FreshRSS

🔒
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
△ 🔃
There are new available articles, click to refresh the page.
☐ ☆ ✇ The Hacker News

CISA Warns of Actively Exploited Apache Flink Security Vulnerability

By: Newsroom — May 23rd 2024 at 16:44
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, an open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2020-17519, the issue relates to a case of improper access control that
☐ ☆ ✇ The Hacker News

AWS Patches Critical 'FlowFixation' Bug in Airflow Service to Prevent Session Hijacking

By: Newsroom — March 22nd 2024 at 13:45
Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) that could be potentially exploited by a malicious actor to hijack victims' sessions and achieve remote code execution on underlying instances. The vulnerability, now addressed by AWS, has been codenamed FlowFixation by Tenable.
☐ ☆ ✇ The Hacker News

MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries

By: Newsroom — January 22nd 2024 at 16:35
Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply chain attack method called MavenGate. "Access to projects can be hijacked through domain name purchases and since most default build configurations are vulnerable, it would be difficult or even impossible to know whether an attack was being performed
☐ ☆ ✇ The Hacker News

Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks

By: Newsroom — January 12th 2024 at 07:56
Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments. "This attack is particularly intriguing due to the attacker's use of packers and rootkits to conceal the malware," Aqua security researchers Nitzan Yaakov and Assaf Morag said in an analysis published earlier
☐ ☆ ✇ The Hacker News

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems

By: Newsroom — January 11th 2024 at 14:16
Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8), a bypass for another severe shortcoming in the same software (CVE-
☐ ☆ ✇ The Hacker News

CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe, D-Link, Joomla Under Attack

By: Newsroom — January 10th 2024 at 04:50
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This includes CVE-2023-27524 (CVSS score: 8.9), a high-severity vulnerability impacting the Apache Superset open-source data visualization software that could enable remote code execution.
☐ ☆ ✇ The Hacker News

New Critical RCE Vulnerability Discovered in Apache Struts 2 - Patch Now

By: Newsroom — December 12th 2023 at 05:23
Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution. Tracked as CVE-2023-50164, the vulnerability is rooted in a flawed "file upload logic" that could enable unauthorized path traversal and could be exploited under the circumstances to upload a malicious file
☐ ☆ ✇ The Hacker News

Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution

By: Newsroom — December 6th 2023 at 09:18
Atlassian has released software fixes to address four critical flaws in its software that, if successfully exploited, could result in remote code execution. The list of vulnerabilities is below - CVE-2022-1471 (CVSS score: 9.8) - Deserialization vulnerability in SnakeYAML library that can lead to remote code execution in multiple products CVE-2023-22522 (CVSS score
☐ ☆ ✇ The Hacker News

GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability

By: Newsroom — November 29th 2023 at 05:07
The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program known as PrCtrl Rat that's capable of remotely commandeering the infected hosts. The attacks involve the exploitation of a remote code execution bug (CVE-2023-46604, CVSS score: 10.0)
☐ ☆ ✇ The Hacker News

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

By: Newsroom — November 21st 2023 at 10:00
The Kinsing threat actors are actively exploiting a critical security flaw in vulnerable Apache ActiveMQ servers to infect Linux systems with cryptocurrency miners and rootkits. "Once Kinsing infects a system, it deploys a cryptocurrency mining script that exploits the host's resources to mine cryptocurrencies like Bitcoin, resulting in significant damage to the infrastructure and a negative
☐ ☆ ✇ The Hacker News

Randstorm Exploit: Bitcoin Wallets Created b/w 2011-2015 Vulnerable to Hacking

By: Newsroom — November 20th 2023 at 09:16
Bitcoin wallets created between 2011 and 2015 are susceptible to a new kind of exploit called Randstorm that makes it possible to recover passwords and gain unauthorized access to a multitude of wallets spanning several blockchain platforms. "Randstorm() is a term we coined to describe a collection of bugs, design decisions, and API changes that, when brought in contact with each other, combine
☐ ☆ ✇ The Hacker News

New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar

By: Newsroom — November 15th 2023 at 13:49
Cybersecurity researchers have demonstrated a new technique that exploits a critical security flaw in Apache ActiveMQ to achieve arbitrary code execution in memory. Tracked as CVE-2023-46604 (CVSS score: 10.0), the vulnerability is a remote code execution bug that could permit a threat actor to run arbitrary shell commands. It was patched by Apache in ActiveMQ versions 5.15.16, 5.16.7, 5.17.6,
☐ ☆ ✇ The Hacker News

Experts Warn of Ransomware Hackers Exploiting Atlassian and Apache Flaws

By: Newsroom — November 7th 2023 at 07:14
Multiple ransomware groups have begun to actively exploit recently disclosed flaws in Atlassian Confluence and Apache ActiveMQ. Cybersecurity firm Rapid7 said it observed the exploitation of CVE-2023-22518 and CVE-2023-22515 in multiple customer environments, some of which have been leveraged for the deployment of Cerber (aka C3RB3R) ransomware. Both vulnerabilities are critical, allowing threat
☐ ☆ ✇ The Hacker News

HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability

By: Newsroom — November 2nd 2023 at 04:27
Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution. "In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim organizations," cybersecurity firm Rapid7 disclosed in a
☐ ☆ ✇ The Hacker News

Alert: Apache Superset Vulnerabilities Expose Servers to Remote Code Execution Attacks

By: THN — September 7th 2023 at 11:02
Patches have been released to address two new security vulnerabilities in Apache Superset that could be exploited by an attacker to gain remote code execution on affected systems. The update (version 2.1.1) plugs CVE-2023-39265 and CVE-2023-37941, which make it possible to conduct nefarious actions once a bad actor is able to gain control of Superset’s metadata database. Outside of these
☐ ☆ ✇ The Hacker News

Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities

By: THN — July 20th 2023 at 15:56
Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers. "Attackers can bring the application into an unexpected state, which allows them to take over any user account, including the admin account," Sonar vulnerability
☐ ☆ ✇ The Hacker News

Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining

By: Ravie Lakshmanan — May 31st 2023 at 15:44
A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement. The findings come from the SANS Internet Storm Center (ISC), which detected a spike in HTTP requests for “/nifi” on May 19, 2023. “Persistence is achieved via timed processors or entries to cron,” said Dr.
☐ ☆ ✇ The Hacker News

Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks

By: Ravie Lakshmanan — April 26th 2023 at 09:29
The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. The vulnerability, tracked as CVE-2023-27524 (CVSS score: 8.9), impacts versions up to and including 2.0.1 and relates to the use of a default SECRET_KEY that could be abused by attackers to authenticate and access
☐ ☆ ✇ The Hacker News

Hackers Started Exploiting Critical "Text4Shell" Apache Commons Text Vulnerability

By: Ravie Lakshmanan — October 21st 2022 at 11:03
WordPress security company Wordfence on Thursday said it started detecting exploitation attempts targeting the newly disclosed flaw in Apache Commons Text on October 18, 2022. The vulnerability, tracked as CVE-2022-42889 aka Text4Shell, has been assigned a severity ranking of 9.8 out of a possible 10.0 on the CVSS scale and affects versions 1.5 through 1.9 of the library. It's also similar to
☐ ☆ ✇ Naked Security

Dangerous hole in Apache Commons Text – like Log4Shell all over again

By: Paul Ducklin — October 18th 2022 at 16:26
Third time unlucky. Time to put your patching boots on again...

act-1200

☐ ☆ ✇ KitPloit - PenTest Tools!

Matano - The Open-Source Security Lake Platform For AWS

By: noreply@blogger.com (Unknown) — October 14th 2022 at 11:30


Matano is an open source security lake platform for AWS. It lets you ingest petabytes of security and log data from various sources, store and query them in an open Apache Iceberg data lake, and create Python detections as code for realtime alerting. Matano is fully serverless and designed specifically for AWS and focuses on enabling high scale, low cost, and zero-ops. Matano deploys fully into your AWS account.


Features

Collect data from all your sources

Matano lets you collect log data from sources using S3 or SQS based ingestion.

Ingest, transform, normalize log data

Matano normalizes and transforms your data using Vector Remap Language (VRL). Matano works with the Elastic Common Schema (ECS) by default and you can define your own schema.

Store data in S3 object storage

Log data is always stored in S3 object storage, for cost effective, long term, durable storage.

Apache Iceberg Data lake

All data is ingested into an Apache Iceberg based data lake, allowing you to perform ACID transactions, time travel, and more on all your log data. Apache Iceberg is an open table format, so you always own your own data, with no vendor lock-in.

Serverless

Matano is a fully serverless platform, designed for zero-ops and unlimited elastic horizontal scaling.

Detections as code

Write Python detections to implement realtime alerting on your log data.

Installing

View the complete installation instructions.

You can install the matano CLI to deploy Matano into your AWS account, and manage your Matano deployment.

Requirements

  • Docker

Installation

Matano provides a nightly release with the latest prebuilt files to install the Matano CLI on GitHub. You can download and execute these files to install Matano.

For example, to install the Matano CLI for Linux, run:

curl -OL https://github.com/matanolabs/matano/releases/download/nightly/matano-linux-x64.sh
chmod +x matano-linux-x64.sh
sudo ./matano-linux-x64.sh

Getting started

Read the complete docs on getting started.

Deployment

To get started with Matano, run the matano init command. Make sure you have AWS credentials in your environment (or in an AWS CLI profile).

The interactive CLI wizard will walk you through getting started by generating an initial Matano directory for you, initializing your AWS account, and deploying Matano into your AWS account.


Initial deployment takes a few minutes.

Documentation

View our complete documentation.

License



☐ ☆ ✇ KitPloit - PenTest Tools!

