What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-03-20 13:00:00 | Restart BEFORE patching (lien direct) |
Most folks who work with servers know the monthly drill:
Patches are released by manufacturers -> Patches are tested -> Patches are deployed to Production. What could possibly go wrong?
Anyone who has ever experienced the nail-biting joy of patching, and then awaiting a restart, knows exactly what could go wrong. Does anyone remember the really good old days when patches had to be manually staged prior to deployment? For those of you who entered the tech world after Windows NT was retired, consider yourself lucky!
If you think about it, most organizations that patch on a monthly basis are considered to have an aggressive patching strategy. As evidenced by the legendary Equifax breach, some organizations take months to apply patches. This is true even when the organization has been forewarned that the patch is a cure for a vulnerability that is being actively exploited, also known as a “Zero-day” vulnerability.
Patching is never a flawless operation. There is always one server that just seems to have problems. What is the first response when this happens? Blame the patch, of course! After all, what else could have changed on the server? Plenty, actually.
Sometimes, removal of the patch doesn’t fix the problem. I have seen the patch still held responsible for whatever has gone wrong with the server. I am not blindly defending the patch authors, as there have been too many epic blunders in patching for me to exhibit that kind of optimism and not laugh at myself. But what can we do to avoid the patch blame game?
The simple solution is to restart the servers before deploying patches. This is definitely an unorthodox approach, but it can certainly reduce troubleshooting time and “patch blame” when something goes wrong. If you restart a server, and it doesn’t restart properly, that indicates that an underlying problem exists prior to any patching concern.
This may seems like a waste of time, however, the alternative is usually more time consuming.
If you patch a server, and it fails at restart, the first amount of time you will waste is trying to find the offending patch, and then removing the patch. Then, upon the subsequent restart, the machine still fails. Now what?
Even if we scale this practice to 1000 servers, the time is still not wasted. If you are confident that your servers can withstand a simple restart, then restart them all. The odds are in your favor that most will restart without any problems. If less than 1% of them fail, then you can address the problems there before falsely chasing the failure as a patch problem.
Once all the servers restart normally, then, perform your normal patching, and feel free to blame the patch if the server fails after patching.
The same approach could also be applied to workstations in a corporate environment. Since most organizations do not engage automatic workstation patching on the corporate network, a pre-patch restart can be forced on workstations.
Patching has come a long way from the early days when the internet was young and no vulnerabilities existed (insert sardonic smile here). The rate of exploits and vulnerabilities have accelerated, requiring more immediate action towards protecting your networks. Since patches are not without flaws, one easy way to rule out patching as the source of a problem is to restart before patching.
|
Vulnerability Patching | Equifax | |
 |
2019-03-19 14:30:00 | The Case of the Missing Data (lien direct) | The latest twist in the Equifax breach has serious implications for organizations. | Equifax | ||
 |
2019-03-11 16:31:00 | Equifax Was Aware of Cybersecurity Weaknesses for Years, Senate Report Says (lien direct) | The massive Equifax data breach that impacted 148 million Americans in 2017 was the result of years of poor cybersecurity practices, a new Staff Report from the United States Senate's Permanent Subcommittee on Investigations reveals. | Data Breach | Equifax | |
 |
