks

2024-01-22 03:40

Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised...

#apache #attack #WEB

Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks

2024-01-12 07:56

Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments. "This attack is...

#apache #attack #cryptominer

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems

2024-01-11 14:16

Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to...

#apache #ERP #exploit #POC #vulnerability #CVE-2023-51467

CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe , D-Link, Joomla Under Attack

2024-01-10 04:50

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This...

#adobe #apache #apple #attack #cisa #dlink #joomla #vulnerabilities #CVE-2023-27524

Apache OFBiz zero-day pummeled by exploit attempts after disclosure

2024-01-08 17:45

SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight. If you use the Apache Software Foundation framework, which includes business process automation apps and other enterprise-friendly functions, you should upgrade to OFBiz version 18.12.11 immediately to patch both this and a second, equally serious hole.

#apache #disclosure #exploit #zeroday

Hackers target Apache RocketMQ servers vulnerable to RCE attacks

2024-01-05 17:32

Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582. Apache released a fix that was incomplete for the NameServer component in RocketMQ and continued to affect versions 5.1 and older of the distributed messaging and streaming platform.

#apache #attack #hacker #RCE #server #CVE-2023-37582 #CVE-2023-33246

Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers

2023-12-28 16:20

A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept exploits. Online URL. The researchers further said those scanning vulnerable servers are particularly interested in finding vulnerable Confluence servers.

#apache #confluence #RCE #server

Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack

2023-12-27 15:39

A new zero-day security flaw has been discovered in the Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The...

#apache #attack #critical #ERP #zeroday #CVE-2023-49070 #CVE-2023-51467

Security News {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Security News"}]}

Security News