- New Apache Struts Zero-Day Vulnerability Being Exploited in the Wild
Security researchers have discovered a Zero-Day vulnerability in the popular Apache Struts web application framework, which is being actively exploited in the wild. Apache Struts is a free, open-source, Model-View-Controller (MVC) framework for creating elegant, modern Java web applications, which supports REST, AJAX, and JSON. According to the researchers, the issue is a remote code execution vulnerability in the Jakarta Multipart parser of Apache Struts that could allow an attacker to execute malicious commands on the server when uploading files based on the parser. Attackers also attempted to gain persistence on infected hosts by adding a binary to the boot-up routine according to news published in HackerNews.
Cyber Security Tips: Both Cisco and Apache researchers urge administrators to upgrade their systems to Apache Struts version 2.3.32 or 188.8.131.52 as soon as possible.
- 640,000 Decrypted PlayStation Accounts Being Sold on DarkWeb
Before a month ago after the cyber-attack by Anonymous on 10,000 websites was compromised and user’s data was stolen. According to news published in HackRead total 640000 user’s data is sold on dark web. The vendor who goes by the handle of “SunTzu583” is selling 640,000 accounts of PlayStation users in just USD 35.71 (0.0292 BTC) stolen from an unknown database. These accounts contain emails along with their clear-text passwords. According to SunTzu583, the database was not directly stolen from PlayStation servers, but it does contain unique accounts of PlayStation users. SunTzu583 goes on to explain that these accounts may also work on other sites however they can be mainly used for PlayStation-related activities according to news published in HackRead.
Cyber Security Tips: Users are strictly recommended that change your passwords.