The bug was found Vulnerability-related.DiscoverVulnerability in the core infrastructure of Apache Struts 2 . The Apache Software Foundation has patched Vulnerability-related.PatchVulnerability a critical security vulnerability which affects Vulnerability-related.DiscoverVulnerability all versions of Apache Struts 2 . Uncovered Vulnerability-related.DiscoverVulnerability by researchers from cybersecurity firm Semmle , the security flaw is caused by the insufficient validation of untrusted user data in the core Struts framework . When Apache Struts uses results with no namespace and in the same time , upper actions have no wild namespace . The same opportunity for exploit exists when the URL tag is in use and there is no value or action set . As the bug , CVE-2018-11776 , has been discovered Vulnerability-related.DiscoverVulnerability in the Struts core , the team says there are multiple attack vectors threat actors could use to exploit the vulnerability . If the alwaysSelectFullNamespace flag is set to true in the Struts configuration , which is automatically the case when the Struts Convention plugin is in use , or if a user 's Struts configuration file contains a tag that does not specify the optional namespace attribute or specifies a wildcard namespace . Man Yue Mo from the Semmle Security Research Team first reported Vulnerability-related.DiscoverVulnerability the flaw . `` This vulnerability affects Vulnerability-related.DiscoverVulnerability commonly-used endpoints of Struts , which are likely to be exposed , opening up an attack vector to malicious hackers , '' Mo says Vulnerability-related.DiscoverVulnerability . `` On top of that , the weakness is related to the Struts OGNL language , which hackers are very familiar with , and are known to have been exploited Vulnerability-related.DiscoverVulnerability in the past . '' The vulnerability affects Vulnerability-related.DiscoverVulnerability all versions of Apache Struts 2 . Companies which use the popular open-source framework are urged to update their builds immediately . Users of Struts 2.3 are advised to upgrade Vulnerability-related.PatchVulnerability to 2.3.35 ; users of Struts 2.5 need to upgrade Vulnerability-related.PatchVulnerability to 2.5.17 . As the latest releases only contain Vulnerability-related.PatchVulnerability fixes for the vulnerability , Apache does not expect users to experience any backward compatibility issues . `` Previous disclosures Vulnerability-related.DiscoverVulnerability of similarly critical vulnerabilities have resulted in exploits being published Vulnerability-related.DiscoverVulnerability within a day , putting critical infrastructure and customer data at risk , '' Semmle says . `` All applications that use Struts are potentially vulnerable Vulnerability-related.DiscoverVulnerability , even when no additional plugins have been enabled . '' Mo first reported Vulnerability-related.DiscoverVulnerability the findings in April . By June , the Apache Struts team published the code which resolved Vulnerability-related.PatchVulnerability the problem , leading to the release Vulnerability-related.PatchVulnerability of official patches on August 22 .

When you ’ re as ginormous a target as the global telecommunications industry , and you ’ re sitting on a flaw as big as the one affecting Vulnerability-related.DiscoverVulnerability its SS7 protocol , best not rely on “ security through obscurity ” . You and your customers could get badly bitten – and so they have . The Signalling System No . 7 ( SS7 ) telephony signaling protocol used to establish interoperability across some 800+ service providers worldwide , is deeply vulnerable Vulnerability-related.DiscoverVulnerability to interception by hackers , criminals , and corrupt insiders . We ’ ve known this for years . Now , in Germany , someone ’ s used that vulnerability to raid consumers ’ online bank accounts . SS7 was designed back in the 1970s , when access to phone networks was viewed as rare and controllable : back then , for example , AT & T still had an essentially complete monopoly over all US phone service . But now , a world of internet , VoIP , and wireless providers can link into SS7 to do all manner of fascinating things , and mess-with-SS7 skills and tools aren ’ t nearly so scarce . The telecom industry , however , has been appallingly slow to react . Maybe they will now . As first reported by the German daily newspaper Süddeutsche Zeitung , this two-part attack zeroed in on SS7 call-forwarding features that allow networks to validate your SIM card when you travel internationally . First , according to Bank Info Security , hackers sent Attack.Phishing conventional fake phishing emails to victims , suckering them into visiting fake bank websites , where they were told to enter account numbers , passwords and the mobile phone numbers they had previously given their banks . Meanwhile , per The Register , the attackers “ purchased access to a rogue telecommunications provider and set up a redirect for the victim ’ s mobile phone number to a handset controlled by the attackers ” . Now , they could wait until late at night , log into the victims ’ online accounts , and start money transfers . As part of their SMS-based two-factor authentication ( 2FA ) systems , the banks would dutifully send one-time mobile transaction authentication number ( mTAN ) numbers to their customers . These would be hijacked by the criminals , who now had the second authentication factor they needed to complete the thefts . The short-term solution is for telecommunications service providers to turn off SS7 ’ s call forwarding features except for trusted providers . O2-Telefonica told Süddeutsche Zeitung that it blocked the specific foreign carriers who were the source of these attacks in January – but that doesn ’ t prevent similar attacks arising from other sources against other carriers .

