Apache Struts

Podcast Episode 110: Why Patching Struts isn’t Enough and Hacking Electricity Demand with IoT?

Podcast: Play in new window | Download (Duration: 33:38 — 38.5MB)Subscribe: Android | Email | Google Podcasts | RSSIn this week’s episode (#110): the second major flaw in Apache Struts 2 in as many years and has put the information security community on alert. But is this vulnerability as serious as the last, which resulted in the hack of the firm Equifax? We talk with an expert from the firm Synopsys.  And: we’ve heard a lot about the risk of cyber attacks on the critical infrastructure used to generate and distribute electricity. But what would happen if someone figured out to how to hack electricity demand? The Internet of Things just might make that possible. We talk to a Princeton University researcher behind a paper that discusses how even small changes in demand can have big consequences for the grid.

The Security Ledger podcast

After Equifax: What Makes a Good CSO? Also: App Sec is a Mess. We Talk about Why.

Podcast: Play in new window | Download (27.5MB)Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | RSS | https://www.securityledger.com/subscribeWhat makes a good CSO? In the wake of the Equifax breach, we talk about the controversy over that company’s CSO’s music degree. Also: we talk with Signal Sciences about why companies keep getting hacked via application vulnerabilities like the Apache Struts hole that felled Equifax.

Equifax Executives Depart Amid Growing Backlash

In-brief: Equifax said on Friday that its Chief Information Officer and Chief Security Officer had “retired” in the wake of a massive data breach that leaked sensitive on some 143 million people. 

Beset by Lawsuits, Scams, Investigations, Equifax names Source of Breach

In-brief: Beset by a plunging share price, class action lawsuits in dozens of states, pending Congressional hearings and a FTC investigation, Equifax on Wednesday finally settled speculation and named a six month old hole in a common software platform, Apache Struts, as the cause of a massive hack.