{"id":9223,"date":"2017-09-12T04:10:06","date_gmt":"2017-09-12T12:10:06","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/09\/12\/news-2996\/"},"modified":"2017-09-12T04:10:06","modified_gmt":"2017-09-12T12:10:06","slug":"news-2996","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/09\/12\/news-2996\/","title":{"rendered":"Equifax breach: What you need to know [updated]"},"content":{"rendered":"

Credit to Author: Malwarebytes Labs| Date: Fri, 08 Sep 2017 07:02:47 +0000<\/strong><\/p>\n

[updates 9\/12\/2017]<\/h3>\n

You can follow Equifax’s efforts in response to this incident here:\u00a0https:\/\/www.equifaxsecurity2017.com<\/a><\/p>\n

Over 30 lawsuits have been filed against Equifax following the breach according to Reuters<\/a>.<\/p>\n

Quartz reported<\/a>\u00a0that the vulnerability they mentioned\u00a0was in a popular open-source software package called Apache Struts, which is a programming framework for building web applications in Java. Two vulnerabilities in Struts have been discovered so far in 2017. The vulnerability announced on Sept. 4 has existed in Struts since 2008.<\/p>\n

Apache responded to that report with\u00a0this Apache Struts Statement on Equifax Security Breach<\/a>.<\/p>\n

 <\/p>\n

On July 29, 2017, Equifax discovered that attackers had gained unauthorized access to private data belonging to an estimated 143 million Americans by exploiting a vulnerability in a website application. It is unknown at this point whether said vulnerability was a zero-day or had already been patched. The former would indicate that other companies could have also been attacked, while the latter would reflect on Equifax’s overall\u00a0security posture.<\/p>\n

According to Equifax<\/a>, online criminals maintained their presence from mid-May through July 2017 and had access to:<\/p>\n