Sangfor Blog

Struts2 devMode Remote Code Execution Vulnerability

18/07/2016 17:25:31

In recent months, Struts2 exposed several critical vulnerabilities. This vulnerability appears when devMode is enabled, and allows attackers to execute code remotely. Even arbitrary instructions can be executed remotely if WebService startup privilege is the highest, such as commands for shutdown, creating new user accounts, deleting all the files on the server, and so on. ...

The hacker behind the Twitter account 0x2Taylor is claiming to have breached one of the Amazon servers containing 80,000 login credentials of Kindle users.

13/07/2016 17:10:26

The hacker 0x2Taylor is claiming to have breached an Amazon server containing login credentials of Kindle users. As a proof the hack, the hacker leaked online more than 80,000 credentials belonging to Amazon users, he also explained that the company ignored his warnings about the existence of vulnerabilities in its servers....

New Android malware has already infected 10 million devices worldwide

07/07/2016 17:00:58

Another day, another report of Android malware wreaking havoc across the world. Earlier this month, security researchers from Check Point published a report on a newly discovered piece of malware called HummingBad that has reportedly infected as many as 10 million devices worldwide....

Struts2 Exposed Remote Code Execution Vulnerability(S2-037)

28/06/2016 17:00:46

Struts2 revealed a vulnerability of high-risk named S2-037, CVE Number: CVE - 2016-4438, which allows hackers to take advantage of the vulnerability to directly execute arbitrary code, upload files, execute a remote command & control server, and steal all of the user's data directly. This vulnerability is affecting a wide range Struts versions....

Hacker steals 45 million accounts from hundreds of car, tech, sports forums

17/06/2016 17:00:04

A hacker has stolen tens of millions of accounts from over a thousand popular forums, which host popular car, tech, and sports communities....

Charging your smartphone’s battery over USB can be dangerous

27/05/2016 16:50:35

Chances are that each of us has found ourselves in a situation where our phone is dying and we have no charger on hand, but at the same time we desperately need to stay connected — to answer an important call, receive a text message or email, whatever....

Bank Hack – How to steal $25 Billion with a few lines of code

19/05/2016 16:55:10

The security researcher Sathya Prakash discovered that the critical vulnerabilities reside in the mobile banking application used by the bank customers....

Vulnerability Alert: ImageMagick Remote Code Execution Vulnerability (CVE-2016-3714)

06/05/2016 16:50:19

On Tuesday, May 3 2016, ImageMagick announced a zero-day vulnerability (CVE-2016-3714) in the ImageMagick software. The attacker can exploit the vulnerability to execute arbitrary code remotely, intercept important information and take over the servers eventually....

Struts2 was exposed high-risk vulnerability, NGAF will protect you !

27/04/2016 10:25:03

Struts2 was exposed high risk vulnerability s2-032, CVE-2016-3081, attackers could execute arbitrary remote commands through this vulnerability.The financial industry has become the hardest hit by this vulnerability for the moment,other web site which uses Struts2 open source framework should do the security work in time....

Locky Ransomware Virus

30/03/2016 10:30:03

Locky ransomware virus often spreads via emails and malicious links to Trojans. Once the file infected with the Locky virus is downloaded, it runs automatically and deletes the ransomware sample to evade anti-virus detection. Then, the Locky virus leverages Internet access permission to connect to the C&C server controlled by a hacker in order to upload information from infected endpoint devices and download a private key from the C&C server, which will be written into the registry. Therefore, files in all local disk drives will be traversed and encrypted, and texts will be presented in desktop to tell victims to pay the ransom (using BitCoins in most cases)....

Our Social Networks

Global Service Center: