[HackerNews] Log4Shell-like Critical RCE Flaw Discovered in H2 Database Console

Researchers have disclosed a security flaw affecting H2 database consoles that could result in remote code execution in a manner that echoes the Log4j “Log4Shell” vulnerability that came to light last month.
The issue, tracked as CVE-2021-42392, is the ” first critical issue published since Log4Shell, on a component other than Log4j, that exploits the same root cause of the Log4Shell

Source: Read More (The Hacker News)

You might be interested in …

[TheRecord] Crypto-mining botnet modifies CPU configurations to increase its mining power

A crypto-mining botnet is modifying CPU configurations on hacked Linux servers in order to increase the performance and output of its cryptocurrency mining code. The attacks, detected by cloud security firm Uptycs, represent the first instances where a threat actor modifies a processor’s MSR to disable a CPU feature called hardware prefetcher. Enabled by default […]

Read More

[ZDNet] China’s personal data protection law kicks in today

All posts, ZDNet

Passed in August, the Personal Information Protection Law takes effect on November 1, spelling out rules around data collection, use, and storage, as well as what international companies must do when they transfer data out of the country. Source: Read More (Latest topics for ZDNet in Security)

Read More

[SANS ISC] Apache 2.4.49 Directory Traversal Vulnerability (CVE-2021-41773), (Wed, Oct 6th)

All posts, Sans-ISC

The Apache Software Foundation yesterday released version 2.4.50 of its flagship Apache webserver [1]. This release fixes an easily exploited directory traversal vulnerability. BLOF: This directory traversal vulnerability only affects a specific Apache version, 2.4.49, which was downloadable after September 15th 2021 from the apache.org website. It is not included in any Linux distributions. The […]

Read More