this week that they ’ ve releasedVulnerability-related.PatchVulnerabilitya preliminary fix for a vulnerability rated important , and present inVulnerability-related.DiscoverVulnerabilityall supported versions of Windows in circulation ( basically any client or server version of Windows from 2008 onward ) . The flaw affectsVulnerability-related.DiscoverVulnerabilitythe Credential Security Support Provider ( CredSSP ) protocol , which is used in all instances of Windows ’ Remote Desktop Protocol ( RDP ) and Remote Management ( WinRM ) . The vulnerability , CVE-2018-0886 , could allow remote code execution via a physical or wifi-based Man-in-the-Middle attack , where the attacker stealsAttack.Databreachsession data , including local user credentials , during the CredSSP authentication process . Although Microsoft saysVulnerability-related.DiscoverVulnerabilitythe bug has not yet been exploitedVulnerability-related.DiscoverVulnerability, it could cause serious damage if left unpatched . RDP is widely used in enterprise environments and an attacker who successfully exploitsVulnerability-related.DiscoverVulnerabilitythis bug could use it to gain a foothold from which to pivot and escalate . It ’ s also popular with small businesses who outsource their IT administration and , needless to say , an attacker with an admin account has all the aces . Security researchers at Preempt sayVulnerability-related.DiscoverVulnerabilitythey discovered and disclosedVulnerability-related.DiscoverVulnerabilitythis vulnerability to Microsoft last August , and Microsoft has been working since then to createVulnerability-related.PatchVulnerabilitythe patch releasedVulnerability-related.PatchVulnerabilitythis week . Now it ’ s out there , it ’ s a race against time to make sure you aren ’ t an easy target for an attacker who wants to try and kick the tires on this vulnerability . Obviously , patch as soon as possible and please follow Microsoft ’ s guidance carefully : Mitigation consists of installing the update on all eligible client and server operating systems and then using included Group Policy settings or registry-based equivalents to manage the setting options on the client and server computers . We recommend that administrators apply the policy and set it to “ Force updated clients ” or “ Mitigated ” on client and server computers as soon as possible . These changes will require a reboot of the affected systems . Pay close attention to Group Policy or registry settings pairs that result in “ Blocked ” interactions between clients and servers in the compatibility table later in this article . Both the “ Force updated clients ” and “ Mitigated ” settings prevent RDP clients from falling back to insecure versions of CredSSP . The “ Force updated clients ” setting will not allow services that use CredSSP to accept unpatched clients but “ Mitigated ” will .
A severe WordPress vulnerability which has been left a year without being patchedVulnerability-related.PatchVulnerabilityhas the potential to disrupt countless websites running the CMS , researchers claimVulnerability-related.DiscoverVulnerability. At the BSides technical cybersecurity conference in Manchester on Thursday , Secarma researcher Sam Thomas saidVulnerability-related.DiscoverVulnerabilitythe bug permits attackers to exploit the WordPress PHP framework , resulting in a full system compromise . If the domain permits the upload of files , such as image formats , attackers can upload a crafted thumbnail file in order to trigger a file operation through the `` phar : // '' stream wrapper . In turn , the exploit triggers eXternal Entity ( XXE -- XML ) and Server Side Request Forgery ( SSRF ) flaws which cause unserialization in the platform 's code . While these flaws may only originally result in information disclosure and may be low risk , they can act as a pathway to a more serious remote code execution attack . The security researcher saysVulnerability-related.DiscoverVulnerabilitythe core vulnerability , which is yet to receive a CVEVulnerability-related.DiscoverVulnerabilitynumber , is within the wp_get_attachment_thumb_file function in /wpincludes/post.php and when attackers gain control of a parameter used in the `` file_exists '' call , '' the bug can be triggered . Unserialization occurs when serialized variables are converted back into PHP values . When autoloading is in place , this can result in code being loaded and executed , an avenue attackers may exploit in order to compromise PHP-based frameworks . `` Unserialization of attacker-controlled data is a known critical vulnerability , potentially resulting in the execution of malicious code , '' the company says . The issue of unserialization was first uncoveredVulnerability-related.DiscoverVulnerabilityback in 2009 , and since then , vulnerabilities have been recognizedVulnerability-related.DiscoverVulnerabilityin which the integrity of PHP systems can be compromised , such as CVE-2017-12934 , CVE-2017-12933 , and CVE-2017- 12932 . The WordPress content management system ( CMS ) is used by millions of webmasters to manage domains , which means the vulnerability potentially