Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 23 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Hackers “Strut” in Again… And Equifax (and 143 million customers) is probably just the first to fall victim

by The Gurus
September 21, 2017
in Editor's News
Hacker sinister threat
Share on FacebookShare on Twitter

Here we go again: Yet another major breach exploiting a well-known vulnerability to which a patch was available long before the attack!
Criminals who potentially gained access to the personal data of up to 143 million Equifax costumers, exploited an Apache Struts CVE-2017-5638 vulnerability. The stolen data may include Social Security numbers, birth dates, driver’s licenses, addresses and 209,000 credit card numbers – all of which may now be putting these folks at identity theft risk for the rest of their lives.
Apache Struts is a widely used open source component – a framework for Web servers – used by companies in commercial and in-house systems to take in and serve up data. The use case of this open-source component makes it a prime target for cyberattacks.
The suspected vulnerability was disclosed on March 7 and the patch was available at the SAME time. But this is not a novelty. In fact, the availability of patches at the time of disclosure of vulnerabilities is a very common. According to Flexera Vulnerability Review 2017, patches were available at the time of disclosure for 81 percent of the vulnerabilities on 2016.
The real problem is that it takes users much longer to patch vulnerabilities than it takes hackers to start exploiting them. This is not an isolated case. Just remember the consequences of the WannaCry attacks back in May. These examples show that organisations continue to leave a wide-open window of opportunity for hackers to take advantage of.
The cause of this problem is that organisations aren’t prepared to act timely on vulnerabilities – and this is the important point which is probably being forgotten while the Equifax breach makes headlines: Equifax has already identified the breach and is taking care of it, but they are probably just the first known victims.
“Equifax is probably just the first known victim,” said Jeff Luszcz, Vice President of Product Management at Flexera.” Once a case like this hits the news, it ignites the fire in the cybercrime community and hackers start poking around for new opportunities. We should expect a long tail of incidents and breaches in the months – and potentially years – to come. As we still see attacks targeting Heartbleed, a vulnerability more than three years old.”
This episode is an important reminder for business leaders that it’s urgent to radically rethink the organisation’s vision of cybersecurity. The incidents we see day-in, day-out in the news reveal that it’s the neglection of basic security best practices and poor integration of security policies into operations processes that makes it easy for hackers to be successful in their attacks – and makes it hard for security professionals to stop the attacks.
“Patching this type of vulnerability is certainly not as simple as patching a desktop application,” said Kasper Lindgaard, Senior Director of Secunia Research at Flexera. “When it comes to vulnerabilities affecting the software supply chain, it’s important to align software design and engineering, operational and security requirements. This isn’t an easy task. However, the time frames of initial disclosure of the vulnerability and its patch on March 7 – up to two months before the first reported unauthorised access at Equifax, and the further delay of the actual detection of the breach on July 29 – currently indicates that the vulnerability was not handled with the priority that it should have. This is a common issue across industries that business leaders need to address rather sooner than later.”
This attack highlights the need for organisations to identify their risk windows and implement strategies to reduce the risks of a breach like the one affecting Equifax.
Flexera is uniquely positioned to help organisations, software suppliers and buyers address the challenges that give hackers these large windows of opportunity. The company enables them track the open source components in their systems, and provides timely vulnerability intelligence for understanding risk and prioritisation – with tools to simply the processes of remediation.

FacebookTweetLinkedIn
Tags: CybersecurityTechnology
ShareTweet
Previous Post

GLOBAL VODAFONE SURVEY SHOWS STRONG CYBER SECURITY HELPS BUSINESSES TO GROW

Next Post

Next-Gen Cloud Sandboxing Improves Malware Detection and Remediation

Recent News

The Journey to Secure Access Service Edge (SASE)

The Journey to Secure Access Service Edge (SASE)

September 22, 2023
WatchGuard

WatchGuard acquires CyGlass for AI-powered network anomaly detection

September 21, 2023
'open' sign on window ledge

SME Cyber Security – Time for a New Approach?

September 21, 2023
Keeper Security Logo

Keeper Security Named a Market Leader in Privileged Access Management (PAM) by Enterprise Management Associates

September 21, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information