Articles about apache

hole

Apache's latest SNAFU – Struts normal, all fscked up: Web app framework needs urgent patching

Another critical security hole has been found in Apache Struts 2, requiring an immediate update. The vulnerability – CVE-2018-11776 – affects core code and allows miscreants to pull off remote code execution against vulnerable servers and websites. It affects all versions of Struts 2, the popular open-source framework for Java …
Kieren McCarthy, 22 Aug 2018
shutterstock_gold

Want a $200k TIP? ZDI sticks bounties on bugs in big-name server code

A bunch of new bug bounty rewards are up for grabs from the Zero Day Initiative, in a first-come, best-dressed program kicking off on August 1. The Trend Micro-backed operation announced on July 24 what it called the Targeted Incentive Program (TIP). Besides the mention of Microsoft Windows Server 2016, the TIP focuses paying …

Whisk-y business: How Apache OpenWhisk hole left IBM Cloud Functions at risk of hijacking

IBM has patched a critical vulnerability in its Cloud Functions platform that would have allowed miscreants to remotely overwrite customers' code – and execute malicious commands to hijack services. The flaws, designated CVE-2018-11756 and CVE-2018-11757, are actually present in Apache OpenWhisk, a component Big Blue uses to …
Shaun Nichols, 24 Jul 2018
birthday

Apache Cassandra at 10: Making a community believe in NoSQL

Ten years ago this month, when Lehman Brothers was still just about in business and the term NoSQL wasn't even widely known, let alone an irritant, Facebook engineers open-sourced a distributed database system named Cassandra. Back then, the idea that huge numbers of companies would need a scalable database was almost …
Rebecca Hill, 16 Jul 2018
Coal miners

How polite: Fun-bucks coin miners graciously ease off CPU pounding

Cryptocurrency-mining malware writers are dialing back their use of your compute cycles in order to avoid detection. This is according to Johannes Ullrich, head of research at SANS, who today pointed out that malicious mining apps are scaling down activity and employing built-in encryption to make them harder for antivirus …
Shaun Nichols, 29 Jun 2018
Data breach

Equifax reveals full horror of that monstrous cyber-heist of its servers

Equifax has published yet more details on the personal records and sensitive information stolen by miscreants after they hacked its databases in 2017. The good news: the number of individuals affected by the network intrusion hasn't increased from the 146.6 million Equifax previously announced, but extra types of records …

Oracle corrals and patches Struts 2 vulnerabilities

Oracle has stepped outside its usual quarterly security fix cycle to address the latest Apache Struts 2 vulnerability. Ever since it emerged at the start of September, CVE-2017-9805 has been (in the words of a former Australian prime minister) “a shiver looking for a spine to crawl up”, because so many vendors use Apache to …
A beaver chewing down a tree

New 'Beaver' web server has exactly ONE user outside China

Netcraft's monthly survey of web-facing computers has turned up an oddity: a new web server called “Beaver” that's used by exactly one web site outside China. “Just over a million sites now exhibit the Beaver Server header, and these make use of more than 110,000 unique domain names – mostly under the .cn top-level domain,” …
Simon Sharwood, 29 May 2017

Apache OpenOffice: Not dead yet, you'll just have to wait until mid-May for mystery security fixes

Apache OpenOffice, sized for euthanasia by one of its own last year, still lives and should see an update before the end of May, allegedly. The open-source productivity suite has been referred to as "a shambling corpse" by those appalled at its languid update schedule and those skeptical that its skeleton crew of volunteers …
Thomas Claburn, 28 Apr 2017

Apache Foundation hails Metron as new top level project for cybersecurity

The Apache Software Foundation (ASF) has announced Metron, a cybersecurity applications framework for centralised monitoring and analysis of network traffic, as its newest top-level project. Metron was born out of Cisco's OpenSoc project in 2014. OpenSoc aimed to provide a scalable security analytics tool based on the Hadoop …

Inside OpenSSL's battle to change its license: Coders' rights, tech giants, patents and more

Analysis The OpenSSL project, possibly the most widely used open-source cryptographic software, has a license to kill – specifically its own. But its effort to obtain permission to rewrite contributors' rights runs the risk of alienating the community that sustains it. The software is licensed under the OpenSSL License, which includes …
Thomas Claburn, 24 Mar 2017
Dudley Do-Right Royal Canadian Mounted Police

Canadians can file online tax returns again after emergency outage

Canada's taxman has restored online services it took down over the weekend to respond to unspecified vulnerabilities. The Canada Revenue Agency (CRA) announced the end of its partial outage at 5:00PM Sunday, Eastern Daylight Time. The agency doesn't stipulate the vulnerability it identified, merely saying it affected “ …

Apache Struts 2 needs patching, without delay. It's under attack now

Infosec researchers have found a “dire” zero-day in Apache Struts 2, and it's under active attack. If you're a sysadmin using the Jakarta-based file upload Multipart parser under Apache Struts 2, Nick Biasini of Cisco's Talos advises applying the latest upgrade immediately. CVE-2017-5638 is documented at Rapid7's Metasploit …

Google must be Beaming as Apache announces its new top-level projects

The Apache Software Foundation has today announced two new top-level projects, Apache Beam and Apache Eagle. Apache Beam is yet another technology birthed by Google's work on data processing, and its roots can be traced back to Google's initial MapReduce system which revolutionised the science of distributed data processing …

Even big data devs make big data security gaffes

Apache Big Data Europe Big data application programmers routinely download and execute unverified code, opening the door to information-stealing hackers, a security researcher has claimed. Olaf Flebbe, chief software architect at European software integrator Science+Computing, is upset that software engineers have got into the habit of insecurely …
John Leyden, 21 Nov 2016
Baby

'Podling' Apache projects are spending longer in the incubator

ApacheCon Stewards of the Apache Software Foundation are mildly concerned that many nascent projects are spending longer in the incubator, putting pressure on limited mentoring resources. In the 12 months up to November 2016, ASF oversaw 30 new "podling" incubator projects, of which four were retired and just seven graduated. Jim …
John Leyden, 17 Nov 2016
Hadoop

Hadoop experiencing growing pains in lamestream businesses

Apache Big Data Fast, unbridled growth has hurt adoption of Hadoop, according to a leading advocate of the technology. John Mertic, director of program management at ODPi, said that work on Hadoop was often relegated to a "skunkworks" project in many mainstream organisations. "It's effectively stuck," he said during a keynote presentation at …
John Leyden, 16 Nov 2016

Is it time to unplug frail OpenOffice's life support? Apache Project asked to mull it over

The Apache OpenOffice project has limited capacity for sustaining itself in an energetic manner. The retirement of the project is a serious possibility. Those are the words of Dennis Hamilton, the volunteer vice-president of OpenOffice who advises the Apache Software Foundation board. Yesterday, he publicly floated the idea of …

Create a news alert about apache, or find more stories about apache.

Biting the hand that feeds IT © 1998–2018