Saturday, March 11, 2017

Cyber Updates - 11/03

Hey all,
Here are this week's cyber updates:

(1) A remote code execution vulnerability (CVE-2017-5638) has been discovered in Apache Struts. In particular, the Jakarta Multipart parser doesn’t properly parse the content-type header when processing a file upload request, thus allowing malicious operating system commands to be executed by simply specifying '#cmd=(command)' in the header.

This attack has been exploited in the wild.
Organizations that use Apache Struts are requested to immediately update their web servers.

Here is a valid exploit code:
https://github.com/rapid7/metasploit-framework/issues/8064 

And here are all the details:
https://cwiki.apache.org/confluence/display/WW/S2-045

(2) Verifone’s corporate network has been breached. According to the company, the attack was limited in scope, but did not affect its payment services network. However, on January 23rd the company sent an urgent mail to all staff and contractors asking them to change their passwords.
It is suggested that Russian hackers have hacked Verifone since mid-2016, and have been able to compromise pay-at-the-pump credit card readers.

Here are all the details:
https://krebsonsecurity.com/2017/03/payments-giant-verifone-investigating-breach/


Stay tuned for more updates,

Dan Gurfinkel
Head of Offensive Security & Response Unit