2019-03-11 15:30:00 | US Senators Slam Equifax, Marriott Executives For Massive Data Breaches (lien direct) | It has been reported that Equifax appeared before the United States Senate yesterday to discuss what the company has learned from one of the largest data breaches to hit corporate America. Last night, the Senate released a report on how Equifax handled its data security leading up to the data breach. The report details that they “neglected” cybersecurity ahead of the devastating … The ISBuzz Post: This Post US Senators Slam Equifax, Marriott Executives For Massive Data Breaches | Guideline | Equifax | |
 |
2019-03-08 16:12:03 | MyEquifax.com Bypasses Credit Freeze PIN (lien direct) | Most people who have frozen their credit files with Equifax have been issued a numeric Personal Identification Number (PIN) which is supposed to be required before a freeze can be lifted or thawed. Unfortunately, if you don't already have an account at the credit bureau's new myEquifax portal, it may be simple for identity thieves to lift an existing credit freeze at Equifax and bypass the PIN armed with little more than your, name, Social Security number and birthday. | Equifax | ||
 |
2019-02-16 00:26:03 | Where\'s the Equifax Data? Does It Matter? (lien direct) | Threat-hunters say the breached data from the massive Equifax incident is nowhere to be found, indicating a spy job. | Equifax | ||
|
2019-02-15 22:30:01 | Data Breach Bonanza: Dating Apps, Equifax, Mass Credential Dumps (lien direct) | Data-exposure "lowlights" for the week ending Feb. 15, 2019. | Data Breach | Equifax | |
|
2019-02-15 21:30:00 | Equifax Data Breach A Sign Of Global Cyberwarfare? (lien direct) | The Equifax data breach in which millions of Americans had their personal details stolen may have been carried out by a foreign government in a bid to recruit U.S. spies, experts believe. Off the back of this, please see comments from Terry Ray, senior vice president and Imperva fellow who talks about how this is … The ISBuzz Post: This Post Equifax Data Breach A Sign Of Global Cyberwarfare? | Data Breach | Equifax | |
|
2019-02-14 14:36:05 | Equifax Partner Breach (lien direct) | Cybercriminals found a way to penetrate Image-I-Nation Technologies is a North Carolina-based provider of software and hosting services, a company that services the three largest credit reporting services including Equifax. The hackers had access to sensitive information including social security numbers. BREACH #Equifax Partner #Breaches Customer #Data.To read more visit: https://t.co/N61M9KSQ2v#CyberSecurity #security #ThreatIntel — Paladion … The ISBuzz Post: This Post Equifax Partner Breach | Equifax | ||
|
2019-01-31 23:30:04 | Most Of The Fortune 100 Still Use The Flawed Software That Led To The Equifax Breach (lien direct) | It has been reported that almost two years after Equifax's massive hack, the majority of Fortune 100 companies still aren't learning the lessons of using vulnerable software. In the last six months of 2018, two-thirds of the Fortune 100 companies downloaded a vulnerable version of Apache Struts, the same vulnerable server software that was used by hackers to steal the personal data on … The ISBuzz Post: This Post Most Of The Fortune 100 Still Use The Flawed Software That Led To The Equifax Breach | Equifax | ||
 |
2019-01-28 04:00:01 | Regulatory Fines, Prison Time Render “Check Box” Security Indefensible (lien direct) | In May 2017, the Equifax data breach compromised critical credit and identity data for 56 percent of American adults, 15 million UK citizens and 20,000 Canadians. The Ponemon Institute estimates that the total cost to Equifax could approach $600M in direct expenses and fines. That doesn't include the cost of the security upgrades required to […]… Read More | Data Breach | Equifax | |
 |
2019-01-15 03:51:04 | How to Secure Your Mid-Size Organization From the Next Cyber Attack (lien direct) | If you are responsible for the cybersecurity of a medium-sized company, you may assume your organization is too small to be targeted. Well, think again.
While the major headlines tend to focus on large enterprises getting breached – such as Sony, Equifax, or Target the actual reality is that small and mid-sized companies are experiencing similar threats.
