HackDig : Dig high-quality web security articles

Google Project Zero expert found 3 flaws in Apache Web Server

Administrators of servers running Apache have to update their installs immediately to fix multiple vulnerabilities disclosed by a Google researcher. Apache Foundation released the 2.4.46 version to address three flaws affecting its web server software that could be potentially exploited by attackers, under specific conditions, to execute arbitrary code or
Publish At:2020-08-25 06:12 | Read:1849 | Comments:0 | Tags:Breaking News Security Apache DOS Hacking hacking news infor

Critical Apache Guacamole flaws expose organizations at risk of hack

Security researchers discovered multiple critical reverse RDP vulnerabilities in the remote desktop application Apache Guacamole. Security experts from Check Point Research have discovered multiple critical reverse RDP vulnerabilities in the Apache Guacamole, which is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and S
Publish At:2020-07-02 12:21 | Read:1497 | Comments:0 | Tags:Breaking News Hacking Apache Apache Guacamole hacking news i

Java Bugs with and without Fuzzing – AFL-based Java fuzzers and the Java Security Manager

In the last half a year I have been doing some fuzzing with AFL-based Java fuzzers, namely Kelinci and JQF. I didn’t really work with java-afl. The contents of this post are: Various AFL-based Java fuzzers are available that can be used to find more or less severe security issues. By combining these with sanitizers provided by the Java Security Manager
Publish At:2019-09-19 18:20 | Read:2543 | Comments:0 | Tags:Fuzzing AFL Apache fuzzing Java Java security manager JQF Ke

Don’t Just Put Out the Zero-Day Fire — Get Rid of the Fuel

How often have you heard a co-worker say that he or she had to put out a fire? Depending on your job role, you may have anywhere from one to more than a dozen so-called fires weekly. A zero-day vulnerability is an example of a work-related fire that a security operations analyst might have to extinguish. Enterprises should be prepared to handle zero-day fir
Publish At:2017-10-22 05:00 | Read:7506 | Comments:0 | Tags:Advanced Threats Endpoint Risk Management Software & App Vul

CVE-2017-12617 Code Execution flaw patched in Apache Tomcat

Several security vulnerabilities have been patched in recent weeks in Apache Tomcat, including the CVE-2017-12617 Code Execution vulnerability. Several security vulnerabilities have been patched in recent weeks in Apache Tomcat. The list of fixed flaws recently addressed also included code execution vulnerabilities. Apache Tomcat is the most widely used web
Publish At:2017-10-05 17:05 | Read:5339 | Comments:0 | Tags:Breaking News Hacking Apache RCE Tomcat

Worried About Apache Struts? Stay One Step Ahead of Endpoint Attacks

Endpoint attacks can come from any direction and many sources. Just consider the reported vulnerabilities found in Apache Struts and the damage caused by WannaCry and Petya. Companies need to stay one step ahead of endpoint attacks, but they struggle due to a lack of visibility of endpoint status, the complexity of investigations and ineffective remediation.
Publish At:2017-09-25 15:30 | Read:6950 | Comments:0 | Tags:Endpoint Incident Response Apache Endpoint Management Endpoi

OptionsBleed – The Apache HTTP Server Now Bleeds

A new vulnerability in the Apache HTTP server was found recently. Designated as CVE-2017-9798, this vulnerability lies in how Apache handles certain settings in its configuration files, resulting in memory leaks. This vulnerability is named OptionsBleed, based on its similarities with the Heartbleed vulnerability. Patches to Apache are now available. What is
Publish At:2017-09-22 21:10 | Read:8762 | Comments:0 | Tags:Vulnerabilities apache OptionsBleed

The Apache Struts 2 Vulnerability and the Importance of Patch Management

Apache Struts is a free, open source framework for creating Java web applications. It’s widely used to build corporate websites in sectors including education, government, financial services, retail and media. In early March 2017, Apache released a patch for the Struts 2 framework. The patch fixes an easy-to-exploit vulnerability that allows attacker
Publish At:2017-04-25 12:20 | Read:5270 | Comments:0 | Tags:Application Security Endpoint Apache Incident Response (IR)

Defending Against Apache Web Server DDoS Attacks

What Is a DDoS Attack? A distributed denial-of-service (DDoS) attack is a coordinated strike, distributed among different computers, that aims to prevent the authorized use of one or more systems. These Web server DDoS attacks have become a weapon of choice for malicious actors to conduct cyberattacks. They are used by different types of attackers, from expe
Publish At:2015-12-09 23:55 | Read:6290 | Comments:0 | Tags:Application Security Network & Endpoint Apache Distributed D

New encryption ransomware targets Linux systems

The antivirus software company Doctor Web has issued an alert about a new form of crypto-ransomware that targets users of Linux-based operating systems. Designated as "Linux.Encoder.1" by the company, the malware largely targets Web servers, encrypting their contents and demanding a ransom of one Bitcoin (currently about $500).Many of the systems that have b
Publish At:2015-11-09 18:35 | Read:5807 | Comments:0 | Tags:Risk Assessment Technology Lab Apache crypto ransomware Linu

Mozilla’s Bugzilla Hacked | Stolen Data Used For Targeting Firefox users

Mozilla yesterday detailed a security attack on its bug tracker and testing tool Bugzilla, as well as the steps it is taking to mitigate a repeat incident. In short, a hacker compromised the service, stole security-sensitive information, and used it to attack Firefox users. Bugzilla is open-source software that has been adopted by a variety of organization
Publish At:2015-09-08 05:15 | Read:4606 | Comments:0 | Tags:Application Security Cyber Security Security Updates Apache

Trend Micro Discovers Apache Cordova Vulnerability that Allows One-Click Modification of Android Apps

We’ve discovered a vulnerability in the Apache Cordova app framework that allows attackers to modify the behavior of apps just by clicking a URL. The extent of the modifications can range from causing nuisance for app users to crashing the apps completely. Designated as CVE-2015-1835, this high-severity vulnerability affects all versions of Apache Cordova up
Publish At:2015-06-09 19:25 | Read:4736 | Comments:0 | Tags:Mobile Vulnerabilities android apache cordova Google vunerab

Darkleech Update – November 2014

Just wanted to document some latest changes in Darkleech behavior that may help you detect it. I’d like to thank internet security enthusiasts who share their findings with me. Without you, I could have easily missed these new (?) details. Quick recap Darkleech is a root level server infection that installs malicious Apache modules. The modules inject
Publish At:2014-11-27 18:15 | Read:4860 | Comments:0 | Tags:Short Attack Reviews Website exploits Apache Darkleech Emula

Apache Warns of Tomcat Remote Code Execution Vulnerability

Some older versions of the open source Apache Tomcat web server and servlet container, are vulnerable to remote code execution.In what Mark Thomas, a longtime Apache Tomcat committer, calls “limited circumstances,” a user could upload malicious JavaServer Pages (JSP) to a server running Tomcat, and then later trigger the execution of that JSP. JSP shells can
Publish At:2014-09-11 05:00 | Read:5672 | Comments:0 | Tags:Vulnerabilities Web Security Apache Apache Tomcat remote cod

ImpressPages CMS 3.6 Multiple Vulnerabilities (XSS/SQLi/FD/RCE)

Input passed via several parameters is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and HTML/script code in a user’s browser session in context of an affected site. Input passed to the ‘files[0][file]‘ parameter in ‘/ip_
Publish At:2014-08-13 01:56 | Read:7460 | Comments:0 | Tags:Internal advisory apache arbitrary CMS code delete deletion


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud