APACHE FIXED CRITICAL RCE FLAW CVE-2023-50164 at STRUTS 2

The Apache Software Foundation fixed a critical file upload vulnerability in the Struts 2 open-source framework. This flaw, tracked as CVE-2023-50164, could allow remote code execution.

An attacker can manipulate file upload parameters to upload a malicious file and execute code on the server.

• International
• Vulnerabilities

MITRE discloses 2024 CWE Top 25 critical software flaw

By infosecbulletin / Sunday , November 24 2024

MITRE identified Cross-site scripting as the most critical software flaw in its recent published report of the past year. The...

Read More

• Cyber Attack

Python NodeStealer: harvest credit card and Facebook Ads Manager

By infosecbulletin / Sunday , November 24 2024

Jan Michael Alcantara of Netskope Threat Labs reported, Python NodeStealer has resurfaced with advanced techniques and a broader target range....

Read More

• Alert
• Data Breach
• International
• Vulnerabilities

Cisco Talos
Over 60% of Emails with QR Codes are spam

By infosecbulletin / Saturday , November 23 2024

Generally scanning a malicious QR code from an unknown source can be harmful. Cisco Talos research shows that many people...

Read More

• Alert
• International
• Vulnerabilities

CERT-In Flags Multiple Critical Vulnerabilities in Zoom app

By infosecbulletin / Saturday , November 23 2024

CERT-In issued a security advisory for multiple vulnerabilities in the Zoom app that could let attackers access sensitive information, escalate...

Read More

• Daily Security Update

Daily Security Digest Dated 11/23/24

By infosecbulletin / Saturday , November 23 2024

Every day a lot of cyberattack happenings around the world including ransomware, Malware attack, data breaches, website defacement and so...

Read More

• Alert
• Hot Topic
• jobs
• jobs
• Vulnerabilities

SafetyDetectives’ Research
Malware evades Microsoft Defender and 2FA, stealing $24K in crypto (video)

By infosecbulletin / Friday , November 22 2024

SafetyDetectives researchers found that Microsoft Defender was tricked by malware which allowed cryptocurrency theft from a user while analyzing a...

Read More

• Alert
• Cyber Attack
• Vulnerabilities

Over 145,000 ICS Across 175 Countries Found Exposed Online

By infosecbulletin / Friday , November 22 2024

A study by Censys found that more than 145,000 Industrial Control Systems (ICS) are exposed online in 175 countries, highlighting...

Read More

• Uncategorized

World to see AI powered “human washing machines”

By infosecbulletin / Friday , November 22 2024

Osaka-based showerhead maker Science Co. is developing a new version of human washing machine based on cutting-edge technology. The company...

Read More

• Alert
• Cyber Attack
• Vulnerabilities

Hacker compromised over 2000 Palo Alto Networks Firewalls

By infosecbulletin / Friday , November 22 2024

Over 2,000 Palo Alto Networks firewalls have been compromised in a widespread attack using two recently patched vulnerabilities (CVE-2024-0012 and...

Read More

• Cyber Attack
• International
• Social media
• Vulnerabilities

“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records

By infosecbulletin / Thursday , November 21 2024

Renowned cybersecurity researcher Jeremiah Fowler uncovered a non-password-protected database having over 1.1 million records linked to Conduitor Limited (Forces Penpals)....

Read More

“An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.” reads the advisory published by Apache Software Foundation. Upgrade to Struts 2.5.33 or higher, as advised by the foundation.

Steven Seeley from Source Incite reported the vulnerability. Apache has not confirmed any active exploitation in attacks.

ALSO READ:

Mid-sized Canadian firms pay an average $1.13 million to ransomware gangs