Vanilla Forums open source software suffers Vulnerability-related.DiscoverVulnerability from vulnerabilities that could let an attacker gain access to user accounts , carry out web-cache poisoning attacks , and in some instances , execute arbitrary code . Popular open source forum software suffers Vulnerability-related.DiscoverVulnerability from vulnerabilities that could let an attacker gain access to user accounts , carry out web-cache poisoning attacks , and in some instances , execute arbitrary code . Legal Hackers ‘ Dawid Golunski found Vulnerability-related.DiscoverVulnerability the vulnerabilities , a host header injection and an unauthorized remote code execution vulnerability–in software which is developed by Vanilla Forums . Golunski reported Vulnerability-related.DiscoverVulnerability the issues to Vanilla Forums in January and while a support team acknowledged his reports Vulnerability-related.DiscoverVulnerability , he ’ s experienced five months of silence from the company since , something that prompted him to finally disclose Vulnerability-related.DiscoverVulnerability the vulnerabilities Thursday via his ExploitBox.io service . The researcher confirmed Vulnerability-related.DiscoverVulnerability the vulnerabilities exist in Vulnerability-related.DiscoverVulnerability the most recent , stable version ( 2.3 ) of Vanilla Forums . He presumes Vulnerability-related.DiscoverVulnerability older versions of the forum software are also vulnerable Vulnerability-related.DiscoverVulnerability . When reached Thursday , Lincoln Russell , a senior developer at Vanilla Forums stressed the vulnerabilities , which are in the middle of being fixed Vulnerability-related.PatchVulnerability , only affect Vulnerability-related.DiscoverVulnerability the company ’ s free and open source product . Golunski says Vulnerability-related.DiscoverVulnerability the most concerning vulnerability , the RCE ( CVE-2016-10033 ) stems from a PHPMailer vulnerability he disclosed Vulnerability-related.DiscoverVulnerability last December . An attacker could remotely exploit Vulnerability-related.DiscoverVulnerability the same vulnerability in Vanilla Forums by sending a web request in which a payload is passed within the HOST header . Until a fix is pushed Vulnerability-related.PatchVulnerability Golunski is encouraging users to preset the sender ’ s support email address to a static value to prevent the dynamic creation of an email address , or the use of the HOST header , as a temporary mitigation . Golunski says Vulnerability-related.DiscoverVulnerability the second issue , the host header injection vulnerability ( CVE-2016-10073 ) also affects Vulnerability-related.DiscoverVulnerability version 2.3 of the software . The issue stems from the fact that the forum software uses user-supplied HTTP HOST header when sending emails from the host on which the forum was installed . That means an attacker could use HTTP HOST header to set the email domain to an arbitrary host . It would require user interaction but if exploited Vulnerability-related.DiscoverVulnerability , it ’ s possible the bug could help an attacker intercept Attack.Databreach a password reset hash and gain access Attack.Databreach to a victim ’ s account . An attacker would have send Attack.Phishing the victim an email tricking Attack.Phishing them into clicking through a password reset link , he says . “ The resulting email will have the sender ’ s address set to noreply @ attackers_server . The password reset link will also contain the attacker ’ s server which could allow the attacker to intercept the hash if the victim user clicked on the malicious link , ” Golunski wrote Thursday . It ’ s possible the vulnerability could also lead to web-cache poisoning if the HOST header is used to form links in web responses Golunski says Vulnerability-related.DiscoverVulnerability . According to Russell , when Vanilla Forums responded to Golunski in January it told him the issue would take some time to fix Vulnerability-related.PatchVulnerability due to the “ complexity of unwinding the use of this server variable without breaking the myriad scenarios it can be used for in open source environments. ” Golunski hinted Vulnerability-related.DiscoverVulnerability at the vulnerabilities in Vanilla Forums back in December but didn ’ t name the software . When he disclosed Vulnerability-related.DiscoverVulnerability the initial PHPMailer bug the researcher mentioned that he had developed an unauthenticated RCE exploit for “ a popular open-source application ( deployed on the Internet on more than a million servers ) as a PoC for real-world exploitation. ” Both the Vanilla Forums vulnerabilities and a similar RCE vulnerability in WordPress 4.6 Golunski disclosed Vulnerability-related.DiscoverVulnerability last week both relate to PHPMailer and PHP mail ( ) function injection . “ The exploits and techniques prove that these type of vulnerabilities could be exploited Vulnerability-related.DiscoverVulnerability by unauthenticated attackers via server headers such as HOST header that may be used internally by a vulnerable application to dynamically create a sender address , ” Golunski told Threatpost Thursday , “ This adds to the originally presented attack surface of contact forms that take user input including From/Sender address . ”

