In September of 2017, Equifax announced that extremely sensitive data, including social security numbers and driver’s license information, had been exfiltrated by hackers via the Apache Struts framework used to develop the credit rater’s website – a framework that powers thousands of large enterprises’ websites as well. Given the scope of the damage enabled by criminal possession of the data, the potential consequences to consumers and banks, and the costs of remediation, are staggering. What’s tragic is that the same attack method used to exploit this vulnerability as a zero-day could also be used to exploit a . . .
From the Fall 2017 Issue
Leave a Comment