Cyber Updates – 11/03

Cyber Updates – 11/03

Hey all,
Here are this week’s cyber updates:

(1) A remote code execution vulnerability (CVE-2017-5638) has been discovered in Apache Struts. In particular, the Jakarta Multipart parser doesn’t properly parse the content-type header when processing a file upload request, thus allowing malicious operating system commands to be executed by simply specifying ‘#cmd=(command)’ in the header.

This attack has been exploited in the wild.
Organizations that use Apache Struts are requested to immediately update their web servers.

Here is a valid exploit code:
https://github.com/rapid7/metasploit-framework/issues/8064 

And here are all the details:
https://cwiki.apache.org/confluence/display/WW/S2-045

(2) Verifone’s corporate network has been breached. According to the company, the attack was limited in scope, but did not affect its payment services network. However, on January 23rd the company sent an urgent mail to all staff and contractors asking them to change their passwords.
It is suggested that Russian hackers have hacked Verifone since mid-2016, and have been able to compromise pay-at-the-pump credit card readers.

Here are all the details:
https://krebsonsecurity.com/2017/03/payments-giant-verifone-investigating-breach/

Stay tuned for more updates,
Dan Gurfinkel
Head of Offensive Security & Response Unit

Comsec by HUB Security logo
We are sorry to hear you have a problem, but we are here to help!

Our Hot Line is ready to provide
immediate assistance 24/7

Calling from Israel?

+972 747047472

Calling from anywhere else?

+31202170634

Comsec by HUB Security logo

We are sorry to hear you have a problem, but we are here to help!

Our Hot Line is ready to provide immediate assistance 24/7

Skip to content