Equifax has without notifying anyone updated their breach FAQ, now saying that it was breached using a vulnerability in Apache Struts.
“We know that criminals exploited a U.S. website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638.”
https://www.equifaxsecurity2017.com/frequently-asked-questions/
The bug was widely reported and patches have been available since March, two months before the Equifax breach started in mid-May.’
Patching is an update to software fixing programming or security issues, even if the vulnerability was not known before it is as soon as the patch is released.
Not patching systems now leaves you open to known vulnerabilities, the attackers knows your systems, that they are vulnerable and if not patched they have a way onto your systems.
If you want to protect yourself using Equifax, do not use the link sent to you in an email, that can be a phishing email, using a XSS (Cross-site scripting) vulnerability on their site (Yes, another security problem by Equifax).
Instead type https://www.alerts.equifax.com into your browser’s address bar.
