What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-03-01 15:10:04 | Equifax finds more victims of 2017 breach (lien direct) | Credit-rating company Equifax reveals more people were hit in a massive data breach than previously thought. | Equifax | ||
 |
2018-03-01 11:19:00 | Equifax Finds 2.4 Million Additional US Victims of its Data Breach (lien direct) | Equifax | |||
 |
2018-02-27 11:04:00 | 50 percent of adults have not checked their credit since the Equifax breach (lien direct) | Half of U.S. adults in a new survey said they have not looked at their credit report or credit score since a huge data breach last year at credit scoring company Equifax compromised the personal information of at least 145.5 million U.S. consumers. CreditCards.com’s latest study also found that 18 percent of the 1,164 adults surveyed have never ... | Equifax | ||
 |
2018-02-22 06:41:02 | After Intel & Equifax Incidents, SEC Warns Execs Not to Trade Stock While Investigating Security Incidents (lien direct) | The US Securities and Exchange Commission (SEC) released a statement yesterday, warning high-ranking executives not to trade stocks before the disclosing breaches, major vulnerabilities, and other cybersecurity related incidents. [...] | Equifax | ||
|
2018-02-12 14:32:01 | Equifax under pressure after data breach update (lien direct) | A US senator gives the credit rating firm a week to reveal more information about 2017's cyber-attack. | Equifax | ||
 |
2018-02-12 10:07:33 | New Details Surface on Equifax Breach (lien direct) | Documents provided recently by Equifax to senators revealed that the breach suffered by the company last year may have involved types of data not mentioned in the initial disclosure of the incident. | Equifax | ||
 |
2018-02-10 19:25:00 | Equifax says more private data was stolen in 2017 breach than first revealed (lien direct) | The credit rating agency said it didn't originally announce "potential" data points, like tax identification numbers, that "may have been accessed" by hackers. | Equifax | ||
 |
2018-01-31 04:01:08 | The Top Malware Families in Banking, Mobile, Ransomware, and Crypto-Mining of 2017 (lien direct) | >The second half of 2017 was busy in terms of digital security events. In September, consumer reporting agency Equifax announced a breach that potentially compromised the Social Security Numbers and other personal information of 143 million U.S. consumers. Less than two months later, organizations in Russia and Ukraine suffered infections at the hands of BadRabbit, […]… Read More | Equifax | ||
 |
2018-01-29 14:00:00 | Hackers Using AI? An Increase in the FUD Factor (lien direct) |
It’s hard to envision hackers, whether skiddies, APTs, or anything in between, using any sort of artificial intelligence (AI) or machine learning (ML) to attack a target network. Despite the availability of these sophisticated technologies, the most simplistic attack tactics continue to work. Enterprises aren’t patching known vulnerabilities; freely available malware can run in memory un-detected; users continue to click on links they receive in email or allow macros on that innocent-looking office document; and internal network logs are often not collected and even more rarely kept for any period. if these methods work, why would adversaries turn to more complex solutions like AI or ML?
Looking back on 2017, perhaps the biggest takeaway is that the most obvious methods still work. Adversaries seek the greatest mission gain with the lowest amount of resources expended and equities exposed. For example, Equifax wasn’t pwned by a fancy ZeroDay exploit or an insider with a USB drive; PII on millions of consumers wasn’t culled from S3 buckets because Amazon’s infrastructure was hacked by an APT; WannaCry wasn’t the result of a ZeroDay vulnerability; and people (amazingly) clicked Yes to download an update to Adobe Flash, giving us BadRabbit! Sticking with what works continues to pay off for all adversaries, irrespective of their resources, motives or intent. So, what’s with the fear mongering over hackers using AI and ML to attack their targets?
AI (by which I mean both Machine Learning and AI in general) is the gift that keeps on giving. Most in the InfoSec community agree that AI has its place in the defense of the enterprise. The problem is that few people understand how AI works or how to best apply it, and many cybersecurity companies take advantage of this situation by making fancy sounding claims about the number of models they apply to the data or the types of mathematics they use to generate results. These claims generally go hand-in-hand with a dark-themed user interface with some sort of spinning globe or pew-pew map. And while defenders work to sift through the marketing blather and outrageous claims about cybersecurity products that use AI, some in the security world take further advantage, and extend the FUD further: what could be better to sow fear and confusion than claiming that hackers are now using AI to attack your network? The more observant in the InfoSec community have noticed that this language tends to originate with companies that stand to profit on the very same FUD that permeates the market.
