Vulnerability in Apache Tomcat affects Windows

This week, the Alert Logic team highlights a vulnerability found in WhatsApp and how Apache Tomcat affects Windows.

Malware

Vulnerability in Apache Tomcat affects Windows 

A new vulnerability was reported in Apache Tomcat. An unauthorized attacker can execute arbitrary code on the target system. They can send a specially crafted HTTP PUT request to upload an arbitrary JSP file to the target system and then request the file to execute arbitrary code on the target system. The code will run with the privileges of the target service.

Windows-based systems with HTTP PUTs enabled are affected. Microsoft has released a large batch of security updates to patch the vulnerability.

References: Apache Tomcat | Apache Tomcat on Windows | Code Execution Vulnerability has been Patched in Apache Tomcat

Mitigation Strategies:

Data Breach

A Critical Vulnerability Found in WhatsApp

A software engineer has discovered a critical vulnerability in WhatsApp that lets anyone with a WhatsApp account and access to your phone number (the one tied to your WhatsApp account) know just how much time you spend on WhatsApp. The flaw, depending on how avid a WhatsApp user you are, could also let someone estimate fairly accurately things such as at what time you go to bed and at what time you wake up.

Anyone with a basic technical understanding of JavaScript and a Chrome extension can exploit the flaw and track an individual's WhatsApp usage. The tracking is done using the user's 'last seen' and 'online' status data. Tracking this data, the hacker can potentially check up on an individual's activity at any given time.

References: Hackers can Figure Out When You Go To Sleep Via a WhatsApp Flaw | WhatsApp Flaw Lets Hackers Know When You Fall Asleep | WhatsApp Flaw May Be Exploited to Reveal When a User is Online or is Talking to Someone Else

Mitigation Strategies:

Security Insights

More Security Insights and Industry News

Check out our new blog posts, plus you can follow the blog on our social media outlets.

This Week's Suspicious IP Addresses

128.199.115.119 60.191.40.196
185.188.207.15 185.94.111.1
218.95.249.42 192.240.123.140

*IP addresses provided by Recorded Future.