Equifax couldn't find or patch vulnerable Struts implementations

Equifax couldn't find or patch vulnerable Struts implementations

7 years ago
Anonymous $wKBR2uNMvM

https://www.theregister.co.uk/2017/10/02/equifax_ceo_richard_smith_congressional_testimony/

Equifax was just as much of a trash-fire as it looked: the company saw the Apache Struts 2 vulnerability warning, failed to patch its systems, and held back a public announcement for weeks for fear of “copycat” attacks.

Those Infosec for Absolute Dummies tips were made official by ex-CEO Richard Smith, by way of evidence published by a US House committee ahead of his in-person appearance Tuesday.