securityXspace: a blog about cyber-philosophy.

On Friday, Cisco confirmed that at least some of its products are affected by an Apache Struts 2 command execution vulnerability tracked as CVE-2017-5638. The CVE-2017-5638 remote code execution zero-day has been exploiting by attackers in the wild, it affects Struts 2.3.5 through 2.3.31 and Struts 2.5 through 2.5.10. Source: The CVE-2017-5638 Apache Struts 2…

After CIA leak, Intel Security releases CHIPSEC, a detection tool for EFI rootkits that detect rogue binaries inside the computer firmware. A few days ago, WikiLeaks announced it is working with software makers to fix the zero-day flaws in Vault7 dump that impacted their products and services. Source: CHIPSEC, Intel Security releases detection tool also…

The UK publishing arm of Rupert Murdoch’s News Corp deleted 20 million emails in 2010 and 2011 as investigations into illegal phone hacking by journalists gathered pace, according to new evidence in a lawsuit that could cast a shadow on the takeover of pay TV provider Sky . Source: Rupert Murdoch’s News Corp erased 20…

A researcher claims that almost 200,000 shoddily made IP cameras could be an easy target for attackers looking to spy, brute force them or steal their credentials. Source: Hundreds of Thousands of Vulnerable IP Cameras Easy Target for Botnet, Researcher Says

Palo Alto Networks discovered a new strain of ransomware, dubbed RanRan ransomware, that has been used in targeted attacks in Middle East. Malware researchers at Palo Alto Networks have spotted a new strain of ransomware, dubbed RanRan , that has been used in targeted attacks against government organizations in the Middle East. “Recently, Unit 42…

District Administration How schools outsmart the hackers District Administration Another major threat is distributed denial of service (DDoS) attacks, in which a hacker intentionally crashes a network. There have been numerous incidents of students paying hackers (sometimes as little as $20) to stage such attacks on school networks … Source: How schools outsmart the hackers

The seller that goes online with moniker SunTzu583 is offering 640,000 PlayStation accounts for USD 35.71 (0.0292 BTC), it source is still a mystery. The dark web is the right place where to buy stolen login credentials to major web services, last week the colleagues at HackRead reported the sale of more than 1 million…

Ars Technica Critical vulnerability under “massive” attack imperils high-impact sites Ars Technica The payloads include “IRC bouncers,” which allow the attackers to hide their real IP address during Internet chats; denial-of-service bots; and various other packages that conscript a server into a botnet. “These are several of the many examples of … and more »…

Researchers have spotted a remote code execution zero-day in Apache Struts 2, the flaw has being exploiting by that threat actors in the wild. Security researchers have spotted a remote code execution zero-day, tracked as CVE-2017-5638, in Apache Struts 2, and the bad news is that threat actors in the wild are already exploiting it.…

Mozilla patches 28 security vulnerabilities and protects users from entering their sensitive information on insecure webpages. Source: Firefox 52 warns when you try to enter passwords on non-encrypted websites