Related Posts
Beware of Sophisticated Phishing Campaigns That Attack Hotel Guests
Beware of Sophisticated Phishing Campaigns That Attack Hotel Guests
Phishing is a common cyberattack technique that involves tricking users into clicking on malicious links, downloading malicious attachments, or entering sensitive information on fake websites.
Phishing can affect anyone who uses the internet, but some groups are more vulnerable than others. One such group is hotel guests, who may be targeted by a sophisticated phishing campaign that exploits their trust in online booking services.
According to a report by Akamai, a security vendor, this phishing campaign involves a multi-stage attack that first compromises the hotel’s network and then contacts the hotel’s customers through the booking site’s messaging platform.
The attacker pretends to be the hotel and asks the customer to re-confirm their credit card details by clicking on a link that leads to a phishing page. The phishing page looks identical to the booking site’s payment page and collects the customer’s personal and financial information.
The report says that this phishing campaign has been active for at least four years and has targeted hotels, booking sites, and travel agents in various regions, especially in Asia.
In the context of cyber attacks, the perpetrator may employ a combination of basic and advanced techniques such as exploiting zero-day vulnerabilities, creating fraudulent digital certificates, and manipulating emotions.
These methods can be highly effective in achieving the attacker’s objectives and can pose significant risks to the targeted organization or system. It is important for businesses and individuals to remain vigilant and take proactive measures to mitigate these threats.
Document
FREE Demo
Deploy Advanced AI-Powered Email Security Solution
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
The attacker also deletes any traces of their activity after stealing the data and avoids targeting the same victim twice.
The report warns that this phishing campaign poses a serious threat to hotel guests, who may lose their personal data, sensitive information, and intellectual property to the attacker.
Hotel guests are advised to exercise caution and remain vigilant when receiving messages from hotels or booking sites. It is especially important to be wary of urgent requests or payment confirmation requests, according to the report.
To ensure the authenticity of messages, the report recommends several measures. These include verifying the sender’s email address, scrutinizing for any typos or grammatical errors, hovering over links to reveal their exact URL, and reaching out to the hotel or booking website for direct confirmation of the request.
According to the report, the phishing campaign showcases the advancement and complexity of phishing attacks. These attacks can take advantage of any possible avenue or weakness to infiltrate individuals who are not aware of the threat.
It is recommended in the report that individuals utilizing hotel amenities, as well as those browsing the internet, remain vigilant and knowledgeable about the indications of phishing. Additionally, reliable security measures and tools should be implemented to ensure online safety.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.
The post Beware of Sophisticated Phishing Campaigns That Attack Hotel Guests appeared first on Cyber Security News.
Cyber Security News
1,718,000+ Apache Struts 2 Installation Open to RCE Attacks
1,718,000+ Apache Struts 2 Installation Open to RCE Attacks
Threat actors target Apache Struts 2 due to vulnerabilities in its code that can be exploited for unauthorized access to web applications.
Exploiting these vulnerabilities allows attackers to execute arbitrary code that could lead to full system compromise.
As Apache Struts 2 is widely used in web development, successful attacks can impact many applications, making it an attractive target for those seeking widespread exploits and data breaches.
Cybersecurity researchers at CYFIRMA Research recently discovered more than 1,718,898 Apache Struts 2 installations are open to RCE (Remote code execution) attacks.
The RCE flaw was tracked as “CVE-2023-50164” by security analysts, and this flaw enables threat actors to perform remote code execution and file upload attacks.
Document
Free Webinar
Fastrack Compliance: The Path to ZERO-Vulnerability
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.
Flaw profile
Vulnerability Type: Unauthenticated Remote Code Execution (RCE) via Apache Struts File Upload
CVE ID: CVE-2023-50164
CVSS Severity Score: 9.8 (Critical)
Application: Apache Struts 2
Impact: Allows unauthenticated attackers to execute arbitrary code by exploiting a file upload vulnerability
Severity: Critical
Affected Versions: Multiple versions of Apache Struts 2 are impacted; refer to the link
Patch Available: Yes
Technical analysis
Apache Struts 2 faces a major threat with CVE-2023-50164, which lets attackers execute code and upload malicious files.
CYFIRMA researchers exposed the flaw’s severity and tied it to a file upload weakness in the framework, posing serious security risks.
Exploiting this critical RCE vulnerability endangers system integrity and confidentiality and opens doors to data breaches.
Security experts highlight the exploit’s reliance on HTTP parameter case sensitivity that enables the threat actors to manipulate the variables that are critical in nature.
However, the Apache team responds strategically to a vulnerability by introducing equalsIgnoreCase() method, countering case sensitivity manipulation in recent commits.
The enhancement aims to strengthen the Apache Struts against parameter pollution leading to path traversal exploits. The vulnerability in AbstractMultiPartRequest.java allows the persistence of path traversal payloads.
The concerns also involve handling of the oversized temporary files during uploads which could pose a serious persistence threat.
Apache introduced a crucial commitment to counter the risks, ‘Always delete uploaded file,’ this ensures consistent removal of temporary files and also blocks the avenues for persistent attacks.
The commitment reflects proactive measures to address security concerns. Besides this, the recent code changes also affirm Apache’s commitment to enhancing framework security.
Apply Apache Struts 2 updates as soon as possible to mitigate the “CVE-2023-50164” flaw. Boost defense with custom rules, file upload monitoring, and improved firewall settings. Make sure to act promptly to stop any unauthorized access and code execution.
Try Kelltron’s cost-effective penetration testing services to evaluate digital systems security. Free demo available.
The post 1,718,000+ Apache Struts 2 Installation Open to RCE Attacks appeared first on Cyber Security News.
Cyber Security News