This FUD spreading takes on a few different forms, often by way of polls, as in, how many people believe hackers will use AI. There’s been a few of these polls where more than 50 percent of the respondents agree that this is a real threat. For the life of me, I can’t understand why. The other way is through companies that make the claim. This comes in the form of sponsored posts on various InfoSec news sites, or interviews with company executives. There have been claims made about adversaries detected and intrusions executed using AI; while this may come to pass in the future, it’s incredibly unlikely any time soon. There are simply too many ways for adversaries to attack networks and accomplish their objectives using far more simplistic and less risky tactics. An adversary who has mastered the use of AI in their operations would only use it for the hardest of the hard targets, and even then, they’re likely to find an easier way to achieve their objective.
Yet, it’s important to note that the academic and security-minded research into hackers use of AI is real, and important. Adversarial machine learning is one angle. This work is important; it helps understand the cap |
Wannacry Equifax | ||
 |
2018-01-24 15:00:40 | Third Party Risks To Enterprise In A Post Equifax World (lien direct) | The ISBuzz Post: This Post Third Party Risks To Enterprise In A Post Equifax World | Equifax | ||
 |
2018-01-23 05:37:52 | Cybersecurity Certification Courses – CISA, CISM, CISSP (lien direct) | The year 2017 saw some of the biggest cybersecurity incidents-from high profile data breaches in Equifax and Uber impacting millions of users to thousands of businesses and millions of customers being affected by the global ransomware threats like WannaCry and NotPetya.
The year ended, but it did not take away the airwaves of cybersecurity incidents, threats, data breaches, and hacks.
The
|
NotPetya Wannacry Equifax Uber | ||
|
2018-01-11 18:05:46 | Proposed Legislation Would Create Office of Cybersecurity at FTC (lien direct) | Punitive Data Breach Legislation Proposed Post-Equifax | Equifax | ||
 |
2017-12-21 16:00:00 | The seven most colossal data breaches of 2017 (lien direct) |
This year saw a handful of spectacularly bad security fails that resulted in massive sets of compromised data. Here are the most colossal data breaches of 2017.
Categories:
Cybercrime
Hacking
Tags: data breachesdata breaches of 2017EdmodoEquifaxUberVerizon
(Read more...)
|
Equifax Uber | ||
|
2017-12-13 21:48:00 | Freeze your credit after the Equifax hack? Get ready to face Healthcare.gov hurdles (lien direct) | A surge in Americans enrolling in health insurance plans is expected before the Friday deadline. | Equifax | ||
|
2017-12-07 18:32:22 | The Cumulative Effect of Major Breaches: The Collective Risk of Yahoo & Equifax (lien direct) | Until quite recently, people believed that a dizzying one billion accounts were compromised in the 2013 Yahoo! breach… and then it was revealed that the real number is about three billion accounts. That raises the question: so what? Isn't all the damage from a four-year-old breach already done? | Equifax Yahoo | ||
|
2017-12-01 18:42:44 | Senators Propose New Breach Notification Law (lien direct) | Senators Propose New Data Protection Bill Following Equifax and Uber Breaches | Equifax Uber | ||
|
2017-11-28 17:31:58 | Please don\'t buy this: identity theft protection services (lien direct) | Read more...) | Equifax | ||
|
2017-11-27 14:00:00 | 2017 NopSec State of Vulnerability Risk Management Report (lien direct) |
With the turning of the leaves and the first cold fall nights, usually at NopSec it means that the 2017 edition of our annual State of Vulnerability Risk Management Report is due. This year we are particularly excited because we collaborated with the exploration of a potential threat intelligence source and also our partnership with the AlienVault Labs Security Research Team for the research related to malware correlation.
The analysis of this year’s vulnerability trends could not come at a better (or worse) time since several relevant data breaches hit the news wires lately. The “400-pound gorilla” in the house is Equifax, with its multi-million customer records data breach and its patchable vulnerability on Apache Struts exploited by attackers to gain access to the compromised data. We will see from our 2017 State of Vulnerability Risk Management Report that these patch management delays are quite common, but avoidable nevertheless.
