News/Intelligence/IOCs Stories New Meta information stealer distributed in malspam campaign – LINK EU officials were targeted with Israeli surveillance software – LINK FBI, Europol Seize RaidForums Hacker Forum and Arrest Admin – LINK Enemybot: a new Mirai, Gafgyt hybrid botnet joins the scene – LINK Clueless hackers spent months inside a network and nobody noticed. […]
Tag: apache
Apache Patches Code Execution Bug
LINK Thanks to the ZDI guys. If you have Apache, or any device that has a built in webserver, you need to check if it has a firmware update soon.
Apache http Server Affected by 2 Critical Vulnerabilities
LINK Apache Log4J has been getting significant of attention in the last 2-3 weeks. Don’t forget the perennial favorite, http server. It needs your attention now as well.
CISA creates Apache Log4j Vulnerability Guidance webpage
LINK CISA created this page to show updates and suggestions on actions as well.
Active Attack: Zero-Day in Log4j Java library
LINK All versions of Apache are affected. Attacks are already occurring. Update anything Apache now.
Apache Tomcat HTTP Request Smuggling Vulnerability (CVE-2021-33037)
LINK Tomcat has updates…Update your installs ASAP
Apache releases advisory for Tomcat
LINK Time to examine Tomcat again.
Apache releases NEW update to Critical Update from earlier this week
LINK Apache was affected by a zero-day earlier this week. They have released a NEW update for the update that was pushed out earlier this week. The fix that was released earlier was ineffectual. Download and use 2.4.51, not 2.4.50.
Apache updates HTTP server from a Zero-Day, Update NOW
LINK Time to update immediately as the Apache Foundation has released an update to their HTTP server that fixes a Zero-Day.
Apache Releases Important Tomcat Update
LINK Apache Tomcat did not correctly parse the HTTP transfer-encoding requestheader in some circumstances leading to the possibility to requestsmuggling when used with a reverse proxy. Specifically: Tomcatincorrectly ignored the transfer-encoding header if the client declaredit would only accept an HTTP/1.0 response; Tomcat honoured the identifyencoding; and Tomcat did not ensure that, if present, the […]