Apache News, Articles and Updates

Electroneum-mining operation now targeting Struts systems on Windows

The well-known Apache Struts 2 Jakarta Multipart Parser remote code execution cryptocurrency campaign, is now being used by cyber-criminals to mine Electroneum coin by targeting systems running Windows operating systems.

Cryptocurrency mining crimeblotter, Apache CouchDB & other vulnerabilities

The amount of illegal cryptocurrency mining that is now taking place makes keeping track a difficult task, but here is a quick roundup of what was has been spotted over the last few days.

Autosploit marries Shodan, Metasploit, puts IoT devices at risk

Autosploit, a new tool that basically couples Shodan and Metasploit, makes it easy for even amateurs to hack vulnerable IoT devices.

Updates address vulnerabilities in Apache Struts versions 2.5 to 2.5.14

A pair of security updates released by the Apache Software Foundation patch vulnerabilities in Apache Struts versions 2.5 to 2.5.14 that would let a remote attacker take control of a system, according to a US-CERT alert.

Apache OpenOffice patches four vulnerabilities in 4.1.4 update

Apache OpenOffice patched four medium vulnerabilities in the suites word processing and graphics apps.

Oracle patches 7 Apache Struts 2 vulnerabilities

Oracle issued seven security updates to patch vulnerabilities found in Apache Struts 2.

Apache Struts vulnerability led to earlier breach at Equifax

Equifax said a breach it discovered in March was not related to the second in September though the hackers were reportedly the same, and the same vulnerability in Apache Struts was exploited in both incidents.

Apache Struts alters API code, patch critical remote code execution flaw

The Apache Struts Software Foundation has released an update to its open-source web application framework to fix a critical remote code execution vulnerability

Report: Banking trojans and weaponised Office docs month's top attack vectors

Researchers at Invincea report that banking trojans delivered by weaponised Office documents were the top attack vector for the month of October.