Lucene search
K

26 matches found

The Hacker News
The Hacker News
added 2025/08/15 4:20 p.m.11 views

Taiwan Web Servers Breached by UAT-7237 Using Customized Open-Source Hacking Tools

A Chinese-speaking advanced persistent threat APT actor has been observed targeting web infrastructure entities in Taiwan using customized versions of open-sourced tools with an aim to establish long-term access within high-value victim environments. The activity has been attributed by Cisco Talo...

7.7AI score
Exploits0
OSV
OSV
added 2024/03/06 11:7 a.m.31 views

BIT-REDIS-2021-32687 Integer overflow issue with intsets in Redis

Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the...

7.5CVSS8.4AI score0.03839EPSS
Exploits0References10
OSV
OSV
added 2024/03/06 10:57 a.m.84 views

BIT-APACHE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

7.5CVSS8.7AI score0.58716EPSS
Exploits2References27
OSV
OSV
added 2024/03/06 10:56 a.m.63 views

BIT-APACHE-2020-9490

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

7.5CVSS8.3AI score0.89744EPSS
Exploits0References30
The Hacker News
The Hacker News
added 2023/04/24 6:5 a.m.79 views

Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers

Print management software provider PaperCut said that it has "evidence to suggest that unpatched servers are being exploited in the wild," citing two vulnerability reports from cybersecurity company Trend Micro. "PaperCut has conducted analysis on all customer reports, and the earliest signature ...

7.9AI score0.99999EPSS
Exploits24
The Hacker News
The Hacker News
added 2023/02/02 9:45 a.m.9 views

North Korean Hackers Exploit Unpatched Zimbra Devices in 'No Pineapple' Campaign

A new intelligence gathering campaign linked to the prolific North Korean state-sponsored Lazarus Group leveraged known security flaws in unpatched Zimbra devices to compromise victim systems. That's according to Finnish cybersecurity company WithSecure formerly F-Secure, which codenamed the...

9.8CVSS9.6AI score0.98234EPSS
Exploits167
HackRead
HackRead
added 2021/11/30 2:42 p.m.16 views

Unpatched Microsoft Exchange Servers abused in new phishing campaign

By Waqas The noteworthy aspect of this phishing campaign is that the emails were sent as replies to previously sent messages, due to which these appeared legit. This is a post from HackRead.com Read the original post: Unpatched Microsoft Exchange Servers abused in new phishing campaign...

2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/08/22 9:51 a.m.499 views

WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws

The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. Tracked as...

10CVSS1AI score0.99999EPSS
Exploits18
The Hacker News
The Hacker News
added 2021/08/13 9:46 a.m.12820 views

Hackers Actively Searching for Unpatched Microsoft Exchange Servers

Threat actors are actively carrying out opportunistic scanning and exploitation of Exchange servers using a new exploit chain leveraging a trio of flaws affecting on-premises installations, making them the latest set of bugs after ProxyLogon vulnerabilities were exploited en masse at the start of...

10CVSS0.1AI score0.99999EPSS
Exploits83
HackRead
HackRead
added 2021/04/23 6:8 p.m.87 views

Prometei botnet uses NSA exploit, hits unpatched MS exchange servers

By Waqas Unpatched MS Exchange Servers are being hunted by Prometei botnet to expand its army of Monero cryptocurrency mining bots. This is a post from HackRead.com Read the original post: Prometei botnet uses NSA exploit, hits unpatched MS exchange servers...

1.9AI score
Exploits0
HackRead
HackRead
added 2021/04/08 7:16 p.m.66 views

Unpatched vulnerable VPN servers hit by Cring ransomware

By Deeba Ahmed According to Kaspersky's researchers, Cring ransomware operators are targeting vulnerable Fortinet VPN devices/servers. This is a post from HackRead.com Read the original post: Unpatched vulnerable VPN servers hit by Cring ransomware...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2021/03/24 6:39 p.m.399 views

Microsoft Exchange Servers See ProxyLogon Patching Frenzy

The patching level for Microsoft Exchange Servers that are vulnerable to the ProxyLogon group of security bugs has reached 92 percent, according to Microsoft. The computing giant tweeted out the stat earlier this week – though of course patching won’t fix already-compromised machines. Still, that...

7.5CVSS10AI score0.99999EPSS
Exploits66References12
The Hacker News
The Hacker News
added 2021/03/08 10:15 a.m.17696 views

Microsoft Exchange Cyber Attack — What Do We Know So Far?

Microsoft on Friday warned of active attacks exploiting unpatched Exchange Servers carried out by multiple threat actors, as the hacking campaign is believed to have infected tens of thousands of businesses, government entities in the U.S., Asia, and Europe. The company said "it continues to see...

9.8CVSS10AI score0.99999EPSS
Exploits66
The Hacker News
The Hacker News
added 2020/12/02 9:20 a.m.4 views

Multiple Botnets Exploiting Critical Oracle WebLogic Bug — PATCH NOW

Multiple botnets are targeting thousands of publicly exposed and still unpatched Oracle WebLogic servers to deploy crypto miners and steal sensitive information from infected systems. The attacks are taking aim at a recently patched WebLogic Server vulnerability, which was released by Oracle as...

10CVSS7.8AI score0.99997EPSS
Exploits43
ThreatPost
ThreatPost
added 2020/09/30 2:34 p.m.841 views

Microsoft Exchange Servers Still Open to Actively Exploited Flaw

Over half of exposed Exchange servers are still vulnerable to a severe bug that allows authenticated attackers to execute code remotely with system privileges – even eight months after Microsoft issued a fix. The vulnerability in question CVE-2020-0688 exists in the control panel of Exchange,...

9CVSS8.7AI score0.99965EPSS
Exploits30References15
NVD
NVD
added 2020/08/07 4:15 p.m.39 views

CVE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

7.5CVSS8.6AI score0.58716EPSS
Exploits2References26
UbuntuCve
UbuntuCve
added 2020/08/07 4:15 p.m.81 views

CVE-2020-9490

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

7.5CVSS7.2AI score0.89744EPSS
Exploits0References4
Prion
Prion
added 2020/08/07 4:15 p.m.45 views

Design/Logic Flaw

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

5CVSS7.3AI score0.89744EPSS
Exploits0References29Affected Software25
Debian CVE
Debian CVE
added 2020/08/07 3:32 p.m.90 views

CVE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate this...

7.5CVSS6.6AI score0.58716EPSS
Exploits2
Apache Httpd
Apache Httpd
added 2020/06/16 12:0 a.m.143 views

Apache Httpd < 2.4.44 : Push Diary Crash on Specifically Crafted HTTP/2 Header

In Apache HTTP Server versions 2.4.20 to 2.4.43, when trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate...

7.5CVSS8.6AI score0.58716EPSS
Exploits2Affected Software1
Rows per page
Query Builder