Secure Planet Training Courses Updated For 2019 - Click Here

There are new available articles, click to refresh the page.

News ≈ Packet Storm

Admins Better Spring Into Action Over Latest Critical Vuln

— October 29^th 2024 at 15:06

News ≈ Packet Storm

Apache Makes Another Attempt At Patching Exploited RCE In OFBiz

— September 6^th 2024 at 15:15

News ≈ Packet Storm

Three-Year-Old Apache Flink Flaw Under Active Attack

— May 24^th 2024 at 14:38

The Hacker News

CISA Warns of Actively Exploited Apache Flink Security Vulnerability

By: Newsroom — May 23^rd 2024 at 16:44

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, an open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2020-17519, the issue relates to a case of improper access control that

The Hacker News

AWS Patches Critical 'FlowFixation' Bug in Airflow Service to Prevent Session Hijacking

By: Newsroom — March 22^nd 2024 at 13:45

Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) that could be potentially exploited by a malicious actor to hijack victims' sessions and achieve remote code execution on underlying instances. The vulnerability, now addressed by AWS, has been codenamed FlowFixation by Tenable.

News ≈ Packet Storm

Apache OFBiz Zero Day Pummeled By Exploit Attempts After Disclosure

— January 9^th 2024 at 15:40

News ≈ Packet Storm

Critical Apache OFBiz Vulnerability In Attacker Crosshairs

— December 29^th 2023 at 17:14

News ≈ Packet Storm

80% Of Struts Downloads Are For Versions Featuring Critical Flaw

— December 22^nd 2023 at 14:20

News ≈ Packet Storm

Recent Apache Struts 2 Vulnerability In Attacker Crosshairs

— December 15^th 2023 at 15:02

News ≈ Packet Storm

Unpatched Apache Tomcat Servers Spread Mirai Botnet Malware

— July 31^st 2023 at 15:14

News ≈ Packet Storm

Apache Superset: A Story Of Insecure Default Keys, Thousands Of Vulnerable Systems, Few Paying Attention

— April 26^th 2023 at 14:41

Dangerous hole in Apache Commons Text – like Log4Shell all over again

By: Paul Ducklin — October 18^th 2022 at 16:26

Third time unlucky. Time to put your patching boots on again...

act-1200

Apache “Commons Configuration” patches Log4Shell-style bug – what you need to know

By: Paul Ducklin — July 8^th 2022 at 00:59

It's a bit like Log4J, but for configuration files, not for logging.

QNAP warns of new bugs in its Network Attached Storage devices

By: Paul Ducklin — April 22^nd 2022 at 15:15

Here's what you need to know - plus some sensible advice for all the devices on your home or small biz network!

nas-1200

S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript]

By: Paul Ducklin — January 6^th 2022 at 13:44

We're back for 2022 - listen now!

Log4Shell vulnerability Number Four: “Much ado about something”

By: Paul Ducklin — December 29^th 2021 at 16:12

It's a Log4j bug, and you ought to patch it. But we don't think it's a critical crisis like the last one.

Apache’s other product: Critical bugs in ‘httpd’ web server, patch now!

By: Paul Ducklin — December 21^st 2021 at 17:57

The Apache web server just got an update - this one is nothing to do with Log4j!

“Log4Shell” Java vulnerability – how to safeguard your servers

By: Paul Ducklin — December 10^th 2021 at 16:22

Just when you thought it was safe to relax for the weekend... a critical bug showed up in Apache's Log4j product