Security News

From website hacking to DDoS attacks to custom malware to changing school grades, you can buy one of these services from a hacker for hire. Just how much do these types of items cost? A blog post published Tuesday by consumer website Comparitech examines the types of hacking services available on the Dark Web and scopes out their prices.

Apache has issued patches to address two security vulnerabilities, including a path traversal and file disclosure flaw in its HTTP server that it said is being actively exploited in the wild. "A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root," the open-source project maintainers noted in an advisory published Tuesday.

The venerable Apache web server has just been updated to fix a dangerous remote code execution bug. This bug is already both widely-known and trivial to exploit, with examples now circulating freely on Twitter, and a single, innocent-looking web request aimed at your server could be enough for an attacker to take it over completely.

The Apache Software Foundation has hurried out a patch to address a pair of HTTP Web Server vulnerabilities, at least one of which is already being actively exploited. Apache's HTTP Server is widely used, and the vulnerabilities, CVE-2021-41524 and CVE-2021-41773, aren't great.

Unless you want to leak like a sieve The Apache Software Foundation has hurried out a patch to address a pair of HTTP Web Server vulnerabilities, at least one of which is already being actively exploited.…

Apache Software has quickly issued a fix for a zero-day security bug in the Apache HTTP Server, which was first reported to the project last week. Path traversal issues allow unauthorized people to access files on a web server, by tricking either the web server or the web application running on it into returning files that exist outside of the web root folder.

EUTNAIOA earlier leaked 180GB of data it said it siphoned from Epik servers, plenty of it detailing the activities of far-right groups such as The Proud Boys and the ridiculous QAnon mob. The hacktivist collective justified the release of stolen data on the grounds it exposed racists, and dubbed the operation: Epik Fail.

Twitter is experiencing a worldwide outage affecting their web platform that prompts users to logout and prevents them from accessing tweets. The outage began at around noon EST and only affects the web/desktop version of Twitter, not the mobile platform.

It's a well-known fact that powerful malware can be bought on the dark web and used with relative ease. A new report from Cisco's Talos cybersecurity research team illustrates just how dangerous out-of-the-box remote access trojan malware can be: A campaign it has dubbed "Armor Piercer" has been attacking the Indian government since December 2020.

"We get data from organizations that are testing vendors by trade, bug bounty vendors, and organizations that contribute internal testing data. Once we have the data, we load it together and run a fundamental analysis of what CWEs map to risk categories," the Open Web Application Security Project explains. The reason for leaving space for direct input from application security and development experts on the front lines is the fact that it takes time to find ways to test new vulnerabilities, and they can offer knowledge on essential weaknesses that the contributed data may not show yet.