US-CERT has released a security update regarding a vulnerability in Apache Struts versions 2.5 to 2.5.14. The Apache Software Foundation released Apache Security Bulletins S2-054 and S2-055, which respectively address CVE-2017-15707 and CVE-2017-7525.
The vulnerabilities could allow a remote, unauthenticated attacker to perform a denial-of-service (DOS) by submitting malicious JSON data. The vulnerable systems use an outdated JSON-lib library with the Struts REST plugin.
US-CERT encourages users and administrators to upgrade to Struts 184.108.40.206
Title: “A Corporate Guide to Surviving Cyberwarfare Through Cyber Resiliency”
My presentation from Hacker Halted – Atlanta, GA – October 9, 2017
Please download (PDF): http://johndjohnson.com/resources/JOHNSON.HHALTED.OCT2017.pdf
Join us for our first Cyber Town Hall along with the Quad Cities Chamber of Commerce, Quad Cities Cybersecurity Alliance and the QC Manufacturing Innovation Hub – For more information and to register:
If you are an InfraGard member, they are sharing a great, no cost, online training opportunity provided by the U.S. Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The ICS-CERT works to reduce risks within and across all critical infrastructure sectors. The Virtual Learning Portal (VLP) provides online training for those involved in the security of Industrial Control Systems (ICS). Please sign in to register for free VLP courses: https://ics-cert-training.inl.
CornCon Kids’ Hacker Camp (The Children of The CornCon) will feature dozens of kid-friendly activities in 2017. These activities range from lock picking and dumpster diving, to learning about electronics, coding and blacksmithing. The intention of the kids’ camp is to open the eyes of kids to the benefits and vulnerabilities of technology. This is done every fall in the Quad Cities, 100 kids at a time.
For the first time, kids at “CornCon 3: The Courne Ultimatum” will be able to “Hack The Pentagon”. This program started as a bug bounty, developed by the DoD to uncover vulnerabilities in their computer systems and web applications. The program uncovered 138 vulnerabilities and now the U.S. Army Cyber Command is sending First Lieutenant Daniel Lim on the road to show kids and adults how bug bounty programs work, and the methods used by penetration testers to uncover and responsibly report vulnerabilities. Responsible disclosure is key, as finding and exposing vulnerabilities to the public can lead to malicious attacks, if it is not preceded by software patches to address the vulnerability first.