Having our heads buried in application security most days, we find that if you are not careful, you can get very technical about application security and forget about the people, money, risk and business priorities side of security. Let me explain that for a moment. Like in everything in life, security is also not black and white, rather shades of grey – what may be perfectly adequate in one scenario may be a big no, no in another.
On 7th September 2017, Equifax, a US Atlanta based credit rating company, released a press release that the company had suffered a massive data breach impacting 143 million American’s. The then former CEO Richard Smith said the hack was his number one worry, and as the story unfolded, the breach has been marked as the worst data breach in US history.
We all know that there is much that can be done to improve an organisation's Cyber Security posture but it can be overwhelming when you look at the big picture. We see this everyday. As we work with our clients, for those who are at the start of their their journey, we try to instill the importance good cybersecurity posture and why cyber should be a live conversation across all levels of the organisation, from the board, right through to the coalface.
Security researchers at lgtm.com have discovered a critical remote code execution vulnerability in Apache Struts — a popular open-source framework for developing web applications in the Java programming language. All versions of Struts since 2008 are affected; all web applications using the framework’s popular REST plugin are vulnerable. Users are advised to upgrade their Apache Struts components as a matter of urgency. This vulnerability has been addressed in Struts version 2.5.13.
Affected developers are urged to upgrade to Apache Struts version 2.5.13.
The flaw was reported to Apache Struts developers in July, with a patched version of the framework released today.
Apache Struts version 2.5.13 https://struts.apache.org/announce.html#a20170905
Dragonfly Technologies - Secure Solutions, Simplified
Whether its infrastructure, data or application security, Dragonfly has the technical expertise to assist you in protecting your organisation's most critical assets.
We protect Australia's most security conscious organisations.
For immediate assistance, contact our team on 1300 663 220 or online
The latest cybersecurity roundup of news for June 2017
In order to comply with the Payment Card Industry Data Security Standard (PCI DSS), merchants and service providers are required to have external vulnerability scans performed on their systems every quarter.
The challenges of a constantly evolving threat landscape combined with limited IT budgets as well as the push for efficiencies in IT initiatives, heralds the need for flexible security solutions for organisations of all sizes to address the constantly evolving threat landscape.
The cybersecurity landscape in 2016 continued to evolve in both predictable and unpredictable ways. The data breaches continued unabated, cybersecurity took a greater profile both in the corporate boardrooms and in the public sphere.
It is an all too familiar scenario but have you ever stopped to think about how it happened and what could have been done to prevent it?
You have no doubt lots of options available to you but beyond the hype and marketing, how do you identify the right organisation to team up with?
The worlds largest home improvement retailer was hit by a massive Data Breach impacting Debit and Credit Cards with over 56 million cards impacted by the incident.
Have you ever wondered what a company does when they do a penetration test for you?
Tim Vernum takes us through his top 3 application security principles – a must for development teams.