Equifax attackers got in through an Apache Struts flaw?

Have the attackers responsible for the Equifax data breach exploited a vulnerability in Apache Struts, a popular open source framework for developing web applications, to compromise the company’s networks? Equifax has yet to share more details about how the attack was pulled off, but a report by financial services firm Robert W. Baird & Co….

WannaCry: Are you safe?

A few days ago saw the beginning of the Trojan encryptor WannaCry outbreak. It appears to be pandemic — a global epidemic. We counted more than 45,000 cases of the attack in just one day, but the true number is much higher. What happened? Several large organizations reported an infection simultaneously. Among them were several…

New IoT malware targets 100,000 IP cameras via known flaw

Over 100,000 internet-connected cameras may be falling prey to a new IoT malware that’s spreading through recently disclosed vulnerabilities in the products. The malware, called Persirai, has been found infecting Chinese-made wireless cameras since last month, security firm Trend Micro said on Tuesday. The malware does so by exploiting flaws in the cameras that a…

Tens of thousands Windows systems implanted with NSA’s DoublePulsar

Has your Windows machine been implanted with NSA’s DoublePulsar backdoor? If you haven’t implemented the security updates released by Microsoft in March, chances are good that it has. What is DoublePulsar? DoublePulsar is a backdoor implant that enables the injection and running of DLLs – potentially malicious ones – on Windows computers. It was recently…

Exploit revealed for remote root access vulnerability affecting many router models

Back in January 2013, researchers from application security services firm DefenseCode unearthed a remote root access vulnerability in the default installation of some Cisco Linksys (now Belkin) routers. The flaw was actually found in Broadcom’s UPnP implementation used in popular routers, and ultimately the researchers extended the list of vulnerable routers to encompass devices manufactured…

Actively Exploited Struts Flaw Affects Cisco Products

Cisco informed customers on Friday that at least some of its products are affected by an Apache Struts2 command execution vulnerability that has been exploited in the wild over the past days. The flaw has been confirmed to affect the Cisco Identity Services Engine (ISE), the Prime Service Catalog Virtual Appliance, and the Unified SIP…

Nagios 4.2.4 closes serious root privilege escalation bug

If you’re using Nagios to monitor your systems, networks and infrastructure, and you have not updated to version 4.2.4, you better hop to it. This latest release fixes a high severity root privilege escalation vulnerability (CVE-2016-9566) discovered by researcher Dawid Golunski, who published a proof-of-concept exploit for it on Thursday.

Hacking 3D manufacturing systems demonstrated by researchers

Researchers from three universities combined their expertise to demonstrate the first complete sabotage attack on a 3D additive manufacturing (AM) system, illustrating how a cyber attack and malicious manipulation of blueprints can fatally damage production of a device or machine. In their paper titled “Dr0wned,” researchers from Ben-Gurion University of the Negev (BGU), the University…