ApacheTomcatScanner - A Python Script To Scan For Apache Tomcat Server Vulnerabilities

By: noreply@blogger.com (Unknown) — September 3rd 2022 at 12:30


A python script to scan for Apache Tomcat server vulnerabilities.


Features

  • Multithreaded workers to search for Apache tomcat servers.
  • Multiple target source possible:
    • Retrieving list of computers from a Windows domain through an LDAP query to use them as a list of targets.
    • Reading targets line by line from a file.
    • Reading individual targets (IP/DNS/CIDR) from -tt/--target option.
  • Custom list of ports to test.
  • Tests for /manager/html access and default credentials.
  • List the CVEs of each version with the --list-cves option

Installation

You can now install it from pypi with this command:

sudo python3 -m pip install apachetomcatscanner

Usage

$ ./ApacheTomcatScanner.py -h
Apache Tomcat Scanner v2.3.2 - by @podalirius_

usage: ApacheTomcatScanner.py [-h] [-v] [--debug] [-C] [-T THREADS] [-s] [--only-http] [--only-https] [--no-check-certificate] [--xlsx XLSX] [--json JSON] [-PI PROXY_IP] [-PP PROXY_PORT] [-rt REQUEST_TIMEOUT] [-tf TARGETS_FILE]
                              [-tt TARGET] [-tp TARGET_PORTS] [-ad AUTH_DOMAIN] [-ai AUTH_DC_IP] [-au AUTH_USER] [-ap AUTH_PASSWORD] [-ah AUTH_HASH]

A python script to scan for Apache Tomcat server vulnerabilities.

optional arguments:
  -h, --help            show this help message and exit
  -v, --verbose         Verbose mode. (default: False)
  --debug               Debug mode, for huge verbosity. (default: False)
  -C, --list-cves       List CVE ids affecting each version found. (default: False)
  -T THREADS, --threads THREADS
                        Number of threads (default: 5)
  -s, --servers-only    If querying ActiveDirectory, only get servers and not all computer objects. (default: False)
  --only-http           Scan only with HTTP scheme. (default: False, scanning with both HTTP and HTTPs)
  --only-https          Scan only with HTTPs scheme. (default: False, scanning with both HTTP and HTTPs)
  --no-check-certificate
                        Do not check certificate. (default: False)
  --xlsx XLSX           Export results to XLSX
  --json JSON           Export results to JSON

  -PI PROXY_IP, --proxy-ip PROXY_IP
                        Proxy IP.
  -PP PROXY_PORT, --proxy-port PROXY_PORT
                        Proxy port
  -rt REQUEST_TIMEOUT, --request-timeout REQUEST_TIMEOUT

  -tf TARGETS_FILE, --targets-file TARGETS_FILE
                        Path to file containing a line by line list of targets.
  -tt TARGET, --target TARGET
                        Target IP, FQDN or CIDR
  -tp TARGET_PORTS, --target-ports TARGET_PORTS
                        Target ports to scan top search for Apache Tomcat servers.
  -ad AUTH_DOMAIN, --auth-domain AUTH_DOMAIN
                        Windows domain to authenticate to.
  -ai AUTH_DC_IP, --auth-dc-ip AUTH_DC_IP
                        IP of the domain controller.
  -au AUTH_USER, --auth-user AUTH_USER
Username of the domain account.
  -ap AUTH_PASSWORD, --auth-password AUTH_PASSWORD
                        Password of the domain account.
  -ah AUTH_HASH, --auth-hash AUTH_HASH
                        LM:NT hashes to pass the hash for this user.

Example


 

You can also list the CVEs of each version with the --list-cves option:



Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.



☐ ☆ ✇ Naked Security

Apache “Commons Configuration” patches Log4Shell-style bug – what you need to know

By: Paul Ducklin — July 8th 2022 at 00:59
It's a bit like Log4J, but for configuration files, not for logging.

☐ ☆ ✇ Naked Security

QNAP warns of new bugs in its Network Attached Storage devices

By: Paul Ducklin — April 22nd 2022 at 15:15
Here's what you need to know - plus some sensible advice for all the devices on your home or small biz network!

nas-1200

☐ ☆ ✇ Naked Security

Log4Shell vulnerability Number Four: “Much ado about something”

By: Paul Ducklin — December 29th 2021 at 16:12
It's a Log4j bug, and you ought to patch it. But we don't think it's a critical crisis like the last one.

☐ ☆ ✇ Naked Security

Apache’s other product: Critical bugs in ‘httpd’ web server, patch now!

By: Paul Ducklin — December 21st 2021 at 17:57
The Apache web server just got an update - this one is nothing to do with Log4j!

☐ ☆ ✇ Naked Security

“Log4Shell” Java vulnerability – how to safeguard your servers

By: Paul Ducklin — December 10th 2021 at 16:22
Just when you thought it was safe to relax for the weekend... a critical bug showed up in Apache's Log4j product

❌