Attackers Widely Exploiting A Recently Patched Vulnerability In Apache Struts
It is not clear yet why the vulnerability of Apache Struts is being exploited widely 48 hours after a patch was released. One of the possible reasons is that the Apache Struts maintainers didn't sufficiently disclose the risk. Although the whole team involved in the issue categorized the vulnerability security rank as high, they also define it as a "possible remote code execution" hazard.
Public Attacks Exploiting Against Apache Struts Vulnerability
According to Arnet, public attackers are widely exploiting a newly patched vulnerability in Apache Struts which allows them to remotely produce malicious code on various web servers. The attacks and scans are exposed on Apache web servers and have ramped up dramatically since Monday, March 6. It started when a vulnerability in the Apache Struts was patched and proof-of-concept exploit code was launched into the Metasploit module.
“The second someone starts working on a Metasploit module," Craig Williams, manager and senior leader of the Cisco’s Talos Outreach team, said. He also noted that what happened is a ramp-up for the rapid exploitation by a huge number of people and that is likely going to continue to increase. With that, it is also possible to see people trying to scan for the vulnerability of the web developer.
How Risky Is This Situation?
The ThreatPost said that the attacks in the vulnerability, CVE-2017-5638, are particularly risky to anyone operating their Apache web servers as the root of the development. Williams said that until now, it’s unclear whether an attacker can be harmful or not. However, as with some earlier internet-wide bugs, there are surely a large number of scans happening.
If the attacker/s will modify a single line of the operating system, the target will still run but with just a limited function. Unless the attackers are looking for a content, it’s easy not to see the malformed content type. Williams also said that the chances are very critical for a firm running an exposed Apache Struts server especially if it’s compromised. “The sky’s the limit,” Williams said describing how risky this situation is.
Nintendo Switch Joy-Con Can Now Work With NES Classic Edition
The tiny Joy-Cons of the Nintendo Switch might not be the ideal way to play your favorite 8-bit titles, but they can be considerably more comfortable than the NES Classic Edition original controllers.
PlayStation 4’s 4.5 Update Out Tomorrow, Will Bring ‘Boost Mode’
The new feature which is called Boost Mode is "not guaranteed to work with all titles," Sony explained. Additionally, the setting can be turned off so that the experience is that of a standard PS4.
Google Play Music Unveils Its First Podcast With 'City Soundtracks'
Google’s City Soundtracks comes at a time when the top streaming music services are trying to differentiate themselves by introducing their own exclusive content to complement their music libraries, podcasts and video content.
Mobile Video Consumption Will Have Massive Increase By 2021
Fueled by the rapid development in Virtual Reality (VR) and Augmented Reality (AR), Cisco predicts that mobile video usage will see an incremental increase by 2021.
Cisco Takes Measures Against NSA Exploit Cyberweapon
Cisco rolls out patches for its firewalls vulnerable to NSA's cyberweapon.
MORE IN ITECHPOST
Boost Your Email Marketing Productivity with these Integrations for Mailchimp, ActiveCampaign and Campaign Monitor
Email marketing is a cornerstone of modern marketing strategies. But how can you best connect this cornerstone to the rest of the foundation to make it more effective? Most modern businesses are using any number of platforms and apps to cover their business needs. CRM systems, e-commerce, graphic design, team collaboration, accounting, data analytics - where does email marketing fit in? Most email marketing platforms offer some analytics features, some even include CRM tools. But crucially, they also allow for integrations to interconnect the technological foundation of your business in one swoop. And boost email marketing productivity in the process. This article takes a look at some of the best among the hundreds of integrations for Mailchimp, as well as for Mailchimp alternatives ActiveCampaign and Campaign Monitor. With these, businesses can streamline workflows, harness cross-platform data, and build better email marketing campaigns faster.
Did Elon Musk Just Launch SaceX's Dragon Capsule Without the Company Logo?
The SpaceX Dragon Capsule has just launched with a flying NASA logo and American flag. Where is Elon Musk's company logo?
[Guide] Pokemon Go 9 Sinnoh Tasks to Complete at Throwback Challenge To Get Creselia
Pokémon GO trainers are heading into Sinnoh's Generation IV also known as snowy cold land for some special treats during the final week of Throwback challenges, from May 21-29, 2020.