RATE Group | Hackers latch onto new Apache Struts megavuln to mine cryptocurrency • The Register
40642
post-template-default,single,single-post,postid-40642,single-format-standard,ajax_fade,page_not_loaded,,qode_grid_1300,side_area_uncovered_from_content,footer_responsive_adv,qode-content-sidebar-responsive,qode-child-theme-ver-1.0.0,qode-theme-ver-13.3,qode-theme-bridge,wpb-js-composer js-comp-ver-7.9,vc_responsive
 

Hackers latch onto new Apache Struts megavuln to mine cryptocurrency • The Register

30 Aug Hackers latch onto new Apache Struts megavuln to mine cryptocurrency • The Register

Posted at 19:25h in Cryptocurrency News by

[ad_1]

A recently uncovered critical vulnerability in Apache Struts is already being exploited in the wild.

Threat intel firm Volexity has warned that hackers are abusing the CVE-2018-11776 vuln to attack systems running Apache Struts 2, a popular open-source framework for developing applications in Java. Specifically, some nasty characters have abused the flaw while trying to install the CNRig cryptocurrency miner, researchers said.

The vulnerability appears to be easier to exploit than the Struts flaw that was used in the infamous Equifax breach, so cryptocurrency scams may be the least of our worries.

hole

Apache’s latest SNAFU – Struts normal, all fscked up: Web app framework needs urgent patching

READ MORE

CVE-2018-11776 affects versions 2.3 up to 2.3.34 as well as Struts 2.5 up to 2.5.16. It also poses a potential risk to unsupported versions of the framework. Uncovered by software…

[ad_2]

Source link

Tags:
, , , , , ,