Last year’s Equifax hack can still teach us a lot – primarily, the importance of keeping your software updated.
This becomes even more important when a new vulnerability is reported, as this can trigger an onslaught of attempted attacks – demonstrated aptly by the credit reporting agency when its software was compromised last year, just a week after Apache released a fix for the exploit.
A year on, this is still the case. Last month, a security researcher revealed a remote code execution flaw in the same popular enterprise software, Apache Struts. The vulnerability, known as CVE-2018-11776, allows an attacker to gain control over Struts-based web applications by simply sending a specially crafted URL to the vulnerable system.
Once again, we’ve seen proof of concept exploit code being published across the internet and a rise in active exploitation attempts, as well as evidence that black hats are scanning the internet for vulnerable versions of this software.
Apache released updates to patch this most recent vulnerability, although only those businesses who updated their systems immediately will have been protected from this flaw.
This most recent vulnerability should act as a stark reminder that regularly updating software has to be an integral part of your security process. And if it isn’t already, now is the time to change that and put a formal process in place to make sure new vulnerabilities are flagged as soon as they are disclosed, and that systems are properly protected at all times.
To avoid any doubt and go one step further, it’s wise to scan your internet-facing infrastructure regularly to ensure that there are no weak links in your software.
If you need further assistance, our penetration testing services can help to provide you with peace of mind when it comes to your security. To find out more, get in touch.