POPULARITY
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Struts2 devmode Still a Problem Ten Years Later https://isc.sans.edu/forums/diary/Struts%20%22devmode%22%3A%20Still%20a%20problem%20ten%20years%20later%3F/30866/ Analyzing Forest Blizard's Custom Post-Compromise Tool for exploiting CVE-2022-38028 https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/ April 2024 Exchange Server Hotfix Update https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2024-exchange-server-hotfix-updates/ba-p/4120536 CVE-2024-2389: Command Injection Vulnerability in Progress Flowmon https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon/ GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Struts2 devmode Still a Problem Ten Years Later https://isc.sans.edu/forums/diary/Struts%20%22devmode%22%3A%20Still%20a%20problem%20ten%20years%20later%3F/30866/ Analyzing Forest Blizard's Custom Post-Compromise Tool for exploiting CVE-2022-38028 https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/ April 2024 Exchange Server Hotfix Update https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2024-exchange-server-hotfix-updates/ba-p/4120536 CVE-2024-2389: Command Injection Vulnerability in Progress Flowmon https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon/ GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
株式会社エーアイセキュリティラボは12月23日、脆弱性診断の自動化ツール「AeyeScan」のアップデートについて発表した。
Keith Hoodlet and Paul Asadoorian talk about The Apache Struts2 RCE Vulnerability. They cover: - CVE-2018-11776 - How the 3 Ways of DevOps can guide us toward better security practices - Shared Version Control - Test Environments - Shared Ticketing - ChatOps - Buying Time Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30 Follow us on Twitter: https://www.twitter.com/securityweekly
Keith Hoodlet and Paul Asadoorian talk about The Apache Struts2 RCE Vulnerability. They cover: - CVE-2018-11776 - How the 3 Ways of DevOps can guide us toward better security practices - Shared Version Control - Test Environments - Shared Ticketing - ChatOps - Buying Time Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30 Follow us on Twitter: https://www.twitter.com/securityweekly
Enregistré le 2017/09/13
In our continuing series on the Struts2 vulnerability announcement and the breach at Equifax, we spoke with Mark Thomas, Director, Apache Software Foundation, and Brian Fox, CTO, Sonatype to clarify the processes ASF goes through when a vulnerability is found within one of their projects. About Mark Thomas Mark is currently employed by Pivotal where he spends most of his time working on Apache Tomcat. At the Apache Software Foundation, Mark is a committer and PMC member for Apache Tomcat as well as other projects. At the foundation level he is an ASF member, a member of the security and trademarks committees, is an infrastructure volunteer and a Director. Mark speaks regularly on Apache Tomcat including at ApacheCon.
A conversation on the ramifications of recent Struts2 announcements, the exploit at Equifax and the responsibility of companies using open source software. David Blevins, CEO, TomiTribe Brian Fox, CTO, Sonatype
The nightmare that is patching IoT devices, essential bug bounty programs, controlling voice assistants, flaws in Apache Struts2, and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode529
The nightmare that is patching IoT devices, essential bug bounty programs, controlling voice assistants, flaws in Apache Struts2, and more security news! Full Show Notes: https://wiki.securityweekly.com/Episode529
What you should know about the latest struts2 vulnerability announcement w/ Brian Fox, CTO Sonatype, and Matthew Konda , Chair, OWASP Board of Directors. If you're a developer and concerned about security, a struts2 vulnerability announcement came out yesterday. I interviewed two experts to talk about the announcement and what you should be looking for. If you would like to watch a video of the interview, you can find it on YouTube: https://www.youtube.com/watch?v=jtUfPom06bo
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Creating SHA3 Hashes with sigs.py https://isc.sans.edu/forums/diary/New+tool+sigspy/22181/ Canada Revenue Agency Website Attacked / Down over Struts2 http://www.cbc.ca/news/politics/cra-internet-vulnerability-government-1.4022591 Webkit Exploit Adobted to Nintendo Switch https://www.youtube.com/watch?v=xkdPjbaLngE Analysis of Outdated Javascript Libraries on the Web http://www.ccs.neu.edu/home/arshad/publications/ndss2017jslibs.pdf Github Enterprise SAML Authentication Bypass http://www.economyofmechanism.com/github-saml
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Creating SHA3 Hashes with sigs.py https://isc.sans.edu/forums/diary/New+tool+sigspy/22181/ Canada Revenue Agency Website Attacked / Down over Struts2 http://www.cbc.ca/news/politics/cra-internet-vulnerability-government-1.4022591 Webkit Exploit Adobted to Nintendo Switch https://www.youtube.com/watch?v=xkdPjbaLngE Analysis of Outdated Javascript Libraries on the Web http://www.ccs.neu.edu/home/arshad/publications/ndss2017jslibs.pdf Github Enterprise SAML Authentication Bypass http://www.economyofmechanism.com/github-saml
Nuestro primer ejemplo con el framework Struts 2
Nuestro primer ejemplo con el framework Struts 2