has a vast victim pool should the flaw being exploitedVulnerability-related.DiscoverVulnerabilityin the wild . `` I 've highlighted that the unserialization is exposed to a lot of vulnerabilities that might have previously been considered quite low-risk , '' Thomas explainde . `` Issues which they might have thought were fixedVulnerability-related.PatchVulnerabilitywith a configuration change or had been considered quite minor previously might need to be reevaluated in the light of the attacks I demonstrated . '' According to Secarma , the CMS provider was made awareVulnerability-related.DiscoverVulnerabilityof the security issue in February 2017 , but `` is yet to take action . '' TechRepublic : The need for speed : Why you should optimize your CMS Technical details have been provided in a white paper ( .PDF ) . `` This research continues a worrying recent trend , in demonstrating that object ( un ) serialization is an integral part of several modern languages , '' Thomas said . `` We must constantly be aware of the security impact of such mechanisms being exposed to attackers . '' No reports have been received which suggest the exploit is being actively used in the wild . The vulnerability was originally reportedVulnerability-related.DiscoverVulnerabilitythrough the WordPress HackerOne bug bounty program last year . The issue was confirmedVulnerability-related.DiscoverVulnerabilityafter several days and Thomas was credited for his findings . However , a Secarma spokesperson told ZDNet that while there was `` some attempt to fixVulnerability-related.PatchVulnerabilitythe issue '' in May 2017 , this did not addressVulnerability-related.PatchVulnerabilitythe problem . `` Communication then went dead for a number of months and has only recently begun again , '' the spokesperson added . ZDNet has reached out to WordPress and will update if we hear back .
Cisco has resolvedVulnerability-related.PatchVulnerabilitya set of critical vulnerabilities in Policy Suite which permit attackers to cause havoc in the software 's databases . This week , the tech giant releasedVulnerability-related.PatchVulnerabilitya security advisory detailing four vulnerabilities which could place enterprise users at risk of information leaks , account compromise , database tampering , and more . The first vulnerability , CVE-2018-0374 , has earned a CVSS base score of 9.8 . Described asVulnerability-related.DiscoverVulnerabilityan unauthenticated bypass bug , the security flaw `` could allow an unauthenticated , remote attacker to connect directly to the Policy Builder database , '' according to Cisco . The bug has been caused by a simple lack of authentication and as there is no requirement for identity verification , Policy Builder databases can be accessed and tampering with without limitation . Cisco Policy Suite releases prior to 18.2.0 are affectedVulnerability-related.DiscoverVulnerability. The second vulnerability , CVE-2018-0375 , is a default password error . The CVSS 9.8 bug is present inVulnerability-related.DiscoverVulnerabilitythe Cluster Manager of Cisco Policy Suite and could allow an unauthenticated , remote attacker to log in to a vulnerable system using a root account . The serious security problem has emergedVulnerability-related.DiscoverVulnerabilitydue to the use of undocumented , static user credentials for root accounts . If a hacker has knowledge of these credentials , they can become a root user and are able to execute arbitrary commands . Versions of the software prior to 18.2.0 are vulnerableVulnerability-related.DiscoverVulnerabilityto exploit . The third bug , CVE-2018-0376 , is another unauthenticated access problem and is also caused by a lack of authentication measures . `` A successful exploit could allow the attacker to make changes to existing repositories and create new repositories , '' Cisco saysVulnerability-related.DiscoverVulnerability. Cisco Policy Suite versions prior to 18.2.0 are affectedVulnerability-related.DiscoverVulnerability. The fourth security flaw , CVE-2018-0377 , affectsVulnerability-related.DiscoverVulnerabilitythe Open Systems Gateway initiative ( OSGi ) interface of Cisco Policy Suite . There is a lack of authentication within the OSGi interface which permits attackers to circumvent security processes and directly connect to the interface , access any files contained within they wish , and modify any content which is accessible through the process . This vulnerability impactsVulnerability-related.DiscoverVulnerabilityPolicy Suite versions prior to 18.1.0 . There are no workarounds to circumvent these vulnerabilities . However , patches have been issued to addressVulnerability-related.PatchVulnerabilitythem and Cisco says that no reports have been received which indicate the bugs are being exploitedVulnerability-related.DiscoverVulnerabilityin the wild . In addition , Cisco has revealedVulnerability-related.DiscoverVulnerabilityseven now-patched bugs affectingVulnerability-related.DiscoverVulnerabilitySD-WAN solutions . The vulnerabilities included command injection security flaws , a remote code execution bug , and arbitrary file overwrite issues .
