March 2017

LastPass Security Updates

 

What happened?

Two vulnerabilities were discovered in the LastPass browser extention.

 

What is the risk?

In certain circumstances, these vulnerabilities could be used to steal passwords or run malicious code, though there have been no confirmed incidents of stolen data or passwords.

 

What has LastPass done? 

Apache Struts2 Vulnerability

What happened?

A vulnerability has been discovered in Apache Struts2, a framework for providing application services through a web server. 

What is the risk?

When successfully exploited, this vulnerability gives a cyber attacker the ability to run commands on the web server running the affected software. Exploiting this vulnerability does not require sophisticated technical skill. Active exploits have been widely detected across the Internet. 

What is Harvard Information Security doing?