Admins Better Spring Into Action Over Latest Critical Vuln

— October 29^th 2024 at 15:06

News ≈ Packet Storm

Apache Makes Another Attempt At Patching Exploited RCE In OFBiz

— September 6^th 2024 at 15:15

News ≈ Packet Storm

Three-Year-Old Apache Flink Flaw Under Active Attack

— May 24^th 2024 at 14:38

The Hacker News

CISA Warns of Actively Exploited Apache Flink Security Vulnerability

By: Newsroom — May 23^rd 2024 at 16:44

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, an open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2020-17519, the issue relates to a case of improper access control that

The Hacker News

AWS Patches Critical 'FlowFixation' Bug in Airflow Service to Prevent Session Hijacking

By: Newsroom — March 22^nd 2024 at 13:45

Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) that could be potentially exploited by a malicious actor to hijack victims' sessions and achieve remote code execution on underlying instances. The vulnerability, now addressed by AWS, has been codenamed FlowFixation by Tenable.

The Hacker News

MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries

By: Newsroom — January 22^nd 2024 at 16:35

Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply chain attack method called MavenGate. "Access to projects can be hijacked through domain name purchases and since most default build configurations are vulnerable, it would be difficult or even impossible to know whether an attack was being performed

News ≈ Packet Storm