According to Verizon's 2018 Data
|
Equifax | ||
 |
2019-01-07 06:05:00 | IDG Contributor Network: Managing identity and access management in uncertain times (lien direct) | If we remember one thing from 2018, it is that we are all victims now through one breach or another. Every day, we hear more news about another data breach affecting millions of users with significant financial and reputational consequences to its victims. With massive breaches like Equifax, Facebook, Deloitte, Quora and Yahoo, it is clear that breach notification services and multi-factor authentication (MFA) are not enough to prevent the next data breach headline from appearing in tomorrow's newspapers.Organizations have started thinking holistically, and rightly so, about risk and approaches to security using frameworks such as CARTA, Zero Trust, NIST SP 800 and IDSA. These frameworks offer progressive thinking and valuable approaches to modern identity strategy, but there is no one size fits all. These frameworks are akin to buying furniture from IKEA; assembly required, but with a lot more complexity and a lot more at stake. | Data Breach | Equifax Deloitte Yahoo | |
 |
2018-12-13 11:49:00 | Conflicted External Auditors at Heart of Equifax Data Breach (lien direct) | Equifax hired financial auditors and IT security auditors from different divisions of Ernst & Young, creating conflicts of interest that may have disincentivized both auditing teams from reporting problems that eventually led to the company's 2017 data breach. | Data Breach | Equifax | |
|
2018-12-12 15:58:01 | U.S. House Report Blasts Equifax Over Poor Security Leading to Massive 2017 Breach (lien direct) | Equifax Could Have Prevented Massive Data Breach, Report From U.S. House Says | Equifax | ||
|
2018-12-11 17:42:00 | Equifax Breach Underscores Need for Accountability, Simpler Architectures (lien direct) | A new congressional report says the credit reporting firm's September 2017 breach was 'entirely preventable.' | Equifax | ||
|
2018-12-11 16:00:05 | House Oversight Committee on Equifax (lien direct) | The House Oversight Committee has released a scathing report on Equifax. Through the investigation, the Committee reviewed over 122,000 pages of documents, conducted transcribed interviews with three former Equifax employees directly involved with IT, and met with numerous current and former Equifax employees, in addition to Mandiant, the forensic firm hired to conduct an investigation … Continue reading "House Oversight Committee on Equifax" | Equifax | ||
 |
2018-12-07 14:00:00 | Data Breaches: The Complete WIRED Guide (lien direct) | Everything you ever wanted to know about Equifax, Mariott, and the problem with social security numbers. | Equifax | ||
|
2018-12-04 11:45:05 | Senate Call For Data Security Laws In Wake Of Marriott Breach (lien direct) | US Senator Mark Warner and a couple of colleagues are calling on Congress to pass data security laws to protect consumers in the wake of the Marriott breach, the latest in a long list of breaches including Facebook, Cathay Pacific, Equifax and a long list of other companies. Chris Olson, CEO at The Media Trust: “Data … The ISBuzz Post: This Post Senate Call For Data Security Laws In Wake Of Marriott Breach | Equifax | ||
|
2018-11-09 22:50:04 | Lawsuits Aim Billions in Fines at Equifax and Ad-Targeting Companies (lien direct) | The results could start a wave of major damages for companies that collect and sell consumer information. | Equifax | ||
|
2018-11-05 17:15:01 | Equifax Offers Free Credit Monitoring - Via Rival Experian (lien direct) | A year after offering free credit monitoring to all Americans on account of its massive data breach that exposed the personal information of nearly 148 million people, Equifax now says it has chosen to extend the offer by turning to a credit monitoring service offered by a top competitor – Experian. And to do that, it will soon … The ISBuzz Post: This Post Equifax Offers Free Credit Monitoring - Via Rival Experian | Data Breach | Equifax | |
|
2018-11-01 16:47:01 | Equifax Has Chosen Experian. Wait, What? (lien direct) | A year after offering free credit monitoring to all Americans on account of its massive data breach that exposed the personal information of nearly 148 million people, Equifax now says it has chosen to extend the offer by turning to a credit monitoring service offered by a top competitor -- Experian. And to do that, it will soon be sharing with Experian contact information that affected consumers gave to Equifax in order to sign up for the service. | Data Breach | Equifax | |
 |
2018-10-29 08:56:01 | GUEST ESSAY: A guide to implementing best security practices - before the inevitable breach (lien direct) | The United States has experienced the most cybersecurity breaches in the world and the Equifax Breach was one of the first to be considered a “mega breach.” The headlines immediately attempted to lay the blame, in large part, on the fact that Equifax's chief information security officer was a music major and did not have […] | Equifax | ||
 |
2018-10-19 14:55:01 | Manager who worked on Equifax\'s breach website sentenced for insider trading (lien direct) |  Sudhakar Reddy Bonthu wasn't told he was working on Equifax's breach notification website, but when he worked it out he used the information for his financial advantage.
Read more in my article on the Hot for Security blog.
|
Equifax | ||
|
2018-10-19 13:00:00 | Things I Hearted this Week, 19th October 2018 (lien direct) |
It’s been another eventful week in the world of cyber security. So let’s just jump right into it.
