#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

server vulnerability | Breaking Cybersecurity News | The Hacker News

GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat

GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat

Feb 28, 2020
If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Yes, that's possible because all versions (9.x/8.x/7.x/6.x) of the Apache Tomcat released in the past 13 years have been found vulnerable to a new high-severity (CVSS 9.8) ' file read and inclusion bug '—which can be exploited in the default configuration. But it's more concerning because several proof-of-concept exploits ( 1 , 2 , 3 , 4  and more ) for this vulnerability have also been surfaced on the Internet, making it easy for anyone to hack into publicly accessible vulnerable web servers. Dubbed ' Ghostcat ' and tracked as CVE-2020-1938 , the flaw could let unauthenticated, remote attackers read the content of any file on a vulnerable web server and obtain sensitive configuration files or source code, or execute arbitrary code if the server allows file uploa
Facebook Patches "Memory Disclosure Using JPEG Images" Flaws in HHVM Servers

Facebook Patches "Memory Disclosure Using JPEG Images" Flaws in HHVM Servers

Sep 09, 2019
Facebook has patched two high-severity vulnerabilities in its server application that could have allowed remote attackers to unauthorisedly obtain sensitive information or cause a denial of service just by uploading a maliciously constructed JPEG image file. The vulnerabilities reside in HHVM (HipHop Virtual Machine)—a high-performance, open source virtual machine developed by Facebook for executing programs written in PHP and Hack programming languages. HHVM uses a just-in-time (JIT) compilation approach to achieve superior performance of your Hack and PHP code while maintaining the development flexibility that the PHP language provides. Since the affected HHVM server application is open-source and free, both issues may also impact other websites that use HHVM, including Wikipedia, Box and especially those which allow their users to upload images on the server. Both the vulnerabilities, as listed below, reside due to a possible memory overflow in the GD extension of HHVM wh
Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Feb 14, 2024Financial Security / Cyber Threats
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more limited resources. The FinServ Threat Landscape Recent trends show an alarming increase in sophisticated cyber-attacks. Cybercriminals now deploy advanced techniques like deep fake technology and AI-powered attacks, making it increasingly difficult for banks to differentiate between legitimate and malicious activities. These developments necessitate a shift towards more sophisticated and adaptive cybersecurity measures. Take these industry statistics, for example. Financial firms report 703 cyberattack attempts per week.1 On average, 270 attacks (entailing unauthorized access of data, appl
8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks

8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks

Aug 14, 2019
Various implementations of HTTP/2 , the latest version of the HTTP network protocol, have been found vulnerable to multiple security vulnerabilities affecting the most popular web server software, including Apache, Microsoft's IIS, and NGINX. Launched in May 2015, HTTP/2 has been designed for better security and improved online experience by speeding up page loads. Today, over hundreds of millions of websites, or some 40 percent of all the sites on the Internet, are running using HTTP/2 protocol. A total of eight high-severity HTTP/2 vulnerabilities , seven discovered by Jonathan Looney of Netflix and one by Piotr Sikora of Google, exist due to resource exhaustion when handling malicious input, allowing a client to overload server's queue management code. The vulnerabilities can be exploited to launch Denial of Service (DoS) attacks against millions of online services and websites that are running on a web server with the vulnerable implementation of HTTP/2 , knocking
cyber security

The Critical State of AI in the Cloud

websiteWiz.ioArtificial Intelligence / Cloud Security
Wiz Research reveals the explosive growth of AI adoption and what 150,000+ cloud accounts revealed about the AI surge.
Cybersecurity Resources