Godlike Productions - Conspiracy Forum
Users Online Now: 1,103 (Who's On?)Visitors Today: 17,807
Pageviews Today: 28,128Threads Today: 8Posts Today: 243
12:26 AM


Rate this Thread

Absolute BS Crap Reasonable Nice Amazing
 

Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw

 
Zer0pi3.14
Offer Upgrade

User ID: 8743788
United States
09/14/2017 11:01 AM
Report Abusive Post
Report Copyright Violation
Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw
Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw


"The massive Equifax data breach that exposed highly sensitive data of as many as 143 million people was caused by exploiting a flaw in Apache Struts framework, which Apache patched over two months earlier of the security incident, Equifax has confirmed.

Credit rating agency Equifax is yet another example of the companies that became victims of massive cyber attacks due to not patching a critical vulnerability on time, for which patches were already issued by the respected companies.

Rated critical with a maximum 10.0 score, the Apache Struts2 vulnerability (CVE-2017-5638) exploited in the Equifax breach was disclosed and fixed by Apache on March 6 with the release of Apache Struts version 2.3.32 or 2.5.10.1.

This flaw is separate from CVE-2017-9805, another Apache Struts2 vulnerability that was patched earlier this month, which was a programming bug that manifests due to the way Struts REST plugin handles XML payloads while deserializing them, and was fixed in Struts version 2.5.13.

Right after the disclosure of the vulnerability, hackers started actively exploiting the flaw in the wild to install rogue applications on affected web servers after its proof-of-concept (PoC) exploit code was uploaded to a Chinese site.

Despite patches were made available and proofs that the flaw was already under mass attack by hackers, Equifax failed to patched its Web applications against the flaw, which resulted in the breach of personal data of nearly half of the US population."


Full Article:
[link to thehackernews.com (secure)]
Zer0pi3.14  (OP)

User ID: 8743788
United States
09/14/2017 11:33 AM
Report Abusive Post
Report Copyright Violation
Re: Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw
So basically this was a known flaw which which hackers were actively using.. and a patch was out to fix it about 2 months prior(March 6th) to the breach occurring.

Pretty retarded.
Zen & Zi

User ID: 74550956
United States
09/14/2017 11:42 AM
Report Abusive Post
Report Copyright Violation
Re: Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw
It's intentional.

I'd bet this a fucked up financial gain strategy actually.

Ok, they're in the dog house now - but this is how it works...

Millions will rush to put a free initial lock on their credit. It costs around $7 - $10 to then unlock it so a creditor can see it (if you apply for a loan/credit/etc.) Then you have to pay the same amount to re-lock your credit.

Not to mention the millions that will now sign up for their credit protection program. Sure, it's free at first, but that monitoring service will expire.

Ka-Ching!
“Luck is what happens when preparation meets opportunity.” ~Seneca

You can lead the Democrats to knowledge, but you can't make them think.
Zer0pi3.14  (OP)

User ID: 8743788
United States
09/16/2017 10:33 AM
Report Abusive Post
Report Copyright Violation
Re: Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw
bump
Anonymous Coward
User ID: 2319529
United States
09/19/2017 06:02 PM
Report Abusive Post
Report Copyright Violation
Re: Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw
bump
Anonymous Coward
User ID: 75557157
United States
09/20/2017 09:29 PM
Report Abusive Post
Report Copyright Violation
Re: Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw
Someone Made a Fake Equifax Site. Then Equifax Linked to It.

[link to www.nytimes.com (secure)]

For weeks, Equifax customer service has been directing victims to a fake phishing site

[link to www.theverge.com (secure)]
Anonymous Coward
User ID: 45545917
United States
09/20/2017 10:09 PM
Report Abusive Post
Report Copyright Violation
Re: Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw
Equifax Releases Details on Cybersecurity Incident, Announces Personnel Changes
9/15/17

ATLANTA — As part of the company’s ongoing review of the cybersecurity incident announced September 7, 2017, Equifax Inc. (NYSE: EFX) today made personnel changes and released additional information regarding its preliminary findings about the incident.

The company announced that the Chief Information Officer and Chief Security Officer are retiring. Mark Rohrwasser has been appointed interim Chief Information Officer. Mr. Rohrwasser joined Equifax in 2016 and has led Equifax’s International IT operations since that time. Russ Ayres has been appointed interim Chief Security Officer. Mr. Ayres most recently served as a Vice President in the IT organization at Equifax. He will report directly to the Chief Information Officer. The personnel changes are effective immediately.


[link to www.equifaxsecurity2017.com (secure)]
Zen & Zi

User ID: 74550956
United States
09/20/2017 10:20 PM
Report Abusive Post
Report Copyright Violation
Re: Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw
Someone Made a Fake Equifax Site. Then Equifax Linked to It.

[link to www.nytimes.com (secure)]

For weeks, Equifax customer service has been directing victims to a fake phishing site

[link to www.theverge.com (secure)]
 Quoting: Anonymous Coward 75557157


Incredible!

No one is this stupid. Like I said, this has to be intentional.
“Luck is what happens when preparation meets opportunity.” ~Seneca

You can lead the Democrats to knowledge, but you can't make them think.
Anonymous Coward
User ID: 44559546
Switzerland
09/20/2017 10:21 PM
Report Abusive Post
Report Copyright Violation
Re: Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw
They're stuck in the 90's