Aggregator

Service disruptions remain a critical concern for IT and business executives, with 88% of respondents saying they believe another major incident will occur in the next 12 months, according to PagerDuty. PagerDuty surveyed 1,000 IT and business executives who were director level and above, from the US, UK, Australia and Japan. Organizations must focus on preventing service disruptions 86% of executives surveyed now realize that they have been prioritizing security at the expense of readiness … More →

The post Service disruptions continue to blindside businesses appeared first on Help Net Security.

Managing cybersecurity and IT budgets is a critical element of organizational strategy. With increasing threats to data security, the rise of ransomware, and the need to protect IT infrastructure, organizations must invest wisely in cybersecurity to stay secure. This article shares key insights from cybersecurity budget surveys conducted in 2024. Despite massive security spending, 44% of CISOs fail to detect breaches Despite global information security spending projected to reach $215 billion in 2024, 44% of … More →

The post Cybersecurity spending trends and their impact on businesses appeared first on Help Net Security.

The mobile threat landscape continues to grow at an alarming rate as cybercrime groups shift their tactics and target mobile devices in the early stages of their attacks, according to a recent Lookout report. The report highlights insights behind a 17% increase QoQ (quarter on quarter) in enterprise-focused credential theft and phishing attempts, 32% increase QoQ in malicious app detections and a trend showing iOS devices are more exposed to phishing attacks than Android devices. … More →

The post iOS devices more exposed to phishing than Android appeared first on Help Net Security.

Apache 发布了一个安全更新，解决了 Tomcat Web 服务器中的一个重要漏洞，该漏洞可能导致攻击者实现远程代码执行。

Apache Tomcat 是一种开源 Web 服务器和 Servlet 容器，广泛用于部署和运行基于 Java 的 Web 应用程序。它为 Java Servlet、JavaServer Pages (JSP) 和 Java WebSocket 技术提供运行时环境。

该产品深受运行自定义 Web 应用程序的大型企业和依赖 Java 提供后端服务的 SaaS 提供商的欢迎。云和托管服务集成了 Tomcat 来进行应用程序托管，软件开发人员使用它来构建、测试和部署 Web 应用程序。

新版本中修复的漏洞被追踪为 CVE-2024-56337，并解决了 CVE-2024-50379 的不完整缓解措施，这是一个关键的远程代码执行 (RCE)，供应商已于 12 月 17 日发布了补丁。

人们意识到应用 CVE-2024-50379 的更新不足以保护系统，并决定发布 CVE-2024-56337强调手动操作的必要性。

这两个问题本质上是完全相同的漏洞，但决定使用新的 CVE ID 是为了提高受影响系统管理员的认识。该安全问题是一个检查时间使用时间 (TOCTOU) 竞争条件漏洞，该漏洞会影响启用默认 Servlet 写入（“只读”初始化参数设置为 false）并在不区分大小写的文件系统上运行的系统。

该问题影响 Apache Tomcat 11.0.0-M1 至 11.0.1、10.1.0-M1 至 10.1.33 以及 9.0.0.M1 至 9.0.97。用户应升级到最新的 Tomcat 版本：11.0.2、10.1.34 和 9.0.98。

解决该问题需要采取额外的步骤，根据所使用的 Java 版本，除了升级之外，用户还需要执行以下操作：

·对于 Java 8 或 11，建议将系统属性“sun.io.useCanonCaches”设置为“false”（默认值：true）。

·对于 Java 17，请确保“sun.io.useCanonCaches”（如果设置）配置为 false（默认值：false）。

·对于 Java 21 及更高版本，无需配置。该属性和有问题的缓存已被删除。

Apache 团队分享了即将推出的 Tomcat 版本（11.0.3、10.1.35 和 9.0.99）中的安全增强计划。

具体来说，Tomcat 将在不区分大小写的文件系统上启用默认 servlet 的写访问权限之前检查“sun.io.useCanonCaches”设置是否正确，并在可能的情况下将“sun.io.useCanonCaches”默认为 false。这些更改旨在自动实施更安全的配置，并降低 CVE-2024-50379 和 CVE-2024-56337 被利用的风险。