Security News > 2016 > May > Web servers and sites under attack via ImageMagick zero-day flaw (Help Net Security)
2016-05-04 15:33
A zero-day remote code execution flaw has been found in ImageMagick, an image processing library that allows image uploads from untrusted users (site visitors) and is widely used by web services (social media, blogging sites, etc.). The flaw (CVE-2016–3714) is extremely easy to take advantage of – a booby-trapped image file that carries the exploit that will force the ImageMagick software to run malicious code on the server will do the trick. What’s more, it … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/NR37MxWM2I4/
Related news
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
- Here's what happens if you don't layer network security – or remove unused web shells (source)
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- Zero-day data security (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- New Windows Server 2012 zero-day gets free, unofficial patches (source)