Candlelites

Everything from Everywhere

struts vulnerability used to attack canadian government sites

struts vulnerability used to attack canadian government sites News Article With The full text news. The Resource Link is down the post and you can View this News Article in the source page.



struts vulnerability used to attack canadian government sites

the open-source apache struts project first disclosed a high impact critical remote code execution vulnerability on march 6 and now it has claimed its first public victim. the government of canada confirmed on march 13 that some of its servers were breached by attackers making use of the apache struts flaw, also identified as cve-2017-5638.while the public disclosure for the apache struts flaw came on monday march 6, canadian federal it security administrators apparently weren't aware of the issue until late on wednesday march 8. the admission came in an ottawa briefing to canadian media agencies on march 13.the government of canada took multiple sites down on march 9 including statistics canada as well as the canada revenue agency (cra) websites, with service not restored until march 12.according to canadian government officials, only the statistics canada website was actually breached, though no personally identifiable or confidential information was stolen. in a video from the press briefing posted by the cbc, john glowacki, chief operating officer of shared services canada stated that nothing happens on government systems that isn't logged.further reading"we're able to trace through and identify who had access to what at a given time," glowacki said.according to glowacki's analysis, the window of vulnerability on the canadian government systems was limited. he hinted that it is likely that struts vulnerability is also having an impact on other countries beyond just...