Enlarge / One of two publicly available exploits for a critical Apache Struts vulnerability. (credit: Kevin Beaumont ) In a string of attacks that have escalated over the past 48 hours, hackers are actively exploiting a critical vulnerability that allows them to take almost complete control of Web servers used by banks, government agencies, and large Internet companies. The code-execution bug resides in the Apache Struts 2 Web application framework and is trivial to exploit. Although maintainers of the open source project patched the vulnerability on Monday , it remains under attack by hackers who are exploiting it to inject commands of their choice into Struts servers that have yet to install the update, researchers are warning. Making matters worse, at least two working exploits are publicly available. “If you run it against a vulnerable application, the result will be the remote execution of commands with the user running the server,” Vicente Motos wrote of one of the exploits in a post published late Wednesday afternoon on the Hack Players website. “We have dedicated hours to reporting to companies, governments, manufacturers, and even individuals to patch and correct the vulnerability as soon as possible, but the exploit has already jumped to the big pages of ‘advisories,’ and massive attempts to exploit the Internet have already been observed.” Read 8 remaining paragraphs | Comments
Originally posted here:
Critical vulnerability under “massive” attack imperils high-impact sites [Updated]
prisoninmate quotes a report from Softpedia: Back in January, we told you that the development of the Mozilla Firefox 52.0 kicked off with the first Beta release and promised to let users send and open tabs from one device to another, among numerous other improvements and new features. Nine beta builds later, Mozilla has pushed today, March 7, the final binary and source packages of the Mozilla Firefox 52.0 web browser for all supported platforms, including GNU/Linux, macOS, and Windows. The good news is that Firefox 52.0 is an ESR (Extended Support Release) branch that will be supported until March-April 2018. Prominent features of the Mozilla Firefox 52.0 ESR release include support for the emerging WebAssembly standard to boost the performance of Web-based games and apps without relying on plugins, the ability to send and open tabs from one device to another, as well as multi-process for Windows users with touchscreens. With each new Firefox release, Mozilla’s developers attempt to offer new ways to improve the security of the widely-used web browser across all supported platforms. Firefox 52.0 ESR implements a “This connection is not secure” warning for non-secure pages that require user logins, along with a new Strict Secure Cookies specification. Read more of this story at Slashdot. 
An anonymous reader shares a Quartz report: Annoying pauses in your streaming movies are going to become less common, thanks to a new trick Netflix is rolling out. It’s using artificial intelligence techniques to analyze each shot in a video and compress it without affecting the image quality, thus reducing the amount of data it uses. The new encoding method is aimed at the growing contingent of viewers in emerging economies who watch video on phones and tablets. “We’re allergic to rebuffering, ” said Todd Yellin, a vice president of innovation at Netflix. “No one wants to be interrupted in the middle of Bojack Horseman or Stranger Things.” Yellin hopes the new system, called Dynamic Optimizer, will keep those Netflix binges free of interruption when it’s introduced sometime in the next “couple of months.” He was demonstrating the system’s results at “Netflix House, ” a mansion in the hills overlooking Barcelona that the company has outfitted for the Mobile World Congress trade show. In one case, the image quality from a 555 kilobits per second (kbps) stream looked identical to one on a data link with half the bandwidth. Read more of this story at Slashdot.