Threat actors have turned to cryptocurrency mining as a reliable way to make a profit in recent months. Cryptocurrency miners use the computing power of end users to mine coins of various kinds, most commonly via malware or compromised websites. By compromising servers in order to run cryptocurrency miners, the threat actors would gain access to more computing power and increase their profits from illicit mining.Read More
Equifax confirmed the attack vector used in its data breach to be CVE-2017-5638, a vulnerability patched last March 2017 via S2-045. The vulnerability was exploited to gain unauthorized access to highly sensitive data of approximately 143 million U.S. and 400,000 U.K. customers, as well as 100,000 Canadian consumers. This vulnerability was first disclosed in March, almost immediately followed by publicly available POCs, weaponized exploits, and scanners produced by third parties.
Trend Micro observed thousands of filter events via our intrusion prevention solutions against the filters for this vulnerability since March, and these exploits or enumeration attempts are still being seen. It’s worth noting that Trend Micro customers can leverage these filters to provide a highly effective virtual patch to address critical Apache Struts vulnerabilities until actual software updates are deployed to secure the system.Read More
The Apache Struts framework is useful for building modern Java-based web applications, with two major versions, Apache Struts 1 and Apache Struts 2, released so far. Support for Apache Struts 1 ended in 2008 with the adoption of Apache Struts 2, which reached its first full release at the start of 2007. A Struts 1 plugin is available that allows developer to use existing Struts 1 Actions and ActionForms in Struts 2 web applications. A vulnerability has been found in this plugin that could allow remote code execution on the affected server, if used with Struts 2.3.x. (Versions 2.5.x are not affected.)Read More
Apache Struts is a free and open-source framework used to build Java web applications. We looked into past several Remote Code Execution (RCE) vulnerabilities reported in Apache Struts, and observed that in most of them, attackers have used Object Graph Navigation Language (OGNL) expressions. The use of OGNL makes it easy to execute arbitrary code remotely because Apache Struts uses it for most of its processes.
Using OGNL, a researcher found a new remote code execution vulnerability in Apache Struts 2, designated as CVE-2017-5638. An exploit has been reported to be already in the wild; our own research and monitoring have also seen attacks using the vulnerability.Read More
The recent Internet Explorer and Flash zero-days were not the only zero-day threats that hit recently. Last Friday, the Apache Struts group released an advisory (S2-021) detailing two vulnerabilities (CVE-2014-0112 and CVE-2014-0113), and potential mitigation steps until an official patch is issued. Apache Struts is a framework used to build and deploy Java-based web applications. In Apache…Read More