The Hacker vs. Struts 2 Game – It Appears it has No Ending

The Hacker vs. Struts 2 Game – It Appears it has No Ending

If you’re active in the cybersecurity industry, you have likely heard the buzz about Struts 2 Java framework in 2017. In short, hackers were able to exploit a vulnerable application based on ...
fileless malware

Zero-Day Exploit Published for VM Escape Flaw in VirtualBox

A security researcher disclosed a yet unpatched zero-day vulnerability in the popular VirtualBox virtualization software that can be exploited from a guest operating system to break out of the virtual machine and ...
Security Boulevard
Equifax nemesis Apache Struts found vulnerable to 2-year old unpatched flaw; workaround available

Equifax nemesis Apache Struts found vulnerable to 2-year old unpatched flaw; workaround available

Remember how an unpatched flaw in Apache Struts caused one of the biggest data breaches in history? It could happen again, if those using Apache Struts versions 2.3.x or lower fail to ...
Apache Struts, RCEs, and the Equifax Breach Anniversary

Apache Struts, RCEs, and the Equifax Breach Anniversary

We just passed the one-year anniversary of Equifax’s announcement of their massive data breach due to an exploit of an Apache Struts vulnerability (CVE-2017-5638) – and incidentally, at nearly the same time ...
MSSP

Cisco Products Receive Patches for Critical Struts Vulnerability

Cisco Systems has released patches for some of its products that use the Apache Struts web development framework and are affected by a recently announced critical vulnerability. The flaw, tracked as CVE-2018-11776, ...
Security Boulevard
Npm Update Crashes Linux Systems

Someone Dropped a Windows Zero-Day Exploit on GitHub

A previously unknown vulnerability that allows attackers to obtain SYSTEM privileges on Windows computers has been publicly disclosed. Someone with the username SandboxEscaper posted a link to a proof-of-concept exploit on Twitter ...
Security Boulevard
Critical Apache Struts flaw just waiting to be exploited; PoC reported in the wild

Critical Apache Struts flaw just waiting to be exploited; PoC reported in the wild

Organizations relying on the Apache Struts framework should patch their servers ASAP, or at the very least ensure the namespace is always set within their infrastructure, as cybercrooks already have a proof-of-concept ...
Best Practices for Data Security

Critical Vulnerability Patched in Apache Struts

The Apache Struts web development framework has received new security updates to address a critical vulnerability that could allow attackers to compromise web applications and servers. Apache Struts is widely used for ...
Security Boulevard
Black Duck Releases Free Tool to Help You Avoid Becoming the Next Equifax

Black Duck Releases Free Tool to Help You Avoid Becoming the Next Equifax

Equifax recently became headline news for all the wrong reasons when it revealed it had been the victim of a data breach that exposed the sensitive financial history and personal data of ...
ethical hackers

Deloitte Confirms Email Server Compromise

Hackers broke into the email service of professional services giant Deloitte and reportedly accessed confidential messages, usernames, passwords, IP addresses, business diagrams and other information belonging to its clients. The security breach ...
Loading...