Apache

On August 22, 2018, the Apache Software Foundation reported a new vulnerability in the Apache Struts framework (CVE-2018-11776) that could allow an attacker to execute remote code and possibly gain access to a targeted system. The flaw exists because Apache Struts does not perform proper validation of input data. This is a flaw in the Struts framework core, which means all Struts installations are potentially vulnerable.

Many of you probably think that the National Security Agency (NSA) and open-source software get along like a house on fire. That's to say, flaming destruction. You would be wrong.

In partnership with the Apache Software Foundation, the NSA announced on Tuesday it is releasing the source code for Niagarafiles (Nifi). The spy agency said Nifi "automates data flows among multiple computer networks, even when data formats and protocols differ."

Apache is the most widely used web server on the planet, and it's also one of the most widely attacked. To that end, it's always smart to lock down your Apache server as best as possible. This goes well beyond just locking down your network -- you need to give that Apache server as much attention as it might get from outside sources.

I'll walk you through the process of preventing your Apache server from Distributed Denial of Service (DDoS), Slowloris, and DNS Injection attacks. These breakins are quite simple to prevent, as long as you take the time to lock down that server.

Researchers have identified new self-replicating malware that infects computers running the Apache Tomcat Web server with a backdoor that can be used to attack other machines.

Google has extended its Patch Reward Program to include a raft of new platforms and technologies including its own Android system as it looks to improve the securiry of open source software.

The firm announced an overhaul to its security patch policies last month, offering white hats up to $3,133 for fixes.

Chinese hackers are using an automated tool to exploit known vulnerabilities in Apache Struts, in order to install backdoors on servers hosting applications developed with the framework.

Apache Struts is a popular open-source framework for developing Java-based Web applications that's maintained by the Apache Software Foundation.

Hundreds of thousands of websites could be endangered by publicly available attack code exploiting a critical vulnerability in the Plesk control panel. This particular vulnerability gives hackers control of the server it runs on according to security researchers.

Security researchers have uncovered an ongoing and widespread attack that causes sites running three of the Internet's most popular Web servers to push potent malware exploits on visitors.

Ongoing exploits infecting tens of thousands of reputable sites running the Apache Web server have only grown more powerful and stealthy since Ars first reported on them four weeks ago. Researchers have now documented highly sophisticated features that make these exploits invisible without the use of special forensic detection methods.

Tens of thousands of websites, some operated by The Los Angeles Times, Seagate, and other reputable companies, have recently come under the spell of "Darkleech," a mysterious exploitation toolkit that exposes visitors to potent malware attacks.