In the 2017 State of Vulnerability Risk Management Report we analyzed over a million of our customers’ anonymized unique security vulnerabilities. (By unique we mean security vulnerabilities that affect a specific customer, a unique host, on a unique TCP/UDP port). For the most part we use CVE and CWE categorization to correlate vulnerabilities, together with the presence of the 30+ unique threat intelligence feeds that NopSec Unified VRM utilizes, which include exploit-db and Metasploit exploits, active malware and targeted attack data, vendor patch data, social media conversations involving the related vulnerabilities and host value and impact information.
The 2017 report focused on what the industry verticals have in common in terms of vulnerability categorization, which vendors and industries are affected the most by which vulnerabilities, which components affect the most the vulnerability risk determination, whether we could draw the same conclusion reached in terms of the vulnerability risk and social media correlation as far as the Dark Web is concerned, and how to use these data to efficiently manage your vulnerability risk management program.
Before going on the discussion of our report’s results, a few disclaimers are due. First of all, this is not a random or representative sample. The data comes from our clients’ vulnerability population, which is necessarily skewed toward the industries most represented, including financial services and health care. Also, the sample is not all encompassing and cannot be considered representative of the population of vulnerabilities. This is also not an Intrusion Detection System, meaning the system cannot be used to predict security intrusions. With that said, this research can still offer important insights to people that would like to improve their vulnerability risk management program.
Industry Verticals
Figure 1
The first analysis we conducted in our customers’ vulnerability data was to understand overall which industry vertical has the most vulnerabilities (Figure 1), which was Healthcare, followed in second by the Financial Industry. A possible explanation for this is that the lower level of security maturity for Healthcare, and the huge number of assets under management for the Financial industry played a factor in explaining these numbers.
Vendor Susceptibility
Figure 2
Industries and Vendors
|
Equifax | ||
 |
2017-11-23 11:33:06 | Uber Paid Hackers To Hide 57 Million User Data Breach (lien direct) |  Uber is not known for it's high level of ethics, but it turns out Uber paid hackers to not go public with the fact they'd breached 57 Million accounts – which is a very shady thing to do. Getting hacked is one thing (usually someone f*cked up), but choosing as a company to systematically cover up a breach to the tune of $100,000 – that's just wrong.
57 Million is a fairly significant number as well with Uber having around 40 Million monthly users, of course, it's not the scale of Equifax with 143 Million (or more).
Read the rest of Uber Paid Hackers To Hide 57 Million User Data Breach now! Only available at Darknet.
|
Equifax Uber | ||
|
2017-11-22 20:15:11 | Equifax Hits Back At Cybersquatters (lien direct) | The ISBuzz Post: This Post Equifax Hits Back At Cybersquatters | Equifax | ||
|
2017-11-22 14:00:00 | Jeremiah Grossman: On InfoSec Basics, Incentives, and Warranties (lien direct) |
For anyone that's worked in information security for any period, Jeremiah Grossman is a familiar name. Having worked in security for two decades he's seen many industry cycles come and go.
Not content with simply being a professional hacker, highly acclaimed public speaker, published author, founder of WhiteHat Security, and current Chief of Security Strategy for endpoint security vendor SentinelOne, Jeremiah also holds a black belt in Brazilian Jiu-Jitsu. As InformationWeek put it, “Jeremiah is the embodiment of converged IT and physical security.”
Over his career, Jeremiah has been an admired advocate of the IT Security industry, but also critical of many aspects, such as the lack of vendor accountability to customers. So I was pleased to be able to get some time with him to pick his brain to get some insight into what he thought some of the most pressing issues are, and how we could best approach them.
We see the number of breaches on the rise and we hear a lot about nation-state actors and advanced threats. How many breaches in your opinion are due the lack of InfoSec know-how or available technology?
Very few breaches are the result of a lack of InfoSec know-how or available technology. Whether it was the breaches of Equifax, Home Depot, Target, Maersk, Sony, DNC, or thousands of others –each with the exception of perhaps Stuxnet –was entirely preventable. These breaches were the products of missing patches, simple misconfigurations, no multi-factor authentication, weak endpoint protection, and well-understood software flaws. The InfoSec community has seen every attack to exploit these a thousand times — nothing really impresses us anymore. It all boils down to a general lack of InfoSec basics.
