Error message

  • Deprecated function: implode(): Passing glue string after array is deprecated. Swap the parameters in drupal_get_feeds() (line 394 of /home/cay45lq1/public_html/includes/common.inc).
  • Deprecated function: The each() function is deprecated. This message will be suppressed on further calls in menu_set_active_trail() (line 2405 of /home/cay45lq1/public_html/includes/menu.inc).

Technology

New forum topics

A critical security flaw in Apache Struts is under attack, so patch now

TechRadar News - Wed, 12/18/2024 - 09:10
  • Security researchers warn an Apache Struts 2 flaw is being actively exploited
  • The attack surface is relatively big, with companies worldwide possible affected
  • A patch is available, and users are urged to apply it

A critical vulnerability in the Apache Struts 2 application framework is now under active exploitation, security researchers have warned, urging users to apply the patch or run the latest version as soon as possible.

Apache Struts 2 is an open source web application framework for developing Java-based web applications. It aims to simplify the creation of interactive web applications and is often used by large enterprises and government agencies.

Apache recently reported finding a “file upload logic” flaw in versions 2.0.0 to 2.3.37, 2.5.0 to 2.5.33, and 6.0.0 to 6.3.0.2. Versions 6.4.0 and 7.0.0 were deemed safe. The bug is tracked as CVE-2024-53677, and has a severity score of 9.5/10 (critical), since it can be used to manipulate upload parameters, and thus enable path traversal. As a result, malicious actors can upload arbitrary files into restricted directories, enabling remote code execution (RCE), and thus data theft and system takeover.

Patching the flaw

Apache has released a patch for the flaw, but at the same time, a proof-of-concept (PoC) exploit was made publicly available.

The bare minimum users should do is upgrade to version 6.4.0, since this one does not use the flawed Struts' File Upload Interceptor component.

In their writeup, cybersecurity researchers from Vulcan stressed Apache Struts flaws were “prime targets for attackers”, reminding their readers about the Equifax breach from 2017, which was attributed to a similar flaw. They also said that Struts 2 has significant download volume - roughly 300,000 monthly requests - meaning the attack surface is quite large.

Finally, they said CISA already added multiple Struts RCE flaws to its Known Exploited Vulnerabilities (KEV) catalog.

Via The Register

You might also like
Categories: Technology

The Best Way to Keep Mice Away, According to a Rodent Research Director

CNET News - Wed, 12/18/2024 - 09:00
Laura Dillard is a rodent's worst enemy. We asked her about the best ways to stop mice from getting in and tips for trapping them when they breach a boundary.
Categories: Technology

High Performance, Ultra Luxury: This Year's Best Concept Cars video

CNET News - Wed, 12/18/2024 - 08:41
We round up the best favorite, most electrifying concept cars of 2024. From ultra-luxury icons to autonomous coupes to an all-electric, tire-smoking drifting machine, each gives us a different vision of the future of automotive technology.
Categories: Technology

Your Fancy Wine Could Well Be Fake. Some Are Hoping to Sniff Out a Solution

WIRED Top Stories - Wed, 12/18/2024 - 08:30
One fifth of all wine sold worldwide could be fake. Now tech similar to similar MRI scans and gas-smelling, aroma-analyzing equipment might yield the answer.
Categories: Technology

FTC's Junk Fees Ban for Tickets and Travel to Go Into Effect by Next Summer

CNET News - Wed, 12/18/2024 - 08:16
The commission says the new rules will save people time and money, with more transparent pricing and fewer hidden fees.
Categories: Technology

I Took a Nap on Demand, Thanks to This $350 Headband

CNET News - Wed, 12/18/2024 - 08:14
Elemind uses artificial intelligence to read your brain waves and responds in real-time to help you fall asleep.
Categories: Technology

Petkit Purobot Ultra Review: Taking Litter Boxes to the Next Level

WIRED Top Stories - Wed, 12/18/2024 - 08:04
The world's first AI-powered automatic litter box dares to ask the question: What does it look like inside the box when my cat poops?
Categories: Technology

If You’re Quick You Can Get the Roku Express 4K Plus at Its Lowest-Ever Price

CNET News - Wed, 12/18/2024 - 08:03
If you want to upgrade your TV with better access to your favorite streaming services, then you should move quickly to get this media streamer for just $22.
Categories: Technology

Black Mirror star looks unrecognizable in new images for gritty Hulu show A Thousand Blows

TechRadar News - Wed, 12/18/2024 - 08:00

A Thousand Blows is looking like it'll be even more of a knockout new show when it arrives on Hulu in the US and Disney Plus internationally next year, following the release of new artwork.

