Critical DoS Bug Bubbles Up in Facebook Fizz TLS 1.3 Project
Users of the open-source project should upgrade immediately. Continue reading Critical DoS Bug Bubbles Up in Facebook Fizz TLS 1.3 Project
Category Archives: Semmle
PoC exploit for critical Apache Struts flaw found online
The Apache Software Foundation revealed last week the existence of a critical Apache Struts flaw (CVE-2018-11776) similar to the one exploited in the Equifax breach and urged organizations and developers to upgrade their installations to versions 2.3.3… Continue reading PoC exploit for critical Apache Struts flaw found online
Experts Urge Rapid Patching of ‘Struts’ Bug
In September 2017, Equifax disclosed that a failure to patch one of its Internet servers against a pervasive software flaw — in a Web component known as Apache Struts — led to a breach that exposed personal data on 147 million Americans. Now security experts are warning that blueprints showing malicious hackers how to exploit a newly-discovered Apache Struts bug are available online, leaving countless organizations in a rush to apply new updates and plug the security hole before attackers can use it to wriggle inside. Continue reading Experts Urge Rapid Patching of ‘Struts’ Bug
Semmle, startup that makes code searchable, hauls in $21M Series B
Semmle, a startup that originally spun out of research at Oxford, announced a $21 million Series B investment today led by Accel Partners. It marked the second time Accel has led an investment in the company. Other investors include Work-Bench, Capital One, Credit Suisse, Google, Microsoft, NASA and Nasdaq Trust. Today’s investment brings the total […] Continue reading Semmle, startup that makes code searchable, hauls in $21M Series B
Apache Struts vulnerability lets hackers execute malicious code on corporate servers
A severe security vulnerability in server software allows hackers to remotely execute malicious code in unpatched software protecting a wide swath of the richest private enterprises in the world. Apache Struts, an open-source framework for developing Java web applications, was discovered to have a remote code execution vulnerability. Discovered using lgtm, a free software engineering analytics tool launched last year, All web apps using Struts’ REST plugin are vulnerable. The 2.5.13 patch for Struts that addresses the issue, which launched just under two months after first disclosure, was released on Tuesday. Experts recommend patching immediately, but the challenges and typical speed of that process, especially in large enterprises, suggest it could be some time before all the firms involved have secured their systems. “The Struts framework is used by an incredibly large number and variety of organizations,” Man Yue Mo, an lgtm security researcher who discovered the vulnerability, said. “This vulnerability poses a huge risk, because […]
The post Apache Struts vulnerability lets hackers execute malicious code on corporate servers appeared first on Cyberscoop.