Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Most of the Fortune 100 still use flawed software that led to the Equifax breach

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 30 Jan 2019 06:32:29 +0000 (UTC)
https://techcrunch.com/2019/01/29/flawed-software-equifax/

By Zack Whittaker
TechCrunch
January 29, 2019
Almost two years after Equifax's massive hack, the majority of Fortune 100 companies still aren't learning the lessons of using vulnerable software.
In the last six months of 2018, two-thirds of the Fortune 100 companies downloaded a vulnerable version of Apache Struts, the same vulnerable server software that was used by hackers to steal the personal data on close to 150 million consumers, according to data shared by Sonatype, an open-source automation firm.
That's despite almost two years' worth of patched Struts versions being released since the attack.
Sonatype wouldn't name the Fortune 100 firms that had downloaded the vulnerable software, nor was it clear what the software was used for. Sonatype did say that the companies included more than half of the 26 financial and 19 energy companies, and more than half of all healthcare and technology companies.
In all, more than 18,000 businesses downloaded vulnerable versions of Struts, the company said. 

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: