[HackerNews] New Patch Released for Actively Exploited 0-Day Apache Path Traversal to RCE Attacks

The Apache Software Foundation on Thursday released additional security updates for its HTTP Server product to remediate what it says is an “incomplete fix” for an actively exploited path traversal and remote code execution flaw that it patched earlier this week.
CVE-2021-42013, as the new vulnerability is identified as, builds upon CVE-2021-41773, a flaw that impacted Apache web servers running

Source: Read More (The Hacker News)

You might be interested in …

[HackerNews] CISA Warns of Actively Exploited Zoho ManageEngine ADSelfService Vulnerability

All posts, HackerNews

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday issued a bulletin warning of a zero-day flaw affecting Zoho ManageEngine ADSelfService Plus deployments that is currently being actively exploited in the wild. The flaw, tracked as CVE-2021-40539, concerns a REST API authentication bypass that could lead to arbitrary remote code execution (RCE). ADSelfService Plus Source: […]

Read More

[ThreatPost] Wormable Windows Bug Opens Door to DoS, RCE

All posts, ThreatPost

Microsoft’s May 2021 Patch Tuesday updates include fixes for four critical security vulnerabilities. Source: Read More (Threatpost)

Read More

[ZDNet] Robinhood ordered to pay $70 million over ‘harm’ caused to ‘millions’ of traders

All posts, ZDNet

The penalty is the largest issued by FINRA to date. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.