Hot Topics

Apache

Apache ActiveMQ Remote Code Execution Vulnerability Notification

| | ActiveMQ, Apache, Blog, Emergency Response
Overview Recently, NSFOCUS CERT found that the open source message middleware ActiveMQ developed by the Apache Software Foundation had an XML external entity injection vulnerability. Since the port 61616 was opened by ...
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.

Tripwire Patch Priority Index for January 2022

| | adobe, Apache, Featured Articles, Microsoft, open source, patch priority index, PPI, VERT
Tripwire’s January 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Apache, Open Source Policy Kit, Adobe, and Microsoft. First on the patch priority list this month are patches for Apache ...
The State of Security

Tripwire Patch Priority Index for December 2021

| | Apache, Linux, Microsoft, patch priority index, PPI, VERT
Tripwire’s December 2021 Patch Priority Index (PPI) brings together important vulnerabilities for Apache, Ubuntu Linux Kernel, and Microsoft. First on the patch priority list this month are patches for Apache Log4j2 vulnerabilities, ...
The State of Security
Log4j Vulnerability, Apple AirTags Used by Thieves, The FBI's Encrypted Messaging App Document

Log4j Vulnerability, Apple AirTags Used by Thieves, FBI’s Encrypted Messaging App Document

| | AirTags, Apache, Apple, Cybersecurity, Digital Privacy, encryption, Episodes, FBI, Information Security, Infosec, Log2Shell, Log4j, Messaging Apps, Podcast, Privacy, security, technology, vulnerability, Weekly Edition
This week we discuss the Apache Log4j vulnerability and the impact it will have on organizations now and into the future, details on how Apple AirTags are being used by thieves to ...
The Shared Security Show
Log4Shell Vulnerability: What Security Operations Teams Need to Know Now and How SOAR Can Help You Detect and Respond

Log4Shell Vulnerability: What Security Operations Teams Need to Know Now and How SOAR Can Help You Detect and Respond

| | Apache, Automation, Industry Trends, Log4j, Log4Shell, MSSP, Playbooks, Product Updates & Tips, SBN News, Security Orchestration and Automation, SOAR, SOC Best Practices, Threat Hunting, Vulnerabilities, zero-day
For security professionals, 2021 will conclude with them racing to respond to one of the most grave internet vulnerabilities in... The post Log4Shell Vulnerability: What Security Operations Teams Need to Know Now ...
Siemplify
Log4Shell: Apache Log4j Remote Code Execution

Log4Shell: Apache Log4j Remote Code Execution

| | Apache, Cybersecurity, Hacking, Java, Software Development
Unauthenticated RCE in critical Java logging utility Log4jOn 9 December 2021, Apache disclosed that the Log4j 2 utility contains a critical vulnerability that allows unauthenticated remote code execution (RCE), a serious issue that ...
ShiftLeft Blog - Medium

How RASP Protects Apache Servers from zero-day Path Traversal Attacks (CVE-2021-41773)

| | Apache, Application Security, Digest, Path Traversal Attacks, runtime application self-protection, zero-day
In late September of 2021, a path traversal and file disclosure vulnerability was disclosed and reported as CVE-2021-41773 in Apache HTTP Server version 2.4.29. Both Windows and Linux servers are affected. This ...
Blog
The Data Lakehouse Post 3 – Catching Up with The Latest Big Data Developments

The Data Lakehouse Post 3 – Catching Up with The Latest Big Data Developments

| | Apache, big data, data lake, data lakehouse, databases, hudi, kudu
I recently wrote a post about the concept of the Data Lakehouse, which in some ways, brings components of what I outlined in the first post around my desires for a new ...
Cyber Security – Strategy and Innovation
Detecting GnuTLS CVE-2020-13777 using Zeek

Detecting GnuTLS CVE-2020-13777 using Zeek

| | Apache, Corelight Labs, CVE-2020-13777, GnuTLS, mitm, Network Security, network security monitoring, network traffic analysis, network visibility, Open Source Community, openssl, pcap, Public Key Cryptography, TLS, TLS 1.2, TLS 1.3, Zeek
By Johanna Amann, Software Engineer, Corelight CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their ...
Bright Ideas Blog
Identifying Let’s Encrypt Revoked Certificates

Identifying Let’s Encrypt Revoked Certificates

| | Apache, CertView, dashboard, Detection, qid, Qualys Technology, Security Labs, The Laws of Vulnerabilities, vulnerability
Let’s Encrypt is a free, automated, open certificate authority (CA) run for the public’s benefit as a service from the Internet Security Research Group (ISRG). It provides free digital certificates to enable ...
The Laws of Vulnerabilities – Qualys Blog
Load more