Home Tags Apache

Tag: apache

Oracle fixes Struts and Shadow Brokers exploits in huge patch release

Oracle has released a record 299 security fixes for vulnerabilities in its products, including patches for a widely exploited vulnerability in the Apache Struts framework and a Solaris exploit supposedly used by the U.S. National Security Agency.The Struts vulnerability allows for remote code execution on Java web servers and was patched on March 6.

Attackers have quickly adopted it and have used it in widespread attacks since then.[ MySQL face-off: Amazon vs.

Google. | Learn how to get started, step by step, with MySQL. | Also on InfoWorld: 10 essential performance tips for MySQL | Track the latest trends in open source with InfoWorld's Linux Report newsletter. ]
Oracle uses Apache Struts 2 in several of its products, which is why Tuesday’s critical patch update (CPU) fixed 25 instances of the vulnerability in Oracle Communications, Retail and Financial Services applications, as well as in the MySQL Enterprise Monitor, Oracle WebCenter Sites, Oracle WebLogic Server and the Siebel E-Billing app.To read this article in full or to leave a comment, please click here

Oracle Patches 299 Vulnerabilities in April Critical Patch Update

Among the many patches this month are multiple products being updated to fix an Apache Struts vulnerability that was publicly disclosed in March 2017.

Record Oracle Patch Update Addresses ShadowBrokers, Struts 2 Vulnerabilities

Oracle released a record 299 patches, including a fix for a Solaris vulnerability disclosed by the ShadowBrokers, and another for the recently disclosed Apache Struts 2 flaw.

IDG Contributor Network: Did Ubuntu dump Unity for cash?

Did Ubuntu dump Unity for money? Canonical dumped GNOME for its own Unity desktop years ago, but now the company has reversed itself and will release Ubuntu 18.04 with GNOME instead of Unity.So why did Canonical give up on Unity?[ Intel, Apache, Amazon, and more: See the 2017 open source rookies of the year. | Cut to the key news in technology trends and IT breakthroughs with the InfoWorld Daily newsletter, our summary of the top tech happenings. ]Christine Hall speculates that it all came down to money for Canonical, and she lists the reasons for the company’s shocking switch from Unity to GNOME in Ubuntu 18.04.To read this article in full or to leave a comment, please click here

Apache Struts 2 Exploits Installing Cerber Ransomware

Attackers are attempting to exploit the recent Apache Struts vulnerability on Windows servers and the payload is a variant of the Cerber ransomware.

After Spark: Ray project tackles real-time machine learning

RISELab, the successor to the U.C.

Berkeley group that created Apache Spark, is hatching a project that could replace Spark—or at least displace it for key applications.Ray is a distributed framework designed for low-latency real-time processing, such as machine learning.

Created by two doctoral students at RISELab, Philipp Moritz and Robert Nishihara, it works with Python to run jobs either on a single machine or distributed across a cluster, using C++ for components that need speed.[ Jump into Microsoft’s drag-and-drop machine learning studio: Get started with Azure Machine Learning. | The InfoWorld review roundup: AWS, Microsoft, Databricks, Google, HPE, and IBM machine learning in the cloud. ]The main aim for Ray, according to an article at Datanami, is to create a framework that can provide better speeds than Spark.
Spark was intended to be faster than what it replaced (mainly, MapReduce), but it still suffers from design decisions that make it difficult to write applications with “complex task dependencies” because of its internal synchronization mechanisms.To read this article in full or to leave a comment, please click here

VU#307983: Action Message Format (AMF3) Java implementations are vulnerable to insecure...

Several Java implementations of AMF3 are vulnerable to insecure deserialization and XML external entities references.

Lazarus Under The Hood

Today we'd like to share some of our findings, and add something new to what's currently common knowledge about Lazarus Group activities, and their connection to the much talked about February 2016 incident, when an unknown attacker attempted to steal up to $851M USD from Bangladesh Central Bank.

SAS, Canonical turn silly over open source

Roughly 26 years after Linux pushed open source into mainstream enterprise adoption, we're still debating how big a role open source should play -- at least, some people are. Developers aren't in that group: Open source has become part of the "furn...

MIT-Stanford project uses LLVM to break big data bottlenecks

The more cores you can use, the better -- especially with big data.

But the easier a big data framework is to work with, the harder it is for the resulting pipelines, such as TensorFlow plus Apache Spark, to run in parallel as a single unit. Researchers from MIT CSAIL, the home of envelope-pushing big data acceleration projects like Milk and Tapir, have paired with the Stanford InfoLab to create a possible solution. Written in the Rust language, Weld generates code for an entire data analysis workflow that runs efficiently in parallel using the LLVM compiler framework.To read this article in full or to leave a comment, please click here

Atlassian admins, your Struts 2 patch has landed

HipChat, Bamboo, and Crowd get fix Atlassian has joined the growing list of vendors to patch its products against the Apache Struts 2 vulnerability.…

How an open source Gitter could challenge Slack

It sure sounds like a match made in dev heaven. Yesterday, GitLab -- maker of an open source competitor to GitHub -- announced it had acquired Gitter, a Slack-like chat service aimed mainly at software developers.[ Intel, Apache, Amazon, and more: ...