A flaw in unpatched versions of Window 10 could leave machines vulnerable Vulnerability-related.DiscoverVulnerability to EternalBlue , the remote kernel exploit behind the recent WannaCry ransomware attack Attack.Ransom . WannaCry targeted a Server Message Block ( SMB ) critical vulnerability that Microsoft patched Vulnerability-related.PatchVulnerability with MS17-010 on March 14 , 2017 . While WannaCry damage Attack.Ransom was mostly limited to machines running Windows 7 , a different version of EternalBlue could infect Windows 10 . Researchers at RiskSense stripped the original leaked version of EternalBlue down to its essential components and deemed parts of the data unnecessary for exploitation . They found they could bypass detection rules recommended by governments and antivirus vendors , says RiskSense senior security researcher Sean Dillon . This version of EternalBlue , an exploit initially released by Shadow Brokers earlier this year , does not use the DoublePulsar payload common among other exploits leaked by the hacker group . DoublePulsar was the main implant used in WannaCry Attack.Ransom and a key focus for defenders . `` That backdoor is unnecessary , '' says Dillon , noting how it 's dangerous for businesses to only focus on DoublePulsar malware . `` This exploit could directly load malware onto the system without needing to install the backdoor . '' EternalBlue gives instant un-credentialed remote access to Windows machines without the MS17-010 patch update . While it 's difficult to port EternalBlue to additional versions of Windows , it 's not impossible . Unpatched Windows 10 machines are at risk , despite the fact that Microsoft 's newest OS receives exploit mitigations that earlier versions do n't . The slimmed-down EternalBlue can be ported to unpatched versions of Windows 10 and deliver stealthier payloads . An advanced malware would be able to target any Windows machine , broadening the spread of an attack like WannaCry , Dillon explains . It 's worth noting WannaCry was a blatant , obvious attack , he says , and other types of malware , like banking spyware and bitcoin miners , could more easily fly under the radar . `` These can infect a network and you wo n't know about it until years later , '' he says . `` It 's a threat to organizations that have been targets , like governments and corporations . Attackers may try to get onto these networks and lay dormant … then steal Attack.Databreach intellectual property or cause other damage . '' Dillon emphasizes the importance of updating Vulnerability-related.PatchVulnerability to the latest version of Windows 10 , but says patching Vulnerability-related.PatchVulnerability alone wo n't give complete protection from this kind of threat . Businesses with SMB facing the Internet should also put up firewalls , and set up VPN access for users who need external access to the internal network . Businesses should have a good inventory of software and devices on their networks , along with processes for identifying and deploying Vulnerability-related.PatchVulnerability patches as they are released Vulnerability-related.PatchVulnerability , says Craig Young , computer security researcher for Tripwire 's Vulnerability and Exposures Research Team ( VERT ) . This will become even more critical as attackers move quickly from patch to exploit . There will always be a window of opportunity for attackers before the right patches are installed Vulnerability-related.PatchVulnerability , Young notes . EternalBlue is a `` very fresh vulnerability '' given that most breaches that use exploits leverage flaws that have been publicly known Vulnerability-related.DiscoverVulnerability for an average of two years or more . `` EternalBlue is a particularly reliable exploit that gives access to execute code at the very highest privilege level , so I would expect that hackers and penetration testers will get a lot of use out of it for years to come , '' he says .

