Apache
Detecting GnuTLS CVE-2020-13777 using Zeek
By Johanna Amann, Software Engineer, Corelight CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their ...
Identifying Let’s Encrypt Revoked Certificates
Let’s Encrypt is a free, automated, open certificate authority (CA) run for the public’s benefit as a service from the Internet Security Research Group (ISRG). It provides free digital certificates to enable ...
What We Can Learn from the Capital One Hack
On Monday, a former Amazon employee was arrested and charged with stealing more than 100 million consumer applications for credit from Capital One. Since then, many have speculated the breach was perhaps ...
Cyber Security Roundup for November 2018
One of the largest data breaches in history was announced by Marriott Hotels at the end of November. A hack was said to have compromised up to a mind-blowing "half a Billion" ...
Equifax nemesis Apache Struts found vulnerable to 2-year old unpatched flaw; workaround available
Remember how an unpatched flaw in Apache Struts caused one of the biggest data breaches in history? It could happen again, if those using Apache Struts versions 2.3.x or lower fail to ...
Critical Apache Struts flaw just waiting to be exploited; PoC reported in the wild
Organizations relying on the Apache Struts framework should patch their servers ASAP, or at the very least ensure the namespace is always set within their infrastructure, as cybercrooks already have a proof-of-concept ...
