Category: Exploits & Attacks

January 23rd, 2018 by John

Posted in Exploits & Attacks, Infosec

January 17th, 2018 by John

IAPP (morning newsletter) suggests companies may back off from bug bounties due to Uber leak – that just moves us in the WRONG direction. We can’t ignore vulns for a year and then blame the hacker. Companies need to do whatever works for them to uncover vulns and take a risk-based approach to close them.

Posted in Data Breaches, Exploits & Attacks

January 3rd, 2018 by John

Posted in Exploits & Attacks, Infosec

January 2nd, 2018 by John

Posted in Exploits & Attacks, Infosec, Supply Chain

December 6th, 2017 by John

US-CERT has released a security update regarding a vulnerability in Apache Struts versions 2.5 to 2.5.14. The Apache Software Foundation released Apache Security Bulletins S2-054 and S2-055, which respectively address CVE-2017-15707 and CVE-2017-7525.

The vulnerabilities could allow a remote, unauthenticated attacker to perform a denial-of-service (DOS) by submitting malicious JSON data. The vulnerable systems use an outdated JSON-lib library with the Struts REST plugin.

US-CERT encourages users and administrators to upgrade to Struts 2.5.14.1 Read More

Posted in Exploits & Attacks, Infosec

June 12th, 2017 by John

Security researchers at Check Point have claimed that a single adware malware is infecting as many as 250 million PCs worldwide.

Posted in Exploits & Attacks, Infosec