NCSC has Been Busy
NCSC collaborated with Australia, Canada, New Zealand, UK, and the USA to give us a report that highlights which publicly-available tools criminals are using to aid their cyber crimes.
Joint report on publicly available hacking tools | NCSC
The agency also commented on how it keeps criminals at bay by stopping on average 10 attacks on the government per week.
NCSC also published its Annual Review 2018 - the story of the second year of operations at the National Cyber Security Centre.
Targeting Crypto Currencies
It is estimated that cryptocurrency exchanges suffered a total loss of $882 million due to targeted attacks in 2017 and in the first three quarters of 2018. According to Group-IB experts, at least 14 crypto exchanges were hacked. Five attacks have been linked to North Korean hackers from Lazarus state-sponsored group, including the infamous attack on Japanese crypto exchange Coincheck, when $534 million in crypto was stolen.
Targeted attacks on crypto exchanges resulted in a loss of $882 million | HelpNet Security
Twitter Publishes Data on Iranian and Russian Troll Farms
In an attempt to try and be more proactive in dealing with misinformation campaigns, Twitter has published its Elections Integrity dataset which includes attempted manipulation, including malicious automated accounts and spam. In other words it’s attempting to out - Iranian and Russian troll farms.
Twitter’s focus is on a healthy public conversation | Twitter
In light of this, it’s worth also revisiting this article by Mustafa Al-Bassam in which he researched UK intelligence doing the same thing targeting civilians in Iran.
British Spies Used a URL Shortener to Honeypot Arab Spring Dissidents | Motherboard
Equifax Engineer Sentenced
An Equifax engineer gets eight months for earning $75,000 from insider trading. He figured out he was building a web portal for a breach involving Equifax, which turned out to be the 2017 breach, and so decided to ride the stock drop.
Equifax engineer who designed breach portal gets 8 months of house arrest for insider trading | ZDNet
Mind the Skills Gap
(ISC)2 has released its 2018 global cyber security workforce study and it looks like the cyber security skills gap has widened to 3 million.
It’s worth bearing in mind that estimating the skills gap isn’t an eas |
Guideline | Equifax APT 38 | |
|
2018-10-18 04:43:01 | Ex-Equifax Manager Gets Home Confinement for Insider Trading (lien direct) | A former Equifax manager was sentenced Tuesday to serve eight months home confinement for engaging in insider trading in the wake of the company's massive data breach last year. | Data Breach | Equifax | |
 |
2018-10-17 21:39:00 | Equifax engineer who designed breach portal gets 8 months of house arrest for insider trading (lien direct) | SEC said engineer figured out on its own that the website he was building was for his own company's security breach. | Equifax | ||
|
2018-10-12 20:43:01 | GAO Report on Equifax (lien direct) | I have regularly asked why we don’t know more about the Equifax breach, including in comments in “That Was Close! Reward Reporting of Cybersecurity ‘Near Misses’.” These questions are not intended to attack Equifax. Rather, we can use their breach as a mirror to reflect, and ask questions about how defenses work, and learn things … Continue reading "GAO Report on Equifax" | Equifax | ||
|
2018-10-09 14:30:01 | Equifax: One Year Later (lien direct) | A year ago, the Equifax breach that exposed personal data of over 145 million people to cyber attackers shocked the country. Everyone from cyber security firms to Congress weighed in, making predictions about what went wrong and how cybersecurity would adapt to prevent such attacks in the future. Most notable about the incident, was that … The ISBuzz Post: This Post Equifax: One Year Later | Equifax | ||
 |
2018-09-24 17:03:02 | A week in security (September 17 – 23) (lien direct) |
A roundup of the security news from September 17–23, including Android scams, massive WordPress compromises, and high fines for Equifax.
