Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug

Click here to subscribe to Informationweek.com

Categories: Services | Professionals Business goods Financially Kantoor Marketing Retail Retail Industry Machines Age: 14 until 18 year 19 until 30 year 31 until 64 years

11 months ago

Html
Text

CVE-2023-50164 is harder to exploit than the 2017 Struts bug behind the massive breach at Equifax, but don't underestimate the potential for attackers to use it in targeted attacks.

Follow Dark Reading:

December 18, 2023

LATEST SECURITY NEWS & COMMENTARY

Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug CVE-2023-50164 is harder to exploit than the 2017 Struts bug behind the massive breach at Equifax, but don't underestimate the potential for attackers to use it in targeted attacks. Meta's AI-Powered Ray-Bans Portend Privacy Issues AI will make Meta's smart glasses more attractive for consumers. But can the company straddle cutting-edge functionality and responsible data stewardship? Complex 'NKAbuse' Malware Uses Blockchain to Hide on Linux, IoT Machines The multifaceted malware leverages the NKN blockchain-based peer-to-peer networking protocol, operating as both a sophisticated backdoor and a flooder launching DDoS attacks. In Appreciation: ESET Founder Rudolf Hruby Passes Away Cybersecurity pioneer and soccer fan Rudolf Hruby was a prominent business figure in post-independence Slovakia. Pro-Hamas Cyberattackers Aim 'Pierogi' Malware at Multiple Mideast Targets Gaza Cybergang has created a new backdoor version stuffed with tools to spy on and attack targets. Soft Skills Every CISO Needs to Inspire Better Boardroom Relationships Now more than ever, CISOs have an opportunity to impact business strategy and change the culture of their organization. Omdia: Standalone Security Products Still Reign over All-In-One Cybersecurity Platforms Cybersecurity platform vendors say enterprises want to buy fewer solutions from fewer vendors. Omdia research, however, tells a different, more nuanced story. (Sponsored Article) Ragnar Locker Takedown Alone Won't Stop Ransomware Growth, but Here's What Will Companies must ask how at risk they are and how limited their operations would be after a cyberattack, then address gaps to make paying ransomware less necessary. MORE NEWS / MORE COMMENTARY


HOT TOPICS
New 'GambleForce' Threat Actor Behind String of SQL Injection Attacks The fresh-faced cybercrime group has been using nothing but publicly available penetration testing tools in its campaign so far. Zoom's Bug-Scoring System Prioritizes Riskiest Vulns for Cyber Teams New vulnerability impact scoring system aims to help cyber defenders find threats and patch against bugs most likely to disrupt their environments. The Unlikely Romance of Hackers and Government Suitors Very little modern federal infrastructure is managed by the government — putting a substantial portion of potentially targetable attack surfaces under oversight of federal contractors. Safeguarding Our Children's Digital Future: A Call to Action Frequent cyberattacks on America's schools are putting our children at risk. Urgent action is needed to protect students and families. MORE

PRODUCTS & RELEASES

Cybersecurity Startup, Xeol, Raises $3.2M in Seed Round Swinfen Charitable Trust, UVA Health, Telemedicine AI, and MITRE Collaborate on Secure Global Health Telemedicine Stamus Networks Supports NATO Red Teaming Cyber Exercise for the Fifth Consecutive Year Survey: 90% of IT Pros Felt Prepared for a Password-Based Cyberattack, Yet More Than Half Fell Victim to One MORE PRODUCTS & RELEASES

EDITORS' CHOICE

Volt Typhoon-Linked SOHO Botnet Infects Multiple US Gov't Entities Chinese threat actors are taking advantage of the poor state of edge security to breach both small and big fish. LATEST FROM THE EDGE
Tips for Modernizing SecOps Teams Dark Reading's special report looks at ways security operations teams can improve their efficiency and effectiveness to address the latest threats. LATEST FROM DR TECHNOLOGY
Smartphones That Help You Bust Out of the Android/iOS Ecosystem If you are in the market for a smartphone but want to break away from the Apple-Google duopoly, look no further: these alternative smartphones are based on various Linux variants and custom hardware. LATEST FROM DR GLOBAL
UAE to Chair World Bank's Cloud Computing Working Group The World Bank recognized UAE for its work with the private sector in implementing and securing cloud systems.

WEBINARS

2024 API Security Trends & Predictions What's In Your Cloud?

View More Dark Reading Webinars >>

WHITE PAPERS

2023 IT Service Management Vendor Rankings & Quadrant Perspectives on Security for the Board - 3rd Edition The New Frontier of Cyber Security: Securing the Network Edge Cloud Crisis Management: Tech Insights Report The Forrester Wave™: Vulnerability Risk Management, Q3 2023 Cloud Security Maturity Model: Vision, Path, Execution How to Develop an AI Governance Program

View More White Papers >>

FEATURED REPORTS

What Ransomware Groups Look for in Enterprise Victims

Ransomware attackers cast a wide net -- they just care about causing damage, making money, and gaining new victims. That means no organization is automatically immune to attack just because of its size or industry. Organizations need to take steps ...

How to Use Threat Intelligence to Mitigate Third-Party Risk

The report discusses the various steps of a continuous third-party intelligence lifecycle: Data collection, Data classification, Data storage, Data analysis, reporting, dissemination, continuous monitoring, data governance, and choosing the right technology stack. The report also includes information about how attackers ...

Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks

The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ...

View More Dark Reading Reports >>

Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA

To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.

Thoughts about this newsletter? Give us feedback.

Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.

We take your privacy very seriously. Please review our Privacy Statement.

Share on

Other newsletters from Informationweek.com

Achieving Optimal Security Outcomes Through Platformization Informationweek.com
16 hours ago
FEATURES EDITION | Microsoft Highlights Security Exposure Management at Ignite Informationweek.com
18 hours ago
Chinese APT Gelsemium Deploys 'Wolfsbane' Linux Variant Informationweek.com
Yesterday at 14:04

More newsletters from Informationweek.com

Related newsletters

View other categories

Services | Professionals Business goods Financially Kantoor Marketing Retail Retail Industry Machines