Application Heal Thyself
More is the word of the day: more software with more flaws that can be exploited by more attackers. In March and April, multiple events left cybersecurity teams scrambling to address real and potential attacks:
- March 6, 2017 — The Apache Foundation announces a previously undiscovered flaw in one of the most commonly used web application frameworks, Struts 2. The vulnerability dates to 2012. Two weeks later, several variations of the new attack vector are announced.
- April 06, 2017 — the first public reporting of a Struts 2 attack when malicious hackers use the new exploit to deliver ransomware targeting Windows servers.
- April 18, 2017 — Oracle announces the largest quarterly Critical Patch Update in the company’s history: 299 patches cover a variety of vulnerabilities including some known for years.
- April 27, 2017 — Verizon’s 10th Annual Breach Report states healthcare is the second most attacked sector and successful ransomware attacks doubled in 2016.
The common threads across each of these events: flawed third-party software code and the widespread use of vulnerable code.
via DZone.com Feed https://dzone.com
May 18, 2017 at 07:39AM