- Critical Flaw in Apache Struts2 Lets Hackers Take Over Web Servers
Apache Struts is a free, open-source, Model-View-Controller (MVC) framework for developing web applications in the Java programming language, which supports REST, AJAX, and JSON. Security researchers have discovered a critical remote code execution vulnerability in the popular Apache Struts web application framework, allowing a remote attacker to run malicious code on the affected servers. According to the researcher, the vulnerability (CVE-2017-9805) is a programming blunder that resides in the way Struts processes data from an untrusted source. Specifically, Struts REST plugin fails to handle XML payloads while deserializing them properly. All versions of Apache Struts since 2008 (from Struts 2.5 to Struts 2.5.12) are affected, leaving all web applications using the framework’s REST plugin vulnerable to remote attackers. To exploit this vulnerability attackers need to submit malicious XML code in a particular format to trigger the vulnerability on the targeted server. Successful exploitation of the vulnerability could allow an attacker to take full control of the affected server, eventually letting the attacker infiltrate into other systems on the same network. A vulnerability has been patched in version 2.5.13.
Cyber Security Tips: Administrators are strongly advised to upgrade their Apache Struts installation as soon as possible.
- Taringa hacked; 28M accounts stolen
Taringa! Consists of millions registered user base, according to Taringa’s own metrics who create and share thousands of daily posts on general interest topics such as life hacks, tutorials, recipes, reviews, and art. Taringa, a Reddit-like social network website for Latin American users has suffered a massive data breach in which 28 million accounts of registered users have been stolen. According to the report, in total, 28,722,877 records were taken from the site which includes usernames, email addresses, and their passwords hashed with MD5 algorithm cracking of which is considered as a piece of cake. It is unclear how LeakBase got the database and who was behind the feat. During the investigation, it is found that the most used emails domains are based on @Hotmail and @Gmail while the most used passwords are 12345678, Taringa, Metallica, Musica, Carolina, and America, etc.
Cyber Security Tips: Taringa users are strongly recommended that reset your password as soon as possible, keep eye on your E-mail account, avoid clicking on any malicious links and always keep using a strong password.
- Abbott pacemaker recall: 465,000 devices vulnerable to possible hacking
A manufacturer of pacemakers has issued a voluntary recall over the possibility the devices could be hacked. The 465,000 Abbott pacemakers covered by the recall will be updated with new software to correct the vulnerabilities, according to NBC New York. The company said that the users who had not updated their devices are vulnerable to cyber-attack. Hackers can target devices using vulnerabilities present. Successful exploitation could allow an attacker to take control over the device. There have been no reports of unauthorized access to any implanted devices, according to NBC. Hacking them would require a highly complex set of circumstances.
Cyber Security Tips: You are strongly recommended that update your devices as soon as possible.