Categories:
Security world
Week in security
Tags: AndroidemotetEquifaxEquifax breachfineMagaCartmalwarephishingplayransomwareround up. ukgovsaslvulnerabilityweek in security
(Read more...)
|
Equifax | ||
|
2018-09-24 10:30:01 | Lack Of Software Intelligence Led To Equifax (lien direct) | In response to the news that Equifax is to be fined £500,000 by the ICO after it failed to protect the personal data of 15 million Britons, IT security experts commented below. Jake Moore, Security Specialist at ESET: “The ICO has given the highest possible fine under the 1998 Data Protection Act. If this breach had occurred after May 2018 … The ISBuzz Post: This Post Lack Of Software Intelligence Led To Equifax | Equifax | ||
|
2018-09-20 11:09:03 | ICO to Fine Equifax £500,000 for 2017 Data Breach (lien direct) | The Information Commissioner’s Office (ICO) of the United Kingdom announced it will fine Equifax £500,000 for a data breach that occurred in 2017. In a monetary penalty notice filed on 19 September, the ICO revealed its decision to impose the maximum fine specified in section 55A of the Data Protection Act 1998 on Equifax. The […]… Read More | Data Breach | Equifax | |
|
2018-09-20 07:25:00 | Equifax fined £500,000 over customer data breach (lien direct) | If the security incident had taken place after GDPR came into play, the fine may have been far higher. | Data Breach | Equifax | |
|
2018-09-20 06:54:05 | UK Regulator Fines Equifax £500,000 Over 2017 Data Breach (lien direct) | Atlanta-based consumer credit reporting agency Equifax has been issued a £500,000 fine by the UK's privacy watchdog for its last year's massive data breach that exposed personal and financial data of hundreds of millions of its customers.
Yes, £500,000-that's the maximum fine allowed by the UK's Data Protection Act 1998, though the penalty is apparently a small figure for a $16 billion
|
Data Breach | Equifax | |
 |
2018-09-19 23:12:00 | Equifax fined by ICO over data breach that hit Britons (lien direct) | The UK's Information Commissioner's Office imposes a fine of £500,000 over the 2017 breach. | Data Breach | Equifax | |
|
2018-09-10 15:30:00 | GAO Says Equifax Missed Flaws, Intrusion in Massive Breach (lien direct) | A report from the Government Accountability Office details the issues found and opportunities missed in the huge 2017 Equifax data breach. | Equifax | ||
|
2018-09-10 14:23:00 | Mirai, Gafgyt Botnets Return to Target Infamous Apache Struts, SonicWall Flaws (lien direct) | By implementing the "Equifax bug," it's the first known time a Mirai IoT botnet variant has targeted an Apache Struts vulnerability. | Equifax | ||
 |
2018-09-10 14:22:02 | GAO Report shed the lights on the failures behind the Equifax hack (lien direct) | A new report from the U.S. Government Accountability Office (GAO) provides detailed information of the Equifax hack. The Equifax hack occurred in May 2017 when attackers exploited the CVE-2017-5638 Apache Struts vulnerability in the Jakarta Multipart parser upload function. The flaw allowed the attacker to make a maliciously crafted request to an Apache web server and gain access […] | Hack | Equifax | |
|
2018-09-10 12:47:00 | The Equifax Breach One Year Later: 6 Action Items for Security Pros (lien direct) | The Equifax breach last September was the largest consumer breach in history. We talked to experts about lessons learned and steps companies can take to prevent and minimize future breaches. | Equifax | ||
|
2018-09-10 11:43:01 | Attackers Made 9,000 Unauthorized Database Queries in Equifax Hack: Report (lien direct) | It took Equifax 76 days to detect the massive 2017 data breach, despite the fact that attackers had conducted roughly 9,000 unauthorized queries on its databases, according to a new report from the U.S. Government Accountability Office (GAO). | Equifax | ||
|
2018-09-10 11:23:02 | Mirai and Gafgyt target Apache Struts and SonicWall to hit enterprises (lien direct) | Security experts with Unit 42 at Palo Alto Networks have discovered new variants of the Mirai and Gafgyt IoT malware targeting enterprises. Both botnets appear very interesting for two main reasons: The new Mirai variant targets the same Apache Struts vulnerability exploited in the 2017 Equifax data breach. The vulnerability affects the Jakarta Multipart parser upload […] | Malware Vulnerability | Equifax | |
 |