Some medical devices , smartphones and internet of things gadgets contain certain types of sensors that are vulnerableVulnerability-related.DiscoverVulnerabilityto potential hacking using sound waves , saysVulnerability-related.DiscoverVulnerabilitycybersecurity researcher Kevin Fu . `` This is now a risk that all manufacturers should be aware of , and in their hazard analysis , it has to be a part of their cybersecurity risk management , '' says Fu , explaining findings of a recent research study conducted by the University of Michigan and the University of South Carolina . The microelectromechanical systems - or MEMS accelerometers - that the research team foundVulnerability-related.DiscoverVulnerabilityto contain these vulnerabilities - are sensors used in various devices to measure acceleration or velocity , and then report those readings to a microprocessor . `` What we looked atVulnerability-related.DiscoverVulnerabilitywas the ability to trick these sensors into delivering false readings to the microprocessor by using sound waves , '' he says in an interview with Information Security Media Group . `` What medical devices contain these sensors is still an open question . The main hazard of this sound wave vulnerability is the threat to the integrity and availability of the sensor , he explainsVulnerability-related.DiscoverVulnerability. Prior studies by other researchers had foundVulnerability-related.DiscoverVulnerabilitythat sound waves can be used to disable these sensors . `` What 's new here is that it is now known that one can actually damage the integrity of the reading , '' he says . `` If you were trusting this reading to do something automated , such as rate-adapt a pacemaker , perhaps based on changing activity of a patient , you now need a second way to verify the integrity of that reading . '' The study lists 20 accelerometers for which the researchers were able to change the output of the sensors using sound waves , Fu says . `` In some devices , we found that there is a speaker built in right next to the sensor , which means there is a remote ability to cause these changes without an adversary being near the chip . '' Fu recommends that manufacturers assess the researchers ' list of accelerometers that contain the sound wave vulnerability `` and ask [ suppliers ] for specific parameters , including the resident frequencies , to understand the risks and mitigations .
There was a caveat to the hack , however—the hijack involved older models of Samsung TVs and required the CIA have physical access to a TV to install the malware via a USB stick . But the window to this sort of hijacking is far wider than originally thought because a researcher in Israel has uncoveredVulnerability-related.DiscoverVulnerability40 unknown vulnerabilities , or zero-days , that would allow someone to remotely hack millions of newer Samsung smart TVs , smart watches , and mobile phones already on the market , as well as ones slated for future release , without needing physical access to them . The security holes are inVulnerability-related.DiscoverVulnerabilityan open-source operating system called Tizen that Samsung has been rolling out in its devices over the last few years . It already has Tizen running on some 30 million smart TVs , as well as Samsung Gear smartwatches and in some Samsung phones in a limited number of countries like Russia , India and Bangladesh—the company plans to have 10 million Tizen phones in the market this year . Samsung also announced earlier this year that Tizen would be the operating system on its new line of smart washing machines and refrigerators too . But the operating system is riddledVulnerability-related.DiscoverVulnerabilitywith serious security vulnerabilities that make it easy for a hacker to take control of Tizen-powered devices , according to Israeli researcher Amihai Neiderman . A Samsung Z1 with the Tizen operating system on display at the Mobile World Congress 2015 in Barcelona , Spain . But one security hole Neiderman uncoveredVulnerability-related.DiscoverVulnerabilitywas particularly critical . It involves Samsung 's TizenStore app—Samsung 's version of Google Play Store—which delivers apps and software updates to Tizen devices . Neiderman saysVulnerability-related.DiscoverVulnerabilitya flaw in its design allowed him to hijack the software to deliver malicious code to his Samsung TV . Because the TizenStore software operates with the highest privileges you can get on a device , it 's the Holy Grail for a hacker who can abuse it . `` You can update a Tizen system with any malicious code you want , '' he says . Although TizenStore does use authentication to make sure only authorized Samsung software gets installed on a device , Neiderman foundVulnerability-related.DiscoverVulnerabilitya heap-overflow vulnerability that gave him control before that authentication function kicked in . Although researchers have uncoveredVulnerability-related.DiscoverVulnerabilityproblems with other Samsung devices in the past , Tizen has escaped extensive scrutiny from the security community , probably because it 's not widely used on phones yet . It did n't take long for Neiderman to noticeVulnerability-related.DiscoverVulnerabilityhow bad the Tizen code was on his TV , which caused him to purchase a few Tizen phones to see what he could do with them as well . He says much of the Tizen code base is old and borrows from previous Samsung coding projects , including Bada , a previous mobile phone operating system that Samsung discontinued . `` You can see that they took all this code and tried to push it into Tizen , '' Neiderman says . But most of the vulnerabilities he foundVulnerability-related.DiscoverVulnerabilitywere actually in new code written specifically for Tizen within the last two years . Many of them are the kind of mistakes programmers were making twenty years ago , indicating that Samsung lacks basic code development and review practices to prevent and catch such flaws . But there 's a basic flaw in it whereby it fails to check if there is enough space to write the data , which can create a buffer overrun condition that attackers can exploit . A buffer overrun occurs when the space to which data is being written is too small for the data , causing the data to write to adjacent areas of memory . A Tizen stand at the at the Mobile World Congress 2015 in Barcelona , Spain . They use it on some data transmissions but not others , and usually not on ones that need it most . `` They made a lot of wrong assumptions about where they needed encryption , '' he says , noting that `` it 's extra work to move between secure connections and unsecure connections . '' This indicates that they did n't do it inadvertently but were making conscious decisions not to use SSL in those places , he says . Neiderman contacted Samsung months ago to reportVulnerability-related.DiscoverVulnerabilitythe problems he foundVulnerability-related.DiscoverVulnerabilitybut got only an automated email in response .
