Collaborate Disseminate
I recently took a step back to review all the content we shared in 2017 on the Imperva blog. We covered a broad range of topics including data security, cloud migration, application and API security, AI and machine learning, cybersecurity research, GDP… Continue reading Imperva’s Top 10 Blogs of 2017
It sounded like the wake-up call to end all wake-up calls. Continue reading Will Equifax breach spur real reform? Don’t hold your breath
The internet isn’t ready for DNS sec, Netgear patches away, Whole Foods is the latest victim of a credit card breach, and more. Ferruh Mavituna and Sven Morgenroth of Netsparker join us to discuss Apache Struts vulnerability and the Equifax breach on this episode of Hack Naked News! News ICANN Postpones Scheduled DNS Crypto Key […]
The post ICANN, Duo Security, iPhone Hacking, and Whole Foods – Hack Naked News #143 appeared first on Security Weekly.
Continue reading ICANN, Duo Security, iPhone Hacking, and Whole Foods – Hack Naked News #143
Equifax data breach was bigger than initially reported, exposing highly sensitive information of more Americans than previously revealed.
Credit rating agency Equifax says an additional 2.5 million U.S. consumers were also impacted by the massive data… Continue reading Whoops, Turns Out 2.5 Million More Americans Were Affected By Equifax Breach
Oracle released fixes for a handful of recently patched Apache Struts 2 vulnerabilities late last week. Continue reading Oracle Patches Apache Struts, Reminds Users to Update Equifax Bug
Visa and MasterCard are sending confidential alerts to financial institutions across the United States this week, warning them about more than 200,000 credit cards that were stolen in the epic data breach announced last week at big-three credit bureau Equifax. At first glance, the private notices obtained by KrebsOnSecurity appear to suggest that hackers were first able to steal credit card numbers from Equifax starting in November 2016. But Equifax says the accounts were all stolen at the same time — when hackers accessed the company’s systems in mid-May 2017. Continue reading Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop
The attackers who breached Equifax managed to do so by exploiting a vulnerability in its US website, the company has finally confirmed. The vulnerability in question was Apache Struts CVE-2017-5638. A failure to implement available patch CVE-2017-5638 was flagged in March 2017. It was discovered and reported by Chinese developer Nike Zheng. It was quickly patched by the Apache Struts team, but the disclosure was followed by active attacks via two very reliable exploits that … More → Continue reading Equifax breach happened because of a missed patch
After Equifax massive data breach that was believed to be caused due to a vulnerability in Apache Struts, Cisco has initiated an investigation into its products that incorporate a version of the popular Apache Struts2 web application framework.
Apache… Continue reading Apache Struts 2 Flaws Affect Multiple Cisco Products
The Vice President of the Apache Struts PMC says the attackers likely used an unknown Struts zero day or an earlier announced vulnerability. Continue reading Apache Foundation Refutes Involvement in Equifax Breach
A critical vulnerability in Apache Struts, a popular open source framework for developing web applications, opens any server running an app built using it to remote attackers. It can be exploited easily, by sending a specially crafted web request to the application and, according to SANS ISC handler Adrien de Beaupre, a working exploit has already been spotted. About the vulnerability The flaw (CVE-2017-9805) was spotted during a static code analysis by researchers with software … More → Continue reading Easily exploitable Apache Struts vulnerability opens businesses to attack