The 5 Knows - Securing your Data

The 5 Knows - Securing your Data

We all know that there is much that can be done to improve an organisation's Cyber Security posture but it can be overwhelming when you look at the big picture. We see this everyday. As we work with our clients, for those who are at the start of their their journey, we try to instill the importance good cybersecurity posture and why cyber should be a live conversation across all levels of the organisation, from the board, right through to the coalface. 

Severe Security Vulnerability - Apache Struts

Vendor

Apache Struts

Description

Security researchers at lgtm.com have discovered a critical remote code execution vulnerability in Apache Struts — a popular open-source framework for developing web applications in the Java programming language. All versions of Struts since 2008 are affected; all web applications using the framework’s popular REST plugin are vulnerable. Users are advised to upgrade their Apache Struts components as a matter of urgency. This vulnerability has been addressed in Struts version 2.5.13.
 
Affected developers are urged to upgrade to Apache Struts version 2.5.13.
 
The flaw was reported to Apache Struts developers in July, with a patched version of the framework released today.

 
Recommendation - 

Upgrade Immediately
 

Apache Struts version 2.5.13 https://struts.apache.org/announce.html#a20170905

Technical

https://lgtm.com/blog/apache_struts_CVE-2017-9805_announcement

Additional Resources

https://threatpost.com/patch-released-for-critical-apache-struts-bug/127809/

https://qz.com/1069960/researchers-just-discovered-a-bug-that-has-made-the-apache-struts-framework-vulnerable-to-simple-hacks-since-2008/

https://www.itnews.com.au/news/critical-apache-struts-vulnerability-menaces-enterprises-472645

http://www.zdnet.com/article/critical-security-bug-threatens-fortune-100-companies/?loc=newsletter_large_thumb_related&ftag=TREc64629f&bhid=24735745556402991340377214973076

About Dragonfly

Dragonfly Technologies - Secure Solutions, Simplified
Whether its infrastructure, data or application security, Dragonfly has the technical expertise to assist you in protecting your organisation's most critical assets.

We protect Australia's most security conscious organisations. 

For immediate assistance, contact our team on 1300 663 220 or online
 

Security Skills Shortage Opportunity for Australia to Become Asia Pacific Security Hub

Cyber attackers have long had an advantage over IT organisations. With virtually unlimited resources at their disposal, attackers have only to find one weak link to gain access to corporate resources. IT organisations, on the other hand, have to secure and protect the entire IT environment. A security skills shortage makes this even more challenging.