Experts Expect “Aggressive Exploitation” of Two Apache Solr Vulnerabilities
Tuesday, November 26, 2019
Apache Solr, an open source enterprise search platform used by some of the biggest names in business including Adobe, Bloomberg, eBay, Goldman Sachs, Instagram and Netflix as users, remains vulnerable to a zero day weeks after proof-of-concept code became public, cybersecurity experts have warned.
Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, commented: “Modern-day cybercrime groups are super agile.
“Probably, as early as the first PoC was published, it was on their radar. On underground marketplaces, one can easily find lists of servers or websites with specific network or web software. Once a hot 0day is published, attackers buy these lists with all publicly-known servers running the vulnerable software and swiftly launch their attacks. Given that the vulnerability is exploitable in default configuration, we should expect quite large-scale and aggressive exploitation in the wild pretty soon.
“Server admins must urgently update their configuration as per vendor’s instructions, and then ascertain that their servers have not been breached before.” Read Full Article
SC Media: Chinese national charged in US for stealing proprietary software
Wired: 1.2 Billion Records Found Exposed Online in a Single Server