Sep 14

Scammers Love Natural Disasters

Posted on September 14, 2018 at 10:02 AM by Kevin Taylor

Scammers generally take advantage of public interest during natural disasters and other high profile events in order to conduct criminal activity. We expect that this trend will continue with attempts to conduct financial fraud and spread malware during and after disaster relief activities for Hurricane Florence. 

In conjunction with MS-ISAC we are providing this bulletin with steps you can take to avoid falling victim to these scams.  Please share this link with your friends and family.

https://www.edennc.us/DocumentCenter/View/10842/2018-September---Major-Storm-Intel-Advisory




Aug 22

Vulnerability in Apache Struts Could Allow for Remote Code Execution

Posted on August 22, 2018 at 1:11 PM by Kevin Taylor

DATE(S) ISSUED:

08/22/2018

 

SUBJECT:?

A Vulnerability in Apache Struts Could Allow for Remote Code Execution

 

OVERVIEW:

A vulnerability has been discovered in Apache Struts, which could allow for remote code execution. Apache Struts is an open-source, MVC framework for creating Java web applications. Successfully exploiting this vulnerability could allow for remote code execution in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition.

 

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

 

SYSTEMS AFFECTED:

  • Apache Struts versions prior to 2.3.35
  • Apache Struts versions prior to 2.5.17

 

RISK:

Government:

  • Large and medium government entities: High
  • Small government: High

Businesses:

  • Large and medium business entities: High
  • Small business entities: High

Home users: Low

 

TECHNICAL SUMMARY:

A vulnerability has been discovered in Apache Struts, which could allow for remote code execution. Apache Struts is prone to a remote code-execution vulnerability (CVE-2018-11776). Specifically, this issue occurs when handling specially-crafted results with no namespace, or a URL tag without value and action set.

 

Successfully exploiting this vulnerability could allow for remote code execution in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition.

 

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Upgrade to the latest version of Apache Struts immediately, after appropriate testing.
  • Verify no unauthorized system modifications have occurred on system before applying patch.
  • Apply the principle of Least Privilege to all systems and services.
  • Remind users not to visit websites or follow links provided by unknown or untrusted sources.

 

REFERENCES:???

CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11776

 

Apache:

https://cwiki.apache.org/confluence/display/WW/S2-057


Aug 17

Critical Updates for Microsoft Products

Posted on August 17, 2018 at 11:55 AM by Kevin Taylor

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Continue Reading...