Alongside the reveal of the new images (see above and below), which show BAFTA award-wining actor Malachi Kirby playing the boxer Hezekiah Moscow aka 'Ching Hook', Disney also confirmed that the show will premiere on February 21, 2025, which means it'll arrive two days after the new Pixar series Win or Lose debuts.

With such a stacked February lineup, it's probably safe to assume that our best Disney Plus shows and best Hulu shows guides will be in need of an overhaul.

(Image credit: Disney; Robert Viglasky)

A Thousand Blows is made by Peaky Blinders creator Steven Knight, so you can count on it to fill that British period drama-shaped hole in your life when it arrives, because (yes, you guessed it) it's another period piece, centered around the world of boxing in Victorian London this time.

While the show is fictionalized, it's loosely based on the real lives of a group of East Londoners in the 1880s, who find themselves in the criminal underbelly of a bare-knuckle boxing scene. Such a setting requires a gritty cast that can pull it off and Kirby looks fighting ready in the new images.

According to Disney's plotline for the show, Hezekiah Moscow will find fortune and fame in the boxing ring but his new-found attention also attracts an infamous crime leader Mary Carr (Erin Doherty) and self-declared leader of East London boxing Sugar Goodson (Stephen Graham), who sets out to exploit him.

With such a talented cast onboard, I can't wait to stream A Thousand Blows when it arrives on Disney Plus in the UK on February 16, 2025.

You might also like
Categories: Technology

Best Internet Providers in Houston

CNET News - Wed, 12/18/2024 - 07:45
Find the fastest broadband speeds and most affordable pricing with the best internet providers in Houston.
Categories: Technology

40 Techy Gifts Under $100 That We Tested and Love

WIRED Top Stories - Wed, 12/18/2024 - 07:34
Score a great gift for everyone on your list without breaking the bank. Every one of these gifts comes WIRED-recommended.
Categories: Technology

I Found the Best Price of 2024 on Anker's Prime Power Bank Just in Time for the Holidays

CNET News - Wed, 12/18/2024 - 07:24
Nab yourself or someone you love this powerful 20,000-mAh capacity multipoint charger for just $78 with this hefty 40% discount.
Categories: Technology

Best Essential Oil Diffusers for 2024

CNET News - Wed, 12/18/2024 - 07:13
The right essential oil diffuser can elevate your space with pleasant scents and wellness benefits. Here's our CNET-tested best.
Categories: Technology

Forget an iPhone Flip. I Want a Foldable iPad Instead

CNET News - Wed, 12/18/2024 - 07:00
Commentary: A foldable iPad would feel like an evolution of Apple's tablet, unlike foldable phones which can feel like two experiences crammed together.
Categories: Technology

What Will a Government Shutdown Mean for Your Benefits and Services?

CNET News - Wed, 12/18/2024 - 07:00
Congress has until Friday to approve funding for the federal government before it shuts down. But what would a shutdown actually mean for you and your family?
Categories: Technology

16 Anime Shows and Movies You Need to Watch Before the End of 2024

CNET News - Wed, 12/18/2024 - 07:00
It's not too late to watch some of this year's top fantasy, action and comedy anime releases.
Categories: Technology

I Tried AI to See How I'll Age. It Wasn't as Bad as I Expected

CNET News - Wed, 12/18/2024 - 07:00
Will using AI lead me to Botox or towards more natural treatments?
Categories: Technology

Best Cheap VPN for 2024: Privacy on a Budget

CNET News - Wed, 12/18/2024 - 07:00
Discover the best cheap VPNs for 2024. Enjoy top privacy features without breaking the bank. Keep your online activities private today.
Categories: Technology

Pro Tips: The Best Way to Charge Your Wireless Camera Batteries

CNET News - Wed, 12/18/2024 - 07:00
Get the best results for your wireless camera by charging it the right way -- and getting more battery life.
Categories: Technology

AT&T Internet Air Review: How Does This 5G Home Broadband Service Stack Up?

CNET News - Wed, 12/18/2024 - 07:00
AT&T's latest internet offering uses 5G to get you online. Should you try it out? CNET has the details.
Categories: Technology

Pages

Subscribe to The Vortex aggregator - Technology