The Apache Software Foundation has released an advisory to address a vulnerable commons-fileupload library used in Apache Struts versions 2.3.36 and prior. A remote attacker could exploit this vulnerability to take control of an affected system. Struts versions from 2.5.12 are not affected.

By exploiting this vulnerability, it is possible to perform a Remote Code Execution (RCE) attack.

Set of remote code execution vulnerabilities and other critical vulnerabilities have been discovered within multiple subsystems of Drupal 7.x and Drupal 8.x core. This will potentially allow attackers to exploit multiple attack vectors on a site running Drupal. This will result in a complete compromise of the site. As of the writing of this alert, Drupal has not identified a public exploit in the wild yet, but it is safe to say that due the criticality of the vulnerabilities, website owners should expect possible exploits to be developed and utilized maliciously. Hence, application of the now-released fix is highly recommended.

Security researchers have discovered a critical remote code execution vulnerability in the popular Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers.

By exploiting this vulnerability, it is possible to perform an RCE attack when namespace value isn't set for a result defined in underlying configurations and in the same time, its upper action(s) configurations have no or wildcard namespace. The same possibility when using url tag which doesn’t have value and action set and in the same time, its upper action(s) configurations have no or wildcard namespace.

Cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an “ATM cash-out,” in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours. One of the oldest co-operative banks of Pune, India, Cosmos co-operative bank has become the latest victim of cyber attack. The ATM switch system of the bank was hacked and INR 94.42 crore was siphoned off between August 11 and August 13.

FASTCash schemes remotely compromise payment switch application servers within banks to facilitate fraudulent transactions. TechCERT observed rise of these kind of attacks for last couple of months. In one incident in 2017, attackers enabled cash to be simultaneously withdrawn from ATMs located in over 30 different countries. In another incident in 2018, attackers enabled cash to be simultaneously withdrawn from ATMs in 23 different countries.

Another Drupal Remote Code Execution vulnerability has been discovered and was made public on April 25th, 2018, making this the 3rd vulnerability and 2nd “Highly Critical Vulnerability” to be disclosed in the last 30 days for the Drupal Core. The vulnerability (CVE-2018-7602) allows an attacker to exploit multiple attack vectors of the subsystems of Drupal 7.x and 8.x, resulting in a complete compromise of the site. There are reports that this vulnerability is currently being exploited in the wild.

A remote code execution vulnerability has been discovered and was made public on March 28th 2018, exist within multiple subsystems of Drupal 7.x and Drupal 8.x, potentially allowing attackers to exploit multiple attack vectors on a site running Drupal. This will result in a complete compromise of the site. The vulnerability has been given the CVE identification of CVE-2018-7600. As of the writing of this alert, Drupal has not identified a public exploit in the wild yet, but it is safe to say that due the criticality of the vulnerability, users should expect possible exploits to be developed and utilised maliciously. Hence, application of the now-released fix is gravely recommended.

It has been confirmed that a newly discovered flaws in Intel Processors at the hardware level could allow programs to steal data from running applications. In a typical case, programs are not allowed to read data from other programs. However a malware exploiting these new vulnerabilities can get data from the memory of currently running programs. This includes confidential information such as business-critical documents, passwords, login details, encryption keys, etc. The vulnerabilities have been named Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715).

WordPress is an very popular open source software used by bloggers and millions of websites. A new security update, WordPress 4.8.3 is released, which addresses a potential SQL injection vulnerability. This update was released on October 31st and is available for public download.

BlueBorne is an attack vector can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode.

footerimage

Member of

logo apcertfirst logo-2

Collaborated with

apwg2ICTA logo2ack cymru

Our Partners
lanka-certify-logoDark-Lab-Logo2contact