• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 22nd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News

Equifax Hack Blamed on a Flaw in Apache Struts Framework

September 12th, 2017 Carolina Hacking News, Security 0 comments
Equifax Hack Blamed on a Flaw in Apache Struts Framework
Share on FacebookShare on Twitter

A flaw in Apache Struts framework caused Exposure of Personal Data of 143 million Equifax customers.

Equifax, a credit security agency suffered a massive data breach in July this year in which personal information of about 143 million American consumers was exposed. For this, the firm is also facing a billion dollar lawsuit.

Now, according to findings of the Baird Equity Research Report [PDF], the breach was the result of security vulnerability in the Apache Struts framework, an open source Model-View-Controller (MVC) framework that helps in building Java Web applications. The data exposed in this breach included name, date-of-birth, residential address and Social Security Number.

According to blog post by Jeff Williams, co-founder, and CTO of Contrast Security, the Struts vulnerability can either be CVE-2017-5638 (which was made public back in March 2017) or the recently exposed CVE-2017-9805 but he assumed it to be the former as it is much easier to exploit and his company has observed widespread use of CVE-2017-5638 over the past few months.

Williams noted that as it is the norm, organizations took a long time, well over four months, to learn to deal with the CVE-2017-5638 because even in the leading organizations the gap between identification of a flaw and updating the applications is spread over months. That’s why it isn’t surprising that massive breaches are happening and the leading cause is Web application attacks.

“The *average* Web application or API has 26.7 serious vulnerabilities. That is a staggering, unbelievable number. And organizations often have hundreds, thousands, or even tens of thousands of applications,” wrote Williams.

On the other hand, Rene Gielen, vice president at Apache Struts, states that the team behind Struts induces great effort in “securing and hardening the software” and always try to fix problems as soon as they are identified.

However, Gielen urges that in order to prevent breaches like Equifax it is important for users to be sure about the supporting frameworks and libraries that are embedded in the software products they are using and also to keep themselves updated about the latest security announcements that might affect those products.

Furthermore, users must always update supporting frameworks to ensure that there is speedy security fix in place for the vulnerable products. It is important because a majority of breaches take place because of failure in updating software components that have been identified as vulnerable to exploitation.

In an email conversation with HackRead.com, Alex Smith, Director of Security Products at Intermedia said “While the scale of the Equifax breach doesn’t reach the heights of some previous breaches, such as Yahoo, it is by far the most invasive when you look at all the sensitive personal data accessed. Impacting 143 million consumers touches well over 50 percent of American’s that rely on bank loans and credit scoring.

This latest breach could have wide-reaching implications for how Americans identify themselves in the future, such as when applying for banking and credit services – simply knowing a name, date of birth, address and social security number shouldn’t ever be enough. This breach could finally be the security wakeup call the US needs to widely adopt digital identity tokens, and potentially a digital national identity scheme similar to other countries such as Belgium.”

[fullsquaread][/fullsquaread]

  • Tags
  • breach
  • Cyber Attack
  • Cyber Crime
  • Data
  • Equifax
  • hacking
  • internet
  • Privacy
  • security
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Bashware lets malware evade detection by exploiting Windows 10' Linux Shell
Next article Sex Robots Can Be Hacked To Kill You
Carolina

Carolina

Carolina works for HackRead as a technical writer. She is a Brazilian traveller who has been to almost every country around the world. She has a keen interest in technology, gadgets and social media.

Related Posts
Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Shazam Vulnerability exposed location of Android, iOS users
Security

Shazam Vulnerability exposed location of Android, iOS users

44
Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet
Security

Ongoing 'FreakOut' malware attack turns Linux devices into IRC botnet

79
Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping
Security

Signal, Google Duo, FB Messenger vulnerabilities allowed eavesdropping

104

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us