Security News > 2016 > May > Web servers and sites under attack via ImageMagick zero-day flaw (Help Net Security)
2016-05-04 15:33
A zero-day remote code execution flaw has been found in ImageMagick, an image processing library that allows image uploads from untrusted users (site visitors) and is widely used by web services (social media, blogging sites, etc.). The flaw (CVE-2016–3714) is extremely easy to take advantage of – a booby-trapped image file that carries the exploit that will force the ImageMagick software to run malicious code on the server will do the trick. What’s more, it … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/NR37MxWM2I4/
Related news
- Over 3 million mail servers without encryption exposed to sniffing attacks (source)
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Over 660,000 Rsync servers exposed to code execution attacks (source)
- FTC orders GoDaddy to fix poor web hosting security practices (source)
- Balancing usability and security in the fight against identity-based attacks (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)