Half a million smart devices including webcams and baby monitors in the city are currently vulnerable Vulnerability-related.DiscoverVulnerability to cyber attack . BARCELONA , Spain -- ( BUSINESS WIRE ) -- Avast , the leader in digital security products for consumers and businesses , today reveals the findings Vulnerability-related.DiscoverVulnerability from its latest research experiment into smart devices , including public and private webcam vulnerabilities in Spain , and , specifically , in Barcelona . Avast identified Vulnerability-related.DiscoverVulnerability more than 22,000 webcams and baby monitors in the city that are vulnerable Vulnerability-related.DiscoverVulnerability to attack , which means that cybercriminals could livestream the videos directly to the internet . The findings identified Vulnerability-related.DiscoverVulnerability more than 493,000 smart devices in Barcelona and 5.3 million in Spain overall – including smart kettles , coffee machines , garage doors , fridges , thermostats and other IP-connected devices – that are connected to the internet and vulnerable Vulnerability-related.DiscoverVulnerability to attacks . As webcams and other devices are vulnerable Vulnerability-related.DiscoverVulnerability , there are a range of security , legal and privacy concerns to be addressed Vulnerability-related.PatchVulnerability . Snoopers could easily access and watch Attack.Databreach Mobile World Congress visitors and Barcelona residents in private and public spaces , and stream Attack.Databreach the video directly to the internet , or turn the device into a bot . When a device is infected , it can also be used to infect other devices , to add them to a botnet , or to take control over them and do harm to their owner . This includes kitchen and other household devices , to which cybercriminals can give remote orders , for example , to heat up water in a kettle . Smart device manufacturers also collect and store private user data , including behavioral data , contact information , and credit card details , which poses an additional risk if intercepted Attack.Databreach by cybercriminals . And while the problem is in no way confined to Barcelona , Spain , or indeed to webcams , it is particularly challenging for the city as it is hosting thousands of mobile and technology industry executives at Mobile World Congress 2017 this week . In the experiment , Avast found : Conducted in partnership with IoT search engine specialists Shodan.io , the experiment proves just how easy it is for anyone - including cybercriminals - to scan IP addresses and ports over the Internet and classify what device is on each IP address . And , with a little extra effort and know-how , hackers can also find out the type of device ( webcam , printer , smart kettle , fridge and so on ) , brand , model and the version of software it is running . “ With databases of commonly known device vulnerabilities publicly available , it doesn ’ t take a vast amount of effort and knowledge for cybercriminals to connect the dots and find out Vulnerability-related.DiscoverVulnerability which devices are vulnerable Vulnerability-related.DiscoverVulnerability , ” comments Vince Steckler , CEO at Avast . “ And even if the devices are password protected , hackers often gain access by trying out the most common user names and passwords until they crack it ” . Avast ’ s latest research experiment highlights a serious and growing problem which , unless addressed , will only worsen in line with the increasing number of devices connected to the Internet . Vince Steckler , Avast , continues : “ If webcams are set to livestream for example , hackers or anyone can connect , making it easy for cybercriminals to spy on innocent Mobile World Congress trade show visitors , or oblivious school pupils , workers or citizens nearby . In the future , we could also see cases where cybercriminals harvest Attack.Databreach personal data , including credit card information from unsuspected IoT users ” . To be aware of vulnerabilities and secure all connected devices against unwanted attacks , users need to contribute to making the online world a safer place by keeping software updated and choosing strong , complex passwords .