433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Exploit attempts inspired by recent Struts2 File Upload Vulnerability (CVE-2024-53677, CVE-2023-50164), (Sun, Dec 15th)

Last week, Apache announced a vulnerability in Struts2 [1]. The path traversal vulnerability scored 9.5 on the CVSS scale. If exploited, the vulnerability allows file uploads into otherwise restricted directories, which may lead to remote code execution if a webshell is uploaded and exposed in the web root. I call the exploit attempts below “inspired” by this vulnerability. There are at least two vulnerabilities that could be targeted. I do not have a vulnerable system to test if the exploit will work.
http://news.poseidon-us.com/TGpG8B

Week in review: Microsoft fixes exploited 0-day, top cybersecurity books for your holiday gift list

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes exploited zero-day (CVE-2024-49138) On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s been exploited by attackers in the wild to execute code with higher privileges. Top cybersecurity books for your holiday gift list The holiday season is approaching, and with it, the tradition of gift-giving. For professionals … More → The post Week in review: Microsoft fixes exploited 0-day, top cybersecurity books for your holiday gift list appeared first on Help Net Security.
http://news.poseidon-us.com/TGpD61

Apple Updates Everything (iOS, iPadOS, macOS, watchOS, tvOS, visionOS), (Wed, Dec 11th)

Apple today released patches for all of its operating systems. The updates address 46 different vulnerabilities. Many of the vulnerabilities affect more than one operating system. None of the vulnerabilities are labeled as being already exploited.
http://news.poseidon-us.com/TGkY0r

Military recruitment social media tactics aren’t working very well

“They are thinking a lot of their advertising dollars into social media and digital media to try to reach that Generation Z,” said Alissa Czyz. The post Military recruitment social media tactics aren’t working very well first appeared on Federal News Network.
http://news.poseidon-us.com/TGkXsh

Military recruitment social media tactics aren’t working very well

“They are thinking a lot of their advertising dollars into social media and digital media to try to reach that Generation Z,” said Alissa Czyz. The post Military recruitment social media tactics aren’t working very well first appeared on Federal News Network.
http://news.poseidon-us.com/TGkXj9

What’s it like to be career and the number two medical officer at VA

“The Veterans Health Administration truly provides great care for veterans. That’s why we encourage veterans to come,” said Steven Lieberman. The post What’s it like to be career and the number two medical officer at VA first appeared on Federal News Network.
http://news.poseidon-us.com/TGkXJn