Samsung , being a large multinational company , makes a lot of products spread across various spheres of life and marketed to diverse segments in a multitude of countries . Over here on XDA-Developers , Samsung is famously known for their Android smartphones and tablets , given they are some of the top contenders for their respective product categories . Samsung also makes many more interesting electronics , including a few “ smart ” ones that run on its own open-source OS , Tizen OS . Tizen powers Samsung products like smart TVs , smartwatches like the Gear series and even mobile phones like the Samsung Galaxy Z lineup . Samsung is seeking to expand the Tizen offerings to more products and more markets , as is evident from the expansion of the Galaxy Z smartphones and the Gear smartwatches . As security researcher Amihai Neiderman of Equus Software mentionedVulnerability-related.DiscoverVulnerabilityto Motherboard , Samsung ’ s Tizen OS has as many as 40 zero-day vulnerabilities still active and posing threat to the security of the operating system . These vulnerabilities allow someone to remotely hack “ millions ” of newer Samsung smart TVs , smartwatches and mobile phones , both already on the market as well as ones slated for future release as Samsung does not knowVulnerability-related.DiscoverVulnerabilityand has not fixedVulnerability-related.PatchVulnerabilitythese vulnerabilities ( hence , “ zero day ” ) . You can see that nobody with any understanding of security looked at this code or wrote it . It ’ s like taking an undergraduate and letting him program your software ” . All of the vulnerabilities allow remote code execution on a Samsung device . One of these vulnerabilities even exploits a flaw in the design of Samsung ’ s TizenStore app to hijack the software and deliver malicious code to a Samsung TV . Worse , the TizenStore app operates with the highest privileges on a Tizen device , so such a vulnerability is an even bigger cause of worry as Mr. Neiderman saysVulnerability-related.DiscoverVulnerabilitythat you can update a Tizen system with any malicious code the hacker wants . The TizenStore does use authentication for making sure only authorized Samsung software gets installed , but a heap-overflow vulnerability allows for gaining control before the authentication kicks in . The researcher mentions that a lot of the Tizen code base is old and borrows from previous projects like Bada . But most of the vulnerabilities he foundVulnerability-related.DiscoverVulnerabilitywere in new code specifically written for Tizen within the last two years . The vulnerabilities are described as “ mistakes programmers were making twenty years ago ” to indicateVulnerability-related.DiscoverVulnerabilitythat Samsung lacked basic code development and review practices for Tizen . When contacted , Samsung sent the researcher an automated email in response . Samsung ’ s current smartphone lineup is heavily dependent on Android , so these news shouldn ’ t necessarily impact your opinion of their Android smartphones in particular . But Samsung ’ s other avenues that involve Tizen are likely to invite hackers to explore and findVulnerability-related.DiscoverVulnerabilitymore of such zero-day vulnerabilities . There needs to be a higher priority on Tizen ’ s security if Samsung ever wants Tizen to bean OS for the internet of things .
