Application Heal Thyself

Application Heal Thyself

More is the word of the day: more software with more flaws that can be exploited by more attackers. In March and April, multiple events left cybersecurity teams scrambling to address real and potential attacks:

  • March 6, 2017 — The Apache Foundation announces a previously undiscovered flaw in one of the most commonly used web application frameworks, Struts 2. The vulnerability dates to 2012. Two weeks later, several variations of the new attack vector are announced.
  • April 06, 2017 — the first public reporting of a Struts 2 attack when malicious hackers use the new exploit to deliver ransomware targeting Windows servers.
  • April 18, 2017 — Oracle announces the largest quarterly Critical Patch Update in the company’s history: 299 patches cover a variety of vulnerabilities including some known for years.
  • April 27, 2017 — Verizon’s 10th Annual Breach Report states healthcare is the second most attacked sector and successful ransomware attacks doubled in 2016.

The common threads across each of these events: flawed third-party software code and the widespread use of vulnerable code.


via Feed

May 18, 2017 at 07:39AM


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s