In March 2017, the US-CERT (U.S. Computer Emergency Readiness Team) alerted businesses to a new critical security vulnerability found in Apache Struts, an open-source framework used to build Java web applications, and encouraged those using a vulnerable version of the software to immediately update to a new version for free. One business US-CERT alerted was Equifax, a consumer-reporting agency in the U.S. that offers credit reporting and other services. Unfortunately, despite some haphazard attempts by Equifax to address the problem, the vulnerability remained unpatched for several months.
The post Equifax Settlement Is a Cautionary Tale appeared first on Connected World.