In an advisory yesterday, the Apache Software Foundation reiterates its recommendation for users of Struts to make sure their installations run a version of the Commons FileUpload library newer than 1.3.2, lest they expose their projects to possible remote code execution attacks.
Mirai and Gafgyt, two of the best known IoT botnets, have forked once again, but the new variants peek at the corporate sector for creating or replenishing their denial-of-service resources for distributed attacks.
After last week a security researcher revealed a vulnerability in Apache Struts, a piece of very popular enterprise software, active exploitation attempts have started this week.
Security researchers have detected a new wave of cryptocurrency-mining malware infecting servers across the web, and this one is using multiple exploits to gain access to vulnerable and unpatched systems to install a Monero miner.
An aggressive and sophisticated malware campaign is currently underway, targeting Linux and Windows servers with an assortment of exploits with the goal of installing malware that mines the Monero cryptocurrency.
In an update posted to its security breach website, Equifax said hackers used an Apache Struts security bug to breach its servers and later steal data on over 143 million customers, from both the US and the UK.
Cisco has initiated a mass security audit of all its products that incorporate a version of the Apache Struts framework, recently affected by a series of vulnerabilities, one of which is under active exploitation.
An estimated 65% of Fortune 100 companies could be vulnerable to a security bug discovered in Apache Struts, a popular Java MVC framework used in the development of many top-grade enterprise applications.
For more than a month, at least ten groups of attackers have been compromising systems running applications built with Apache Struts and installing backdoors, DDoS bots, cryptocurrency miners, or ransomware, depending if the machine is running Linux or Windows.