Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: #Struts2 Update; Drupal7 Services Module RCE; Haraka Xploit - SANS Internet Storm Center #Struts2 Update; Drupal7 Services Module RCE; Haraka Xploit


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
podcast logo

ISC StormCast for Friday, March 10th 2017

A daily summary of network and system security news from the SANS Internet Storm Center
Author:Johannes B. Ullrich, Ph.D.
See below for a schedule of classes I teach.
Created: Friday, March 10th 2017
Length: 5:18 minutes
Today's Headline: #Struts2 Update; Drupal7 Services Module RCE; Haraka Xploit

If you like this podcast, then please consider telling others about it. Use this button to Tweet about this episode: click here. Errors? Corrections? Complaints? Player Problems? Please let us know here: https://isc.sans.edu/contact.html

Plain HTML5 Player
Fancy Player (with skip back/forward)

Show Notes

Struts 2 Update
https://isc.sans.edu/forums/diary/Critical+Apache+Struts+2+Vulnerability+Patch+Now/22169/

Exploits Against Haraka Mail Server
https://github.com/outflanknl/Exploits/blob/master/harakiri-CVE-2016-1000282.py

Android Password Stealing Apps
http://www.welivesecurity.com/2017/03/09/new-instagram-credentials-stealers-discovered-google-play/

Drupal Services Module Vulnerability and Exploit
https://www.ambionics.io/blog/drupal-services-module-rce
https://www.drupal.org/node/2858847

Discussion

Thank you Johannes B. Ullrich,
Posted by Netmanzim on Fri Mar 10 2017, 09:42

New Discussions closed for all Podcasts older than two(2) weeks
Please send your comments to our Contact Form

Interested in attending one of my classes? See below for my current schedule.

IPv6 EssentialsWashingtonDec 12th - Dec 13th 2017
Defending Web Applications Security EssentialsWashingtonDec 14th - Dec 19th 2017