Although it may seem from those outside the community that there is a lack of available security technology, that notion couldn’t be farther from the truth. In fact, it’s quite the opposite. We’re drowning in ‘hot new’ security products, yet another announced each day. What may be the biggest challenge in InfoSec is that we are seeing too much technology being thrown at today’s threats -- with the desperate hope that something will eventually stick.
While the bad guys are scaling up their attacks and becoming more deliberate, the InfoSec community is failing to match with the same speed and scale we are seeing from attacks.
What role does product innovation or awareness and education have to play in breaches?
Product innovation, awareness and education are huge when it comes to preventing breaches. In order to stop breaches from happening we have to know what we are up against, the motives behind such acts, and how adversaries are actually breaking into systems.
To better understand what innovation, awareness and education is needed most, we must have the data that comes from these breaches. This is something we’ve been thankfully getting better at over the years. And with aggregate investigations into this data, we’re better able to put the right strategies into place in order to counteract them.
For example, if a company is seeing an attack targeting them in an area where they are lacking proper defense measures, then they will need product innovation to cover that up. With the proper technology innovation and products in general, we’ll be able to react better and faster to incoming attacks. As attackers continue to scale, speed of the defense is everything.
You've spoken a lot in the past about incentives to do the right thing. Saying how those in the best position have limited incentives to make the right decision at the right time. What kind of incentives do you think need to be put in place?
Simply put: Financial incentives. While other colleagues may prefer governmental regulations, I’m pe |
Equifax | ||
|
2017-11-21 19:49:51 | House Committees Get Serious in New Letter to Equifax (lien direct) | The chairpersons of the House Science, Space, and Technology Committee and the House Oversight and Government Reform Committee on Monday sent a new letter (PDF) to Paulino Barros, the interim CEO of Equifax. | Equifax | ||
|
2017-11-21 14:00:00 | Keystroke Logging - How it Affects the Online Privacy of Internet Users (lien direct) |
Besides being a useful tool to study human-computer interaction, keystroke logging or keylogging is one of the most dangerous cyber threats for online users. Designed to covertly log everything a user types using the keyboard, keyloggers can silently steal and pass on your sensitive information to cybercriminals. Not just the websites you browse or the queries you google on, but your confidential details like online banking usernames and passwords can be recorded by a keylogger without your knowledge. The consequences? You might end up losing a fortune!
What do the stats say?
It is shocking to see that in July 2017, a data breach at Equifax led to the exposure of 145,500,000 consumer records, making it one of the largest data breaches in history.
Further, the target of hacking attacks are not just personal users, but many more. Take a look:
Businesses
Medical and Healthcare entities
Government or military targets
Educational institutions
From the above it is clearly evident that there is a strong need to understand and practice security measures to avoid online privacy intrusions.
How keystroke logging works
Keystroke logging can be achieved by both software and hardware. Let us see how these two methods work:
Hardware keylogger
A hardware keylogger is a device that resembles some part of the computer cabling and is connected in between the computer and keyboard. This resemblance makes it easy for the attacker to hide the device. Some examples include inline devices that are attached to the keyboard cable, keyboards with inbuilt keyloggers, etc. However, one drawback of using a hardware keylogger is that the attacker typically needs to return and uninstall the device in order to access the information that has been captured.
Software keylogger
Software keylogger is a computer program that needs to be downloaded and installed on the target computer. However, this software can also be a part of some malicious software downloaded unknowingly by the computer user or executed as a part of a rootkit that launches itself and works stealthily. The captured information is updated on the server periodically for the controller's access.
What types of information do keyloggers capture?
The capabilities of keyloggers vary according to their type and target. However, the following are some common actions done:
Capture passwords that are entered by users
Take screenshots of the device periodically
Capture URLs visited via web browsers and screenshots of the web pages that are viewed
Capture a list if all the applications that are running on the device
Capture copies of sent emails
Capture logs of all instant messaging (IM) sessions
The data captured by a keylogger is automatically sent in the form of reports to a remote computer or web server, as defined by the attacker. The report is either sent by email, FTP or HTTP.
