Apache Struts2 Remote Code Execution Vulnerability (S2-045)

Overview Apache Struts2 is prone to a remote code execution vulnerability (CNNVD-201703-152) in the Jakarta Multipart parser plug-in. When uploading a file with this plug-in, an attacker could change the value of the Content-Type header field of an HTTP request to trigger this vulnerability, causing remote code execution. For details, […]

Shamoon 2: Back On the Prowl

Authors: Stephen Gates, Chief Research Intelligence Analyst & Cody Mercer, Senior Intelligence Threat Researcher Overview From reports in late January 2017, the Shamoon malware is back. Shamoon wipes the disks of computers infected with the malware. Apparently a new Shamoon variant prompted Saudi Arabia telecoms authority to issue a warning on […]

Overview & Analysis of a Threat Intelligence Ecosystem

Threat Analysis

Authors: Richard Zhao, CTO & Cody Mercer, Senior Intelligence Threat Researcher Security Event Investigation and Threat Intelligence Over a year ago I purposed the three main tenants encompassing a successful Threat Intelligence framework: Define a system infrastructure for security event disclosure and case analysis. Clearly delineate security disclosure responsibilities to respective […]