Security News > 2016 > May > Web servers and sites under attack via ImageMagick zero-day flaw (Help Net Security)

A zero-day remote code execution flaw has been found in ImageMagick, an image processing library that allows image uploads from untrusted users (site visitors) and is widely used by web services (social media, blogging sites, etc.). The flaw (CVE-2016–3714) is extremely easy to take advantage of – a booby-trapped image file that carries the exploit that will force the ImageMagick software to run malicious code on the server will do the trick. What’s more, it … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/NR37MxWM2I4/
Related news
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)