On September 7, months after the Apache
Posted: Wed Feb 12, 2025 10:37 am
Apache Struts
The MS17-010 vulnerability that made WannaCry and NotPetya possible was not the only one in 2017 that had serious consequences.
On March 6, it was reported that the open-source Apache Struts system had a vulnerability that allowed remote code execution. It was assigned the designation CVE-2017-5638. Within days, it was already being actively exploited by attackers, despite the availability of a fix.
Struts vulnerability was announced, credit reporting agency Equifax reported that it had been the victim of a data breach involving 145.5 million Americans. The bureau cited Struts vulnerability CVE-2017-5638 as the root cause.
It is still not known why Equifax IT failed to patch the Struts vulnerability in its system before it was hacked.
Yahoo Crash
While the Equifax breach was widely publicized, the norway whatsapp data breach was reported by Yahoo on October 3, when the company announced that data on 3 billion of its users had been stolen in 2013.
Yahoo first publicly disclosed the theft in December 2016, saying at the time that 1 billion users were at risk. As of June 13, Yahoo is no longer an independent company and is now owned by Verizon in a $4.5 billion deal.
Cloud Security Breaches
This year has also seen a significant number of data thefts directly related to organizations leaving cloud storage open.
Verizon, the Republican National Committee, and Accenture were among the many organizations that accidentally left sensitive data in public clouds. In many cases, the root cause of the incidents was Amazon S3 storage buckets that were not configured to allow access only to authorized users.
Throughout 2017, Amazon took many steps to improve the security of S3, including the launch of a machine learning service called Macie that automatically detects when S3 stores information that can be linked to a specific person. Amazon also provides enhanced S3 configuration options to reduce the risk of inadvertently exposing sensitive data to the public.
The MS17-010 vulnerability that made WannaCry and NotPetya possible was not the only one in 2017 that had serious consequences.
On March 6, it was reported that the open-source Apache Struts system had a vulnerability that allowed remote code execution. It was assigned the designation CVE-2017-5638. Within days, it was already being actively exploited by attackers, despite the availability of a fix.
Struts vulnerability was announced, credit reporting agency Equifax reported that it had been the victim of a data breach involving 145.5 million Americans. The bureau cited Struts vulnerability CVE-2017-5638 as the root cause.
It is still not known why Equifax IT failed to patch the Struts vulnerability in its system before it was hacked.
Yahoo Crash
While the Equifax breach was widely publicized, the norway whatsapp data breach was reported by Yahoo on October 3, when the company announced that data on 3 billion of its users had been stolen in 2013.
Yahoo first publicly disclosed the theft in December 2016, saying at the time that 1 billion users were at risk. As of June 13, Yahoo is no longer an independent company and is now owned by Verizon in a $4.5 billion deal.
Cloud Security Breaches
This year has also seen a significant number of data thefts directly related to organizations leaving cloud storage open.
Verizon, the Republican National Committee, and Accenture were among the many organizations that accidentally left sensitive data in public clouds. In many cases, the root cause of the incidents was Amazon S3 storage buckets that were not configured to allow access only to authorized users.
Throughout 2017, Amazon took many steps to improve the security of S3, including the launch of a machine learning service called Macie that automatically detects when S3 stores information that can be linked to a specific person. Amazon also provides enhanced S3 configuration options to reduce the risk of inadvertently exposing sensitive data to the public.