HackDig : Dig high-quality web security articles for hacker

Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop

Visa and MasterCard are sending confidential alerts to financial institutions across the United States this week, warning them about more than 200,000 credit cards that were stolen in the epic data breach announced last week at big-three credit bureau Equifax. At first glance, the private notices obtained by KrebsOnSecurity appear to suggest that hackers ini
Publish At:2017-09-30 15:56 | Read:2403 | Comments:0 | Tags:Other apache struts cve-2017-5638 Equifax breach mastercard

a-PATCH-e: Struts Vulnerabilities Run Rampant

by Steve Povolny Equifax confirmed the attack vector used in its data breach to be CVE-2017-5638, a vulnerability patched last March 2017 via S2-045. The vulnerability was exploited to gain unauthorized access to highly sensitive data of approximately 143 million U.S. and 400,000 U.K. customers, as well as 100,000 Canadian consumers. This vulnerability was f
Publish At:2017-09-22 02:45 | Read:3669 | Comments:0 | Tags:Exploits Vulnerabilities Apache Struts CVE-2017-5638 CVE-201

Examining CVE-2017-9791: New Apache Struts Remote Code Execution Vulnerability

By Govind Sarda (Vulnerability Research) The Apache Struts framework is useful for building modern Java-based web applications, with two major versions, Apache Struts 1 and Apache Struts 2, released so far. Support for Apache Struts 1 ended in 2008 with the adoption of Apache Struts 2, which reached its first full release at the start of 2007. A Struts 1 plu
Publish At:2017-07-13 12:15 | Read:2141 | Comments:0 | Tags:Vulnerabilities Apache Struts Vulnerability

Oracle patch update for April 2017 also fixed Struts and Shadow Brokers exploits

Oracle patch update for April 2017 fixed a record number of vulnerabilities, including Apache Struts and Shadow Brokers exploits. Oracle has released security updates to fix flaws in its product, including Apache Struts and a Solaris exploit included in a dump leaked by the Shadow Brokers hackers and containing NSA documents and hacking tools. The Oracle
Publish At:2017-04-20 04:35 | Read:2343 | Comments:0 | Tags:Breaking News Hacking Apache Struts Oracle Oracle patch upda

Cisco warns of two critical issues in IOS and Apache Struts

Cisco issued two “critical” security advisories, one for Cisco IOS and Cisco IOS XE Software, another for a flaw affecting Apache Struts 2. Today Cisco issued two “critical” security advisories, the first one for Cisco IOS and Cisco IOS XE Software, the second one for the recently discovered flaw affecting Apache Struts 2. The vulnerability in Cisco IOS affe
Publish At:2017-04-17 02:55 | Read:2658 | Comments:0 | Tags:Breaking News Hacking Apache Struts CVE-2017-5638 RCE zero-D

Canadian agency breached as hackers exploit CVE-2017-5638 flaw in Apache Struts 2

Canada Revenue Agency confirmed it shut down its website for filing federal taxes due to a cyber attack leveraging the CVE-2017-5638 flaw in Apache Struts 2 The Canada Revenue Agency (CRA) confirmed it shut down its website for filing federal taxes after hackers broke into the server at the nation’s statistics bureau. The security breach occurred last
Publish At:2017-03-14 12:30 | Read:3404 | Comments:0 | Tags:Breaking News Hacking Apache Struts Apache Struts 2 Canada R

CVE-2017-5638: Apache Struts 2 Vulnerability Leads to Remote Code Execution

Apache Struts is a free and open-source framework used to build Java web applications. We looked into past several Remote Code Execution (RCE) vulnerabilities reported in Apache Struts, and observed that in most of them, attackers have used Object Graph Navigation Language (OGNL) expressions. The use of OGNL makes it easy to execute arbitrary code remotely b
Publish At:2017-03-10 01:15 | Read:2905 | Comments:0 | Tags:Exploits Vulnerabilities Apache Struts CVE-2017-5638 Remote

Patch Apache Struts 2 Now! Hackers are exploiting a remote code execution zero-day in the wild

Researchers have spotted a remote code execution zero-day in Apache Struts 2, the flaw has being exploiting by that threat actors in the wild. Security researchers have spotted a remote code execution zero-day, tracked as CVE-2017-5638, in Apache Struts 2, and the bad news is that threat actors in the wild are already exploiting it. According to the experts
Publish At:2017-03-09 18:50 | Read:2936 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Apache Struts CVE-2017-563

IptabLes and IptabLex botnet targeting Linux servers to run large-scale DDoS attacks

Experts at Akamai-Prolexic discovered a botnet dubbed IptabLes and IptabLex that infects and exploits poorly-maintained Linux servers to run DDoS attacks. Akamai’s Prolexic division has uncovered a new botnet dubbed IptabLes and IptabLex, which was used in a series of attacks targeting malware based on Linux servers. The exper
Publish At:2014-09-05 05:20 | Read:2547 | Comments:0 | Tags:Cyber Crime Hacking Akamai Apache Struts botnet Cybercrime D

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud