A new vulnerability was reported in Apache Tomcat. An unauthorized attacker can execute arbitrary code on the target system. They can send a specially crafted HTTP PUT request to upload an arbitrary JSP file to the target system and then request the file to execute arbitrary code on the target system. The code will run with the privileges of the target service.
Windows-based systems with HTTP PUTs enabled are affected. Microsoft has released a large batch of security updates to patch the vulnerability.
A software engineer has discovered a critical vulnerability in WhatsApp that lets anyone with a WhatsApp account and access to your phone number (the one tied to your WhatsApp account) know just how much time you spend on WhatsApp. The flaw, depending on how avid a WhatsApp user you are, could also let someone estimate fairly accurately things such as at what time you go to bed and at what time you wake up.
References: Hackers can Figure Out When You Go To Sleep Via a WhatsApp Flaw | WhatsApp Flaw Lets Hackers Know When You Fall Asleep | WhatsApp Flaw May Be Exploited to Reveal When a User is Online or is Talking to Someone Else
Check out our new blog posts, plus you can follow the blog on our social media outlets.
*IP addresses provided by Recorded Future.
Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.