Collaborate Disseminate
This is the Shared Security Weekly Blaze for September 17, 2018 sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions and Silent Pocket. This episode was hosted by … Continue reading Weekly Blaze – Malware-Less Email Attacks, Equifax Breach Updates, Vizio Class Action Lawsuit
U.S. Government releases post-mortem on Equifax, MacOS security baseline script by Jerry Gamblin, Equifax mega-breach and nothing has changed, Docker hacking challenge, and Bug Bounties and mental health. News Bugs, Breaches, and More! 1.) U.S. Governm… Continue reading Microsoft, Equifax, MacOS, and Bug Bounties – Application Security Weekly #31
Later this month, all of the three major consumer credit bureaus will be required to offer free credit freezes to all Americans and their dependents. Maybe you’ve been holding off freezing your credit file because your home state currently charges a fee for placing or thawing a credit freeze, or because you believe it’s just not worth the hassle. If that accurately describes your views on the matter, this post may well change your mind. Continue reading In a Few Days, Credit Freezes Will Be Fee-Free
A Monero cryptomining script is spreading in an ongoing campaign using the recently disclosed critical remote command-execution flaw. Continue reading Active Campaign Exploits Critical Apache Struts 2 Flaw in the Wild
Organizations relying on the Apache Struts framework should patch their servers ASAP, or at the very least ensure the namespace is always set within their infrastructure, as cybercrooks already have a proof-of-concept (PoC) at their disposal. A critica… Continue reading Critical Apache Struts flaw just waiting to be exploited; PoC reported in the wild
A new vulnerability has been uncovered – the kind that could turn out worse than the one that triggered the Equifax breach. The vulnerability has been identified as CVE-2018-11776, residing in Apache Strut’s core functionality. It is a remo… Continue reading CVE-2018-11776: New Critical Struts Flaw Could Be Worse than Equifax
Apache has patched a critical remote code-execution vulnerability in Struts 2, and users should update immediately. Continue reading Apache Struts 2 Flaw Uncovered: ‘More Critical Than Equifax Bug’
A critical remote code execution vulnerability in Apache Struts, a popular open source web application software framework, allows hackers to take over targeted machines in attacks. The vulnerability (CVE-2018-11776) impacts the software, which is used by an estimated 65 percent of Fortune 100 companies and growing. Tuesday’s vulnerability is credited to insufficient validation of untrusted user data in the core of Struts. The announcement provoked a worried response from information security experts: 100% reliable RCE that where vulnerable targets are probably enumerable via Shodan… PATCH THIS. https://t.co/xj6yJjyjtk — Dino A. Dai Zovi (@dinodaizovi) August 22, 2018 The new Struts vulnerability was identified in April by Man Yue Mo from the Semmle Security Research Team. It was patched in June and publicly announced on Tuesday. Apache Struts users are urged to patch immediately. “Critical remote code execution vulnerabilities like the one that affected Equifax and the one we announced today are […]
The post New critical vulnerability exposes Apache Struts instances to remote attacks appeared first on Cyberscoop.
Continue reading New critical vulnerability exposes Apache Struts instances to remote attacks
TCM Bank, a company that helps more than 750 small and community U.S. banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018.
TCM is a subsidiary of Washington, D.C.-based ICBA Bancard Inc., which helps community banks provide a credit card option to their customers using bank-branded cards. Continue reading Credit Card Issuer TCM Bank Leaked Applicant Data for 16 Months
Cloud-based human resources company ComplyRight said this week that a security breach of its Web site may have jeopardized sensitive consumer information — including names, addresses, phone numbers, email addresses and Social Security numbers — from tax forms submitted by the company’s thousands of clients on behalf of employees.
Cloud-based human resources company ComplyRight said this week that a security breach of its Web site may have jeopardized sensitive consumer information — including names, addresses, phone numbers, email addresses and Social Security numbers — from tax forms submitted by the company’s clients on behalf of employees.
Pompano Beach, Fla-based ComplyRight began mailing breach notification letters to affected consumers late last week, but the form letters are extremely vague about the scope and cause of the breach. Indeed, many readers who received these letters wrote to KrebsOnSecurity asking for more information, as the company hadn’t yet published any details about the breach on its Web site. Also, most of those folks said they’d never heard of ComplyRight and could not remember ever doing business with a company by that name. Continue reading Human Resources Firm ComplyRight Breached