March 2017

LastPass Security Updates


What happened?

Two vulnerabilities were discovered in the LastPass browser extension.


What is the risk?

In certain circumstances, these vulnerabilities could be used to steal passwords or run malicious code, though there have been no confirmed incidents of stolen data or passwords.


What has LastPass done? 

All versions of the LastPass browser extension have been updated to fix these vulnerabilities and are being pushed to clients. Instructions for...

Read more about LastPass Security Updates

Apache Struts2 Vulnerability

What happened?

A vulnerability has been discovered in Apache Struts2, a framework for providing application services through a web server. 

What is the risk?

When successfully exploited, this vulnerability gives a cyber attacker the ability to run commands on the web server running the affected software. Exploiting this vulnerability does not require sophisticated technical skill. Active exploits have been widely detected across the Internet. 

What is Harvard Information Security doing?


Read more about Apache Struts2 Vulnerability