Thursday September 14, 2017

Hackers Who Broke into Equifax Exploited Flaw in Open-Source Server Software

Equifax is blaming its failures on a vulnerability in a popular open-source software package called Apache Struts, which is a programming framework for building web applications in Java: the company says that hackers exploited the bug to break into its server in mid-May, even though a patch for the vulnerability was released months earlier.

News Image

Apache Struts has been widely used by companies and government agencies for years. It’s currently in use by at least 65% of Fortune 100 companies, according to researchers who discovered a separate vulnerability in the software in early September. "Organizations like Lockheed Martin, the IRS, Citigroup, Vodafone, Virgin Atlantic, Reader’s Digest, Office Depot, and SHOWTIME are known to have developed applications using the framework," the researchers wrote in a blog post. "This illustrates how widespread the risk is."

Ongoing Discussion