Microsoft saysVulnerability-related.DiscoverVulnerabilityit had already fixedVulnerability-related.PatchVulnerabilitysoftware flaws linked to an alleged breach of the global banking system before they were exposed last week . On Friday , a group called the Shadow Brokers published details of several hacking tools , indicating they had been used by the US National Security Agency ( NSA ) to spy on money transfers . Reports suggested Microsoft 's Windows operating system remained vulnerable . But the firm revealed it had in fact addressedVulnerability-related.PatchVulnerabilitythe problem in March . `` Customers have expressed concerns around the risk [ Shadow Brokers ' ] disclosure potentially creates , '' it said in a security update . `` Our engineers have investigated the disclosed exploits , and most of the exploits are already patchedVulnerability-related.PatchVulnerability. '' The company has not , however , revealed how it became aware of the flaws . Microsoft normally acknowledges third parties who tip it off to problems , but has not done so in this case . The Reuters news agency reported that the company had told it that neither the NSA nor any other part of the US government had informed it of the hacking tools ' existence . That calls into question how Microsoft learned of the issue - tech blog Ars Technica commented it was `` highly unlikely '' that the patch and leak would both have occurred so close together by coincidence . Whisteblower Edward Snowden had previously leakedAttack.Databreachdocuments in 2013 that alleged the NSA had carried surveillance of the Brussels-based Society for Worldwide Interbank Financial Telecommunication ( Swift ) for several years , but did not specify how . Swift allows the world 's banks to send payment orders and other messages about large financial transactions in a `` secure and reliable '' manner . It is used by about 11,000 financial institutions . The allegation is that third parties - known as Swift Service Bureaus - that provide access to Swift 's network were targeted by the NSA , rather than Swift itself . `` If Shadow Brokers ' claims are indeed verified , it seems that the NSA sought to totally capture the backbone of [ the ] international financial system to have a God 's eye [ view ] into a Swift Service Bureau - and potentially the entire Swift network , '' blogged security researcher Matt Suiche after the latest leak . `` If the US had a specific target in the region 's financial system , NSA penetration offers [ an alternative to ] merely relying upon good faith compliance procedures , standard diplomatic requests , or collaborating with Swift . ''
ClaimsVulnerability-related.DiscoverVulnerabilityof a backdoor in WhatsApp that could be used for third-party snooping were shot down by WhatsApp , which called the allegations false . On Friday , news outlet The Guardian reportedVulnerability-related.DiscoverVulnerabilitythat a cryptography researcher had discoveredVulnerability-related.DiscoverVulnerabilitya backdoor in WhatsApp ’ s messaging service that could “ allow Facebook and others to intercept and read encrypted messages ” . In a short statement , WhatsApp said the claim was false : “ WhatsApp does not give governments a ‘ backdoor ’ into its systems and would fight any government request to create a backdoor . The design decision referenced in The Guardian story prevents millions of messages from being lost , and WhatsApp offers people security notifications to alert them to potential security risks . WhatsApp published a technical white paper on its encryption design , and has been transparent about the government requests it receives , publishing data about those requests in the Facebook Government Requests Report ” . The Guardian reportVulnerability-related.DiscoverVulnerabilitycited researchVulnerability-related.DiscoverVulnerabilityby Tobias Boelter , a cryptography and security researcher at the University of California , Berkeley . Last April , Boelter disclosedVulnerability-related.DiscoverVulnerabilityhis findings to WhatsApp and published a reportVulnerability-related.DiscoverVulnerabilityon what he posited could be either a backdoor or a flaw in WhatsApp ’ s messaging platform . Boelter later toldVulnerability-related.DiscoverVulnerabilityThe Guardian the “ backdoor ” gave WhatsApp the ability to read messages because of the way the company had implemented its end-to-end encryption protocol . Reporters quoted Kirstie Ball , co-director and founder of the Centre for Research into Information , Surveillance and Privacy who verified Boelter ’ s research and stated the “ backdoor ” made WhatsApp an “ an extremely insecure platform ” . The Guardian explains Boelter ’ s alleged backdoor like this : WhatsApp ’ s end-to-end encryption relies on the generation of unique security keys , using the acclaimed Signal protocol , developed by Open Whisper Systems , that are traded and verified between users to guarantee communications are secure and can not be intercepted by a middleman . However , WhatsApp has the ability to force the generation of new encryption keys for offline users , unbeknown to the sender and recipient of the messages , and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered . The recipient is not made aware of this change in encryption , while the sender is only notified if they have