The recent breach of Equifax, resulting in the theft of data from 143 million customers, is confirmed to have been caused by the exploitation of a known vulnerability on Apache Struts 2 (CVE-2017-5638). The attack started more than two months after the fix for the vulnerability had been available, and Equifax came public with the story four months after the initial attack. Breakdowns in Vulnerability Management is a good example of why we see breaches. Many continue to see it as the management of hardware and configuration vulnerabilities, while software vulnerabilities remain undetected and open for hackers to exploit. Gaps in vulnerability management processes are certainly one of the main causes for the high number of high profile breaches we see exploiting old, well-known, vulnerabilities. Read the full Blog, The Equifax Breach and the tale “The Emperor’s New Clothes” by Flexera’s Product Marketing Manager here.
Categories: Climb News