server software | Breaking Cybersecurity News | The Hacker News

Researchers have disclosed details of two critical security vulnerabilities in Control Web Panel that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution on affected servers. Tracked as CVE-2021-45467 , the issue concerns a case of a  file inclusion vulnerability , which occurs when a web application is tricked into exposing or running arbitrary files on the web server. Control Web Panel, previously CentOS Web Panel, is an open-source Linux control panel software used for deploying web hosting environments. Specifically, the issue arises when two of the unauthenticated PHP pages used in the application — "/user/login.php" and "/user/index.php" — fail to adequately validate a path to a script file, according to Octagon Networks'  Paulos Yibelo , who discovered and reported the flaws. This means that in order to exploit the vulnerability, all an attacker has to do is to alter the  include statement , which is used...

The Apache Software Foundation (ASF) has released security updates to address several vulnerabilities in its Tomcat application server, one of which could allow a remote attacker to obtain sensitive information. Apache Tomcat is an open source web server and servlet system, which uses several Java EE specifications like Java Servlet, JavaServer Pages (JSP), Expression Language, and WebSocket, and provides a "pure Java" HTTP web server environment for Java concept to run in. Unlike Apache Struts2 vulnerabilities exploited to breach the systems of America credit reporting agency Equifax late last year, new Apache Tomcat vulnerabilities are less likely to be exploited in the wild. Apache Tomcat — Information Disclosure Vulnerability The more critical flaw ( CVE-2018-8037 ) of all in Apache Tomcat is an information disclosure vulnerability caused due to a bug in the tracking of connection closures which can lead to reuse of user sessions in a new connection. The vu...

Cybersecurity isn't just another checkbox on your business agenda. It's a fundamental pillar of survival. As organizations increasingly migrate their operations to the cloud, understanding how to protect your digital assets becomes crucial. The shared responsibility model , exemplified through Microsoft 365's approach, offers a framework for comprehending and implementing effective cybersecurity measures.  The Essence of Shared Responsibility  Think of cloud security like a well-maintained building: the property manager handles structural integrity and common areas, while tenants secure their individual units. Similarly, the shared responsibility model creates a clear division of security duties between cloud providers and their users. This partnership approach ensures comprehensive protection through clearly defined roles and responsibilities.  What Your Cloud Provider Handles  Microsoft maintains comprehensive responsibility for securing the foundational eleme...