Tag Archive for: Vulnerability

Cisco issues critical warning around Apache Struts2 vulnerability

/in

Cisco’s security team today called the weakness in Apache Struts “critical” and is evaluating many its products to assess the impact.

The company said it will publish a list of vulnerable products here as it learns of them.

Earlier this week Apache revealed a vulnerability in the Jakarta multipart parser used in Apache Struts2 that could let an attacker execute commands remotely on the targeted system using what’s known as acrafted Content-Type header value.

-More on Network World: Cisco’s Jasper deal – one year, 18 million new IoT devices later, challenges remain+

To read this article in full or to leave a comment, please click here

Network World Security

Cyber attack on Barts NHS trust exploited zero-day vulnerability – ComputerWeekly.com

/in

Cyber attack on Barts NHS trust exploited zeroday vulnerability
ComputerWeekly.com
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers. You also agree that your personal information may be transferred and processed in the United

zero day – read more

Risk Reduction: Zeroing In on the Zero-Day Vulnerability – Security Intelligence (blog)

/in

Security Intelligence (blog)

Risk Reduction: Zeroing In on the ZeroDay Vulnerability
Security Intelligence (blog)
All it takes is one zeroday vulnerability to ruin the release of software that is otherwise secure or put devices at risk after a critical update. Despite a growing focus on defeating zero-days, they remain popular among cybercriminals. As noted by SC

zero day – read more

Severe vulnerability in Cisco’s WebEx extension for Chrome leaves PCs open to easy attack

/in

Anyone who uses the popular Cisco WebEx extension for Chrome should update to the latest version pronto. Google security researcher Tavis Ormandy recently discovered a serious vulnerability in the Chrome extension that leaves PCs wide open to attack.

In older versions of the extension (before version 1.0.3) malicious actors could add a “magic string” to a web address or file hosted on a website. The magic string was designed to remotely activate the WebEx browser extension. Once the extension was activated the bad guys could execute malicious code on the target machine. 

To read this article in full or to leave a comment, please click here

Network World Security