2018-09-10 11:22:00 | A year after the Equifax hack exposed 145 million Americans\' personal information, the Trump administration hasn\'t announced any punishments (lien direct) | A new report by congressional investigators details how hackers broke into Equifax last year in a breach that exposed the financial information of more than 145 million Americans. View full story ORIGINAL SOURCE: Business Insider | Hack | Equifax | |
|
2018-09-10 09:30:03 | The Equifax Breach – One Year Later (lien direct) | On September 7, 2017, Equifax disclosed the worst data breach in history. One year later, what have we learned? Pravin Kothari, CEO at CipherCloud: “One year after the Equifax breach, nothing has changed — our consumer data is still being hacked and exposed. The real lesson to be learned is that you can’t keep cyber attackers out. Most large … The ISBuzz Post: This Post The Equifax Breach – One Year Later | Equifax | ||
|
2018-09-07 18:17:01 | US Government releases post-mortem report on Equifax hack (lien direct) | Template has following fields pre-populated: Author, Buying Cycle, Blog, and Primary topic. Please adjust/add to secondary topics as appropriate for specific articles. | Hack | Equifax | |
|
2018-09-02 14:50:02 | NEW TECH: WhiteSource leverages automation to mitigate lurking open-source vulnerabilities (lien direct) | Just like the best sourdough bread derives from a “mother” yeast that gets divided, passed around, and used over and over, open-source software applications get fashioned from a “mother” library of code created and passed around by developers. Related: Equifax hack highlights open source attack vectors In today's world, quick innovations are a necessity, and software […] | Hack | Equifax | |
|
2018-08-28 03:06:03 | Podcast Episode 110: Why Patching Struts isn\'t Enough and Hacking Electricity Demand with IoT? (lien direct) | In this week's episode (#110): the second major flaw in Apache Struts 2 in as many years and has put the information security community on alert. But is this vulnerability as serious as the last, which resulted in the hack of the firm Equifax? We talk with an expert from the firm Synopsys. And: we've heard a lot about the risk of cyber...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/566525656/0/thesecurityledger -->»
|
Hack Vulnerability Patching | Equifax | |
|
2018-08-27 17:07:03 | Cyber Risk = Business Risk. Time for the Business-Aligned CISO (lien direct) | Data breaches, ransomware and other cyber attacks causing massive reputation issues (Equifax), knocking down merger prices (Yahoo!) or interrupting operations on a global scale (the NotPetya virus victims), have elevated cybersecurity concerns from the server room to the boardroom. | Ransomware | NotPetya Equifax Yahoo | |
|
2018-08-23 20:22:03 | Experts Urge Rapid Patching of \'Struts\' Bug (lien direct) | In September 2017, Equifax disclosed that a failure to patch one of its Internet servers against a pervasive software flaw -- in a Web component known as Apache Struts -- led to a breach that exposed personal data on 147 million Americans. Now security experts are warning that blueprints showing malicious hackers how to exploit a newly-discovered Apache Struts bug are available online, leaving countless organizations in a rush to apply new updates and plug the security hole before attackers can use it to wriggle inside. | Patching | Equifax | |
|
2018-07-25 12:00:00 | Equifax\'s Security Overhaul, a Year After Its Epic Breach (lien direct) | Nearly a year after hackers stole the personal data of 147 million people from Equifax, the company details how it's overhauling security. | Equifax | ||
|
2018-07-18 04:30:00 | IDG Contributor Network: N-dimensional behavioral biometrics: a viable solution for digital fraud? (lien direct) | Identity fraud is expected to reach an all-time high in 2018. Javelin Research Center reported a record 16.7 million consumers fell victim last year, in large part due to the massive Equifax breach which left millions of consumers' data exposed to would-be hackers. Now, hackers are using exposed credit and debit card numbers to steal from bank and loyalty accounts, shifting to digital attacks without ever needing a physical card in their hands. According to Javelin, card-not-present fraud (CNP) is 81 percent more likely than point-of-sale fraud (PoS). In 2017, more consumers had their cards misused in a CNP transaction than at the cash register. | Equifax |
To see everything:
Our RSS (filtrered)
