News

Equifax did not fix Apache Struts leak after notification

By admin
Spread the love

In a Congressional hearing, former Equifax CEO Richard Smith explained how attackers managed to break into his company’s systems. After the company became aware of a vulnerability in Apache Struts, it was unable to fix it.

According to Smith’s statement, the American Cert had warned about the leak on March 8. An internal email then circulated within Equifax calling for patches to be applied. According to company policy, this should have been done within 48 hours, but it didn’t work out. It is unclear whether the vulnerability was not found or whether a patch failed to implement.

Scans were supposed to have been carried out on March 15 that should have revealed the vulnerability, but that did not happen then either. The leak remained hidden for the rest of that same month, Smith said. It was previously known that the hack on Equifax was carried out via the vulnerability in Apache Struts. The hackers gained access to the company’s network on May 13, according to Smith’s statement, which was detected on July 29 by intercepting suspicious network traffic.

Equifax also announced Monday that the hired security firm Mandiant has completed its investigation. This would show that the total number of potentially affected people increases by 2.5 million Americans, bringing it to 145.5 million people. The investigation would further reveal that there was no access to databases outside the US.

You might also like
News

EU Council determines position on security requirements for digital products

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Telegram has over 800 million active users and is not yet profitable

News

Sony and Microsoft sign agreement to keep Call of Duty on PlayStation

News

Valve releases major Team Fortress 2 update with community maps and new taunts

Exit mobile version