Security News
The venerable Apache web server has just been updated to fix a dangerous remote code execution bug. This bug is already both widely-known and trivial to exploit, with examples now circulating freely on Twitter, and a single, innocent-looking web request aimed at your server could be enough for an attacker to take it over completely.
The Apache Software Foundation has hurried out a patch to address a pair of HTTP Web Server vulnerabilities, at least one of which is already being actively exploited. Apache's HTTP Server is widely used, and the vulnerabilities, CVE-2021-41524 and CVE-2021-41773, aren't great.
Unless you want to leak like a sieve The Apache Software Foundation has hurried out a patch to address a pair of HTTP Web Server vulnerabilities, at least one of which is already being actively exploited.…
Apache Software has quickly issued a fix for a zero-day security bug in the Apache HTTP Server, which was first reported to the project last week. Path traversal issues allow unauthorized people to access files on a web server, by tricking either the web server or the web application running on it into returning files that exist outside of the web root folder.
EUTNAIOA earlier leaked 180GB of data it said it siphoned from Epik servers, plenty of it detailing the activities of far-right groups such as The Proud Boys and the ridiculous QAnon mob. The hacktivist collective justified the release of stolen data on the grounds it exposed racists, and dubbed the operation: Epik Fail.
Twitter is experiencing a worldwide outage affecting their web platform that prompts users to logout and prevents them from accessing tweets. The outage began at around noon EST and only affects the web/desktop version of Twitter, not the mobile platform.
It's a well-known fact that powerful malware can be bought on the dark web and used with relative ease. A new report from Cisco's Talos cybersecurity research team illustrates just how dangerous out-of-the-box remote access trojan malware can be: A campaign it has dubbed "Armor Piercer" has been attacking the Indian government since December 2020.
"We get data from organizations that are testing vendors by trade, bug bounty vendors, and organizations that contribute internal testing data. Once we have the data, we load it together and run a fundamental analysis of what CWEs map to risk categories," the Open Web Application Security Project explains. The reason for leaving space for direct input from application security and development experts on the front lines is the fact that it takes time to find ways to test new vulnerabilities, and they can offer knowledge on essential weaknesses that the contributed data may not show yet.
Chances are good you're not using your browser with a strong enough eye on security. For the love of privacy and security, stop! You're using the default settings in your web browser, thereby assuming the companies that created the software either know what's best for you or don't have ulterior motives for how they set security options in their products.
A new report from consumer website Comparitech looks at dark web selling prices for credit cards and PayPal accounts in particular. Credit cards are sold on the dark web either as digital items or physical clones of real cards.