Collaborate Disseminate
Attackers are trying to leverage public proof-of-exploit (PoC) exploit code for CVE-2023-50164, the recently patched path traversal vulnerability in Apache Struts 2. “Attackers aim to deploy webshells, with some cases targeting the parameter R… Continue reading Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164)
The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code execution (CVE-2023-50164). About CVE-2023-50164 CVE-2023-50164 may allow an at… Continue reading New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164)
Federal officials cautioned Monday that, while the widespread Log4j vulnerability hasn’t led to any major known intrusions in the U.S., there could be a “lag” between when the flaw became known, and when attackers exploit it. Cybersecurity and Infrastructure Security Agency Director Jen Easterly said that there were months between the discovery of the vulnerability that led to the 2017 Equifax breach, which exposed the personal information of nearly 150 million Americans, and word of the breach itself, invoking one of the most notable hacks in history. “We do expect Log4j to be used in intrusions well into the future,” Easterly said on a call with reporters. “There may be a lag between when this vulnerability is being used and when it is being actively deployed.” Apache Struts, an open-source tool, was at the center of the Equifax breach, and Apache’s Log4j is a ubiquitous open-source logging tool. Easterly said […]
The post If hackers are exploiting the Log4j flaw, CISA says we might not know yet appeared first on CyberScoop.
Continue reading If hackers are exploiting the Log4j flaw, CISA says we might not know yet
Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular open-source Java-based logging utility that’s seemingly used by most enterpri… Continue reading Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation
A critical zero-day vulnerability in Apache Log4j (CVE-2021-44228), a widely used Java logging library, is being leveraged by attackers in the wild – for now, fortunately, primarily to deliver coin miners. Reported to the Apache Software Foundati… Continue reading Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)
By Waqas
Gitpaste-12 uses GitHub and Pastebin for framing the component code and has 12 different attack modules.
This is a post from HackRead.com Read the original post: New worming botnet Gitpaste-12 infecting IoT devices, Linux servers
Continue reading New worming botnet Gitpaste-12 infecting IoT devices, Linux servers
The newly discovered malware uses GitHub and Pastebin to house component code, and harbors 12 different initial attack vectors. Continue reading Gitpaste-12 Worm Targets Linux Servers, IoT Devices
Have you already updated your Apache Struts 2 to version 2.5.22, released in November 2019? You might want to, and quickly, as information about a potential RCE vulnerability (CVE-2019-0230) and PoC exploits for it have been published. About the vulner… Continue reading Potential Apache Struts 2 RCE flaw fixed, PoCs released
A new devilish malware is targeting Windows systems with cryptojacking and DDoS capabilities. Continue reading Self-Propagating Lucifer Malware Targets Windows Systems
The agencies say it’s vital to prioritize patching. Otherwise, we’re making it easy for attackers who don’t have to work at finding 0 days. Continue reading Top 10 most exploited vulnerabilities list released by FBI, DHS CISA