The week in security: Warnings on exploits as malware Struts its stuff

Plans to collect and analyse large volumes of performance data for operational benefit are nothing new, but logistics of managing so much data have proven problematic in the past.

For national wholesale network operator nbn, however, smarter use of data has helped it turn 20TB to 30TB of daily network data into a proactive tool for managing network congestion and identifying security and other issues before they happen.

With the strength of Google behind it, file-scanning site VirusTotal was the natural choice for the US Department of Defence’s submission of its first two malware samples – the Russia-linked LoJack.

A vulnerability within Struts 2.3 was flagged as using a file-upload library that had a two-year-old remotely exploitable security flaw, Adobe warned – posing problems for anyone using the platform.

Cisco’s search for the bug had turned up yet another exploit for the firm, with the DIRTY CoW exploit creating lingering problems for users of its vulnerable switches.

The proliferation of unknown exploits can wreak havoc on victim networks – as Canada’s St Francis Xavier University learned after an infection by a cryptocurrency miner began using so much CPU power that the university had to shut down its entire network.