Security Alerts & News
by Tymoteusz A. Góral

History
#2091 Cisco and Apache issue warnings over 0day flaw being targeted in the wild
Cisco's Talos says they've observed active attacks against a Zero-Day vulnerability in Apache's Struts, a popular Java application framework. Cisco started investigating the vulnerability shortly after it was disclosed, and found a number of active attacks.

In an advisory issued on Monday, Apache says the problem with Struts exists within the Jakarta Multipart parser.

"It is possible to perform a RCE attack with a malicious Content-Type value. If the Content-Type value isn't valid an exception is thrown which is then used to display an error message to a user," the warning explained.
Read more
#2093 Aggressive ad-displaying Google Play app tricks users into leaving high ratings
#2092 Facebook Lite infected with spy FakePlay
#2091 Cisco and Apache issue warnings over 0day flaw being targeted in the wild
#2090 Emsisoft releases a decryptor for the CryptON ransomware
#2089 Another challenge for IoT: Open backdoors
#2088 Apple has already fixed most of the iOS exploits the CIA used
#2087 Leaked docs suggest NSA and CIA behind Equation cyberespionage group
#2086 Vault 7: WikiLeaks docs hint CIA could bypass 21 security products
#2085 China mulls national cryptocurrency in race to digital money
#2084 After CIA leaks, tech giants scramble to patch security flaws
#2083 Product Security Advisory – PSA0002 – dnaLIMS
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12