Researchers find proof-of-concept code that can take advantage of the recently identified Apache Struts framework (CVE-2018-11776) vulnerability.
Link: https://threatpost.com/poc-code-surfaces-to-exploit-apache-struts-2-vulnerability/136921/
Tag: Vulnerabilities
Mirai Variant Cross-Compiles Attack Code with Aboriginal Linux
The approach makes Mirai executable on a wide variety of disparate IoT devices and platforms from a single server.
Link: https://threatpost.com/mirai-variant-cross-compiles-attack-code-with-aboriginal-linux/136906/
T-Mobile Alerts 2.3 Million Customers of Data Breach Tied to Leaky API
T-Mobile alerts millions of its customers to a breach of its website that resulted in subscriber names, zip codes, phone numbers, email addresses and account numbers being stolen.
Link: https://threatpost.com/t-mobile-alerts-2-3-million-customers-of-data-breach-tied-to-leaky-api/136896/
Cross-Site Scripting Flaw in Apache ActiveMQ Threatens Web Visitors
With the malicious code embedded into websites, the attacker can then piggyback on the trust level of the website and launch a variety of attacks.
Link: https://threatpost.com/cross-site-scripting-flaw-in-apache-activemq-threatens-web-visitors/136888/
ThreatList: $1.1M is Lost to Cybercrime Every Minute of Every Day
Every minute, there are also 5,518 records leaked from publicly disclosed incidents.
Link: https://threatpost.com/threatlist-1-1m-is-lost-to-cybercrime-every-minute-of-every-day/136871/
Apache Struts 2 Flaw Uncovered: ‘More Critical Than Equifax Bug’
Apache has patched a critical remote code-execution vulnerability in Struts 2, and users should update immediately.
Link: https://threatpost.com/apache-struts-2-flaw-uncovered-more-critical-than-equifax-bug/136850/
Security and Artificial Intelligence: Hype vs. Reality
Bridging the divide between hype and reality when it comes to what artificial intelligence and machine learning can do to help protect a business.
Link: https://threatpost.com/security-and-artificial-intelligence-hype-vs-reality/136837/
Unpatched Ghostscript Flaws Allow Remote Takeover of Systems
A remote, unauthenticated attacker could execute arbitrary commands on systems with the privileges of the Ghostscript code.
Link: https://threatpost.com/unpatched-ghostscript-flaws-allow-remote-takeover-of-systems/136800/
Researchers Blame ‘Monolithic’ Linux Code Base for Critical Vulnerabilities
With an OS design based on a verified microkernel, researchers contend almost all Linux OS flaws could be mitigated to less than critical severity.
Link: https://threatpost.com/researchers-blame-monolithic-linux-code-base-for-critical-vulnerabilities/136785/
Adobe Patches Critical Photoshop Flaws in Unscheduled Update
The two vulnerabilities are critical remote code execution flaws that exist in Adobe Photoshop CC.
Link: https://threatpost.com/adobe-patches-critical-photoshop-flaws-in-unscheduled-update/136765/