Security News > 2016 > May > Web servers and sites under attack via ImageMagick zero-day flaw (Help Net Security)
2016-05-04 15:33
A zero-day remote code execution flaw has been found in ImageMagick, an image processing library that allows image uploads from untrusted users (site visitors) and is widely used by web services (social media, blogging sites, etc.). The flaw (CVE-2016–3714) is extremely easy to take advantage of – a booby-trapped image file that carries the exploit that will force the ImageMagick software to run malicious code on the server will do the trick. What’s more, it … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/NR37MxWM2I4/
Related news
- Rackspace internal monitoring web servers hit by zero-day (source)
- Companies mentioned on the dark web at higher risk for cyber attacks (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Mozilla fixes Firefox zero-day actively exploited in attacks (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)