Hackers are actively exploiting a critical vulnerability that allows them to take almost complete control of Web servers used by banks, government agencies, and large Internet companies. The code-execution bug resides in the Apache Struts 2 Web application framework and is trivial to exploit.
The vulnerability resides in what's known as the Jakarta file upload multipart parser, which according to official Apache Struts 2 documentation is a standard part of the framework and needs only a supporting library to function. Apache Struts versions affected by the vulnerability include Struts 2.3.5 through 2.3.31, and 2.5 through 2.5.10. Servers running any of these versions should upgrade to 2.3.32 or 220.127.116.11 immediately.
References: Hackers Exploit Apache Struts Vulnerability to Compromise Corporate Web Servers | 7 Things That Happened After WikiLeaks Dumped The CIA Hacking Files | Critical Vulnerability Under “Massive” Attack Imperils High-Impact Sites
RawPOS, which has been in operation since 2008, has compromised Numerous retail operations of various sizes. Despite being almost a decade old, RawPOS is still going strong and cybersecurity researchers have discovered a new version of it which it said has remained undetected by an unnamed 'legacy antivirus vendor' for over a month.
Researchers have concluded that the newer variant of RawPOS has no new functionality, because it is most likely an attempt to evade signatures, as evidenced on the code areas that changed.
*IP addresses provided by Recorded Future.
Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.