opted-in to encryption warnings in settings , and only after the messages have been re-sent . This re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users ’ messages . WhatsApp , acquired by Facebook in 2014 , supports end-to-end encryption and is considered a secure messaging platform based on the highly regarded Signal protocol , developed by Open Whisper Systems . The app boasts one billion users and has been endorsed by the likes of Edward Snowden for keeping private messages private . ClaimsVulnerability-related.DiscoverVulnerabilityof a WhatsApp backdoor have been staunchly dismissedVulnerability-related.DiscoverVulnerabilityby a number security researchers and cryptography experts . Moxie Marlinspike , the founder of Open Whisper Systems also agrees with WhatsApp telling Threatpost , “ The Guardian reporting is inaccurate , there is no ‘ backdoor ’ in WhatsApp encryption . Unfortunately it appears that they did not speak with any cryptography experts in order to verify their claims ” . Marlinspike also posted a more technical explanation behind what Boelter found . In a nutshell , he explains what Boelter saysVulnerability-related.DiscoverVulnerabilityis a backdoor is actually something all public key cryptography system have to deal with . “ WhatsApp gives users the option to be notified when those changes occur , ” he wrote . Frederic Jacobs , a key developer of the private messaging app Signal , called the claims of a backdoor “ ridiculous ” . In a tweet he said “ It ’ s ridiculous that this is presented as a backdoor . If you don ’ t verify keys , authenticity of keys is not guaranteed . It 's ridiculous that this is presented as a backdoor . If you do n't verify keys , authenticity of keys is not guaranteed . — Frederic Jacobs ( @ FredericJacobs ) January 13 , 2017 Jacobs and other security researchers explainVulnerability-related.DiscoverVulnerabilitythe “ backdoor ” is a feature designed to allow WhatsApp users who obtain a new phone to reinstall the WhatsApp app and continue a preexisting conversation thread . There is a renegotiation of encryption keys allows for the continuity of WhatsApp conversations . The WhatsApp sender is only notified of the change in encryption if they have opted-in to an encryption warning setting within settings . Marlinspike and other security experts say snooping on WhatsApp ’ s re-encrypting of messages by Facebook or any other agency would be extremely difficult and improbable . In post to his personal site Friday he doubled-down on his assertion that what he foundVulnerability-related.DiscoverVulnerabilitywas a flaw . “ WhatsApp has stated recently that this is not a bug , it is a feature . Because now senders don ’ t have to press an extra ‘ OK ’ button in the rare case they sent a message , the receiver is offline and has a new phone when coming back online , ” he said . I agree that it ’ s a flaw , but calling it a backdoor is hyperbole . Remember , Moxie removed SMS encryption from his previous app TextSecure because of the same reasons that the current flaw exists : it is difficult to have secure conversations with people wtih changing phones , changing apps , etc .
Cisco 's Talos says they 've observedVulnerability-related.DiscoverVulnerabilityactive attacks against a Zero-Day vulnerability in Apache 's Struts , a popular Java application framework . Cisco started investigatingVulnerability-related.DiscoverVulnerabilitythe vulnerability shortly after it was disclosedVulnerability-related.DiscoverVulnerability, and foundVulnerability-related.DiscoverVulnerabilitya number of active attacks . In an advisory issued on Monday , Apache saysVulnerability-related.DiscoverVulnerabilitythe problem with Struts exists within the Jakarta Multipart parser . `` It is possible to perform a RCE attack with a malicious Content-Type value . If the Content-Type value is n't valid an exception is thrown which is then used to display an error message to a user , '' the warning explained . `` If you are using Jakarta based file upload Multipart parser , upgradeVulnerability-related.PatchVulnerabilityto Apache Struts version 2.3.32 or 2.5.10.1 . You can also switch to a different implementation of the Multipart parser . '' The alternative is the Pell parser plugin , which uses Jason Pell 's multipart parser instead of the Common-FileUpload library , Apache explains . In addition , administrators concerned about the issue could just apply the proper updates , which are currently availableVulnerability-related.PatchVulnerability. In a blog post , Cisco said they discovered a number of attacks that seem to be leveraging a publicly released proof-of-concept to run various commands . Such commands include simple ones ( 'whoami ' ) as well as more sophisticated ones , including pulling down malicious ELF executable and running it . An example of one attack , which attempts to copy the file to a harmless directory , ensure the executable runs , and that the firewall is disabled is boot-up , is below : Both Cisco and Apache urge administrators to take action , either by patchingVulnerability-related.PatchVulnerabilityor ensuring their systems are not vulnerable . This is n't the first time the Struts platform has come under attack . In 2013 , Chinese hackers were using an automated tool to exploit known vulnerabilities in order to install a backdoor .