How to avoid keylogger intrusions
Use an Antivirus with Anti-Keylogger capabilities
Go for an Antivirus Software with anti-keylogger capabilities, as it is a type of software specifically designed for the detection of keystroke logging software. Such software has the ability to delete or at least immobilize hidden keystroke logging software on a computer.
Say no to free software
Since keyloggers can easily attach themselves to freeware available over th |
Equifax | ||
 |
2017-11-19 20:44:20 | North Korea\'s widening Net, pricing the Equifax Hack & Dark Markets in Turmoil (lien direct) | In this week’s podcast, after a string of reports about North Korea’s growing forays onto sensitive corporate networks, we speak with Adam Meyers of CrowdStrike about the widening net of North Korean offensive hacking and how the Hermit Kingdom is playing the part both of cyber criminal and nation-state actor. Also: we unpack the...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/495673822/0/thesecurityledger -->»
|
Cloud | Equifax APT 37 | |
 |
2017-11-13 16:55:19 | How to Opt Out of Equifax Revealing Your Salary History (lien direct) | A KrebsOnSecurity series on how easy big-three credit bureau Equifax makes it to get detailed salary history data on tens of millions of Americans apparently inspired a deeper dive on the subject by Fast Company, which examined how this Equifax division has been one of the company's best investments. In this post, I'll show you how to opt out of yet another Equifax service that makes money at the expense of your privacy. | Equifax | ||
 |
2017-11-11 18:06:42 | Equifax earnings release: Security breach related expenses cost $87.5 Million in Q3 (lien direct) | >Equifax announced during the third quarter of 2017, it incurred $87.5 million in expenses related to the cyber attack that was reported in September. It is very difficult to estimate the overall losses caused by a cyber attack because victims incur in direct and indirect costs that aren’t easy to calculate. This week the credit reporting […] | Equifax | ||
|
2017-11-11 03:00:00 | Hack Cost Equifax Only $87.5 Million — for Now (lien direct) | During an earnings call detailing the Q3 2017 financial results, Equifax execs said the company incurred $87.5 million in expenses related to the massive data breach it suffered earlier in the year and which it publicly disclosed in September 2017. [...] | Equifax | ||
|
2017-11-10 11:28:29 | $87 million – that\'s how much the data breach cost Equifax (lien direct) | Equifax has disclosed the cost of the data breach that the company suffered this year which amounted to $87m and saw a 30% plunge in stock price. View Full Story ORIGINAL SOURCE: Security Ledger | Equifax | ||
|
2017-11-10 00:18:32 | Equifax says breach cost it $87m (lien direct) | Data broker Equifax said that the data breach that spilled information on some 140 million individuals has cost the company $87 million so far, with more costs likely in the future. The disclosure, made as part of the company’s quarterly filing with the US Securities and Exchange Commission, is the first public disclosure of the direct costs...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/489498552/0/thesecurityledger -->» | Equifax | ||
|
2017-11-08 20:16:00 | Equifax, Yahoo fail to answer the most basic questions during Senate hearing (lien direct) | Senators were left frustrated as Yahoo didn't know how it was hacked, and Equifax still didn't know who. | Equifax Yahoo | ||
|
2017-11-03 16:19:24 | Equifax Says Execs Unaware of Hack When They Sold Stock (lien direct) | Equifax said Friday an internal review found that four executives who sold shares ahead of disclosure of a massive data breach at the credit agency were unaware of the incident ahead of the sale. | Equifax | ||
|
2017-11-03 14:28:56 | New York State Proposes Stricter Data Protection Laws Post Equifax (lien direct) | New York State Attorney General Eric T. Schneiderman introduced new legislation Thursday, designed to protect New Yorkers from corporate data breaches like the recent Equifax breach that affected more than 145 million Americans, including 8 million New York residents. Its purpose is to increase the security of private information in a business-friendly manner. | Equifax | ||
|
2017-11-02 14:04:20 | Equifax Reopens Salary Lookup Service (lien direct) | Equifax has re-opened a Web site that lets anyone look up the salary history of a large portion of the American workforce using little more than a person's Social Security number and their date of birth. The big-three credit bureau took the site down just hours after I wrote about it on Oct. 8, and began restoring the site eight days later saying it had added unspecified "security enhancements." | Equifax | ||
|
