Articles

The Apache Struts group on September 5, 2017 released. Apache Struts version 2.5.13 to patch the recently discovered critical XML remote code injection S2-052 vulnerability. To exploit the vulnerability, a malicious user just needs to send malicious XML code to the vulnerable web server.

Visit Struts to patch the newest Apache Struts 2.5.13 version.

This release contains fixes for the following security vulnerabilities:

September 7th, 2017, Equifax, the oldest of the three major U.S. credit bureaus announced that it had been breached. From mid-May through July 29th, attackers had access to certain Equifax data by exploiting a website application vulnerability. The exposed data includes records of 143 million people, and consists of names, addresses, birth dates and social security numbers. Additionally, approximately 209,000 credit card numbers were exposed. Due to the high number of U.S. individuals affected by this breach, Equifax has decided to offer complementary credit card monitoring for all U.S.

On November 28th, a researcher discovered that by going into a Mac's System Preferences and clicking on the Lock icon, it is possible to authenticate as root with a blank password. Researchers later identified that if certain services such as Remote Management or Remote Screen Sharing were previously enabled, an attacker could use this vulnerability to authenticate remotely to the computer and take complete control of the system. Early in the morning of November 29th, Apple released the patch for this vulnerability [1].

On March 28th 2018, Drupal released a security advisory describing a highly critical remote code execution vulnerability which affects multiple subsystems of Drupal core versions 8, 7, and 6. The advisory did not mention any specific details about the vulnerability, but did specify that exploitation is possible through multiple attack vectors and could result in the complete compromise of a Drupal site. As of yet, there are no known public exploits of this vulnerability, however an exploit will soon likely be developed.
 

On April 17th, 2018, Cisco issued a critical SMI vulnerability security advisory relating to the previously issued SMI protocol misuse informational advisory[1]. The newly identified vulnerability can be exploited by a remote unauthenticated attacker by sending crafted SMI packets to an affected device on TCP port 4786, allowing them to execute arbitrary code on the device. Smart Install client functionality is enabled by default on switches which have not been updated to address Cisco BugID CSCvd36820[2].
 

On April 25th, 2018, Drupal released a security advisory describing a critical remote code execution vulnerability which affects multiple subsystems of Drupal core versions 7.x and 8.x. The advisory specifies that the vulnerability is related to the previously posted highly critical remote code execution vulnerability[1] posted on March 28, 2018, but did not provide any additional details.
 

Researchers identified a vulnerability that affects all implementations of WPA 1 and 2 [1], which can be used to decrypt sensitive information, and in some cases, inject malicious traffic. As the weakness was identified in the Wi-Fi standard itself, the researchers discovered that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and many others, are all affected by some variant of the attacks.

The UCLA IT Security Office is informing campus units of several high profile, significant vulnerabilities that involve both a hardware level flaw, and a general design flaw in application data protection involving “speculative execution” – a process that optimizes execution of instructions in modern processors (newer than 1995) to improve performance.  As a result, applications which should not have direct memory access to data belonging to other applications on the same processing platform are potentially able to access that data.

On Wednesday, May 23rd, the Cisco Talos team released details about a malware campaign dubbed "VPNFilter," with an estimated number of infected network devices to be over half a million. The exact exploitation method for devices is unknown, however Talos suspects that the malware is exploiting well know vulnerabilities within these devices. Once a device is exploited, it can be used to eavesdrop on traffic, steal website credentials, and it can be rendered unusable.

On Jan 29th, 2018, Cisco released a security bulletin for a Critical Remote Code Execution vulnerability in certain ASA products. The vulnerability affects the SSL VPN functionality of the ASA when the webvpn feature is enabled. By sending crafted XML packets to the webvpn configured interface of the ASA, an attacker could exploit the vulnerability, allowing them to execute arbitrary code and gaining full control of the ASA. Although, Cisco is not aware of any malicious use of the vulnerability, an exploit will likely soon be developed.
 

On Feb 5, 2018, Cisco released an update to their Jan 29th, 2018 security bulletin regarding a Critical Remote Code Execution vulnerability in certain ASA products. Cisco identified that the vulnerability affects the ASA XML parser, rendering numerous additional features vulnerable, and making the previous fix incomplete. By sending crafted XML packers to an SSL or IKEv2 Remote  Access VPN services enabled interface, an attacker could exploit the vulnerability, allowing them to execute arbitrary code and to gain full control of the ASA.