[ThreatPost] Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS

Don’t freak: It’s got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD’s tendency to tiptoe into software projects.

Source: Read More (Threatpost)

You might be interested in …

Daily NCSC-FI news followup 2019-12-03

An Update on Android TLS Adoption security.googleblog.com/2019/12/an-update-on-android-tls-adoption.html Today, were happy to announce that 80% of Android apps are encrypting traffic by default. The percentage is even greater for apps targeting Android 9 and higher, with 90% of them encrypting traffic by default. Critical Android Flaw Leads to Permanent DoS threatpost.com/google-critical-android-permanent-dos-flaw/150764/ The December security update stomped […]

Read More

[TheRecord] Conti gang threatens to dump victim data if ransom negotiations leak to reporters

The Conti ransomware gang has published a rare public statement today threatening hacked companies that they will leak their stolen files if details or screenshots of the ransom negotiations process are leaked to journalists. These ransom negotiations usually take place after Conti (or any other ransomware gang) breaches a company and encrypts their files. A […]

Read More

[HackerNews] Apple Pay Can be Abused to Make Contactless Payments From Locked iPhones

All posts, HackerNews

Cybersecurity researchers have disclosed an unpatched flaw in Apple Pay that attackers could abuse to make an unauthorized Visa payment with a locked iPhone by taking advantage of the Express Travel mode set up in the device’s wallet. “An attacker only needs a stolen, powered on iPhone. The transactions could also be relayed from an […]

Read More