PoC Exploit Targeting Apache Struts Surfaces on GitHub
Researchers have discovered freely available PoC code and exploit that can be used to attack unpatched security holes in Apache Struts 2.
Vulnerabilities
Mac Users Targeted by Spyware Spreading via Xcode Projects
The XCSSET suite of malware also hijacks browsers, has a ransomware module and more — and uses a pair of zero-day exploits.
Threat Roundup for August 7 to August 14
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between August 7 and August 14. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]
The post Threat Roundup for August 7 to August 14 appeared first on Cisco Blogs.
Amazon Alexa Vulnerabilities Exposed User Data
Check Point security researchers have identified a series of vulnerabilities that open the gate for a variety of attacks targeting Alexa, Amazon’s virtual assistant.
read more
XCSSET Mac Malware Steals Information, Spreads via Xcode Projects
A newly discovered piece of malware designed to target macOS systems spreads through Xcode projects and exploits what researchers have described as two zero-day vulnerabilities.
read more
Microsoft August Patch Tuesday Addressed 120 Bugs With Two Zero-Days
Microsoft scheduled updates for this month are out. With Patch Tuesday August, Microsoft fixed over a hundred security vulnerabilities including
Microsoft August Patch Tuesday Addressed 120 Bugs With Two Zero-Days on Latest Hacking News.
High-Severity TinyMCE Cross-Site Scripting Flaw Fixed
The cross-site scripting flaw could enable arbitrary code execution, information disclosure – and even account takeover.
Potentially Serious Vulnerability Found in Popular WYSIWYG Editor TinyMCE
A potentially serious cross-site scripting (XSS) vulnerability affecting the TinyMCE rich text editor can be exploited — depending on the implementation — for privilege escalation, obtaining information, or account takeover.
read more
FireEye Launches Public Bug Bounty Program on Bugcrowd
FireEye this week announced that its Bugcrowd-powered bug bounty program has become public, for all registered researchers to participate.
read more
Amazon Alexa ‘One-Click’ Attack Can Divulge Personal Data
Researchers disclosed flaws in Amazon Alexa that could allow attackers to access personal data and install skills on Echo devices.