2017-11-02 10:55:16 | Marissa Mayer to Testify at Data Breach Senate Hearing (lien direct) | >Ex-Yahoo! CEO Marissa Mayer will testify, alongside the current and past Equifax CEO’s, in front of Senators on Nov. 8th, on two massive data breaches. Read Full Story ORIGINAL SOURCE: Fortune | Equifax Yahoo | ||
|
2017-11-01 03:00:59 | Could Containers Save The Day? 10 Things to Consider when Securing Docker (lien direct) | >By now, we're all aware of the Equifax breach that affected 143 million customer records. Equifax reports that Apache Struts vulnerability CVE-2017-5638 was used by the attackers. Equifax was not running its vulnerable struts application in a container, but what if it had been? Containers are more secure, so this whole situation could have been […]… Read More | Equifax | ||
 |
2017-10-27 15:57:11 | NBlog October 27 - Equifax cultural issues (lien direct) |   Motherboard reveals a catalog of issues and failings within Equifax that seem likely to have contributed to, or patently failed to prevent, May's breach of sensitive personal information on over 145 million Americans, almost half the population.Although we'll be using the Equifax breach to illustrate November's awareness materials on privacy, we could equally have used them in this month's module on security culture since, according to BoingBoing:"Motherboard's Lorenzo Franceschi-Bicchierai spoke to several Equifax sources who described a culture of IT negligence and neglect, in which security audits and warnings were routinely disregarded, and where IT staff were unable to believe that their employers were so cavalier with the sensitive data the company had amassed."'A culture of IT negligence and neglect' is almost the opposite of a security culture, more of a toxic culture you could say. Workers who simply don't give a stuff about information security or privacy are hardly likely to lift a finger if someone reports issues to them, especially if (as seems likely) senior managers are complicit, perhaps even the source of the toxin. Their lack of support, leadership, prioritization and resourcing for the activities necessary to identify and address information risks makes it hard for professionals, staff members and even management |
Guideline | Equifax | |
|
2017-10-27 13:00:00 | Things I Hearted This Week – 27th October 2017 (lien direct) |
The role of marketing in cybersecurity
This is from an interview with Theresa Payton, former CIO of the White House, who offers interesting comments and observations around the role of marketing and why CMOs need to work closer with CISOs:
My pushback has been for some time that this is a wake-up call for the security side. The reason these colossal security systems don’t work is because we don’t design for humans. We design the perfect systems and then we claim that the users are making the mistakes.
The Equifax Breach: Former White House CIO Believes Marketers Need To Be Engaged In Cybersecurity | Forbes
Public speaking for academic economists
The title of this is probably the furthest thing you might expect from information security, but it made my list this week because it is actually very relevant. Just like academics, information security professionals often have to convey complex concepts to non-security professionals. This deck lays out a lot of very useful points that are worth bearing in mind.
Public speaking for academic economists | Dropbox link
Equifax woes continue
The UK financial regulator is stepping into the mess following the huge breach at Equifax. The regulator has said it is investigating the circumstances – and has the potential to fine or even revoke the company's right to operate in the UK.
UK financial regulator confirms it is probing Equifax mega-breach | The Register
Equifax under FCA investigation over data breach | The Telegraph
FCA launches probe into Equifax | Financial Times
Ghost of scammers
In a story that proves that nothing is sacred to scammers, a Louisiana-based funeral home had its email account taken over and scam emails sent out to customers and suppliers asking for money.
If a funeral home isn’t safe from hackers, who is?
Hackers Take Over Funeral Home's Email Account and Run Online Scams | Bleeping Computer
Google testing Android feature to hide DNS requests
Google has added support in Android for an experimental feature that will encrypt DNS requests and prevent network-level attackers from snooping on user traffic. This new feature is named "DNS over TLS," an experimental protocol currently receiving comments at the Internet Engineering Task Force (IETF), an Internet standards body.
Android getting “DNS over TLS” support to stop ISPs from knowing what websites you visit | XDA Developers
Google testing Android feature to hide DNS requests | Bleeping Computer
|
Guideline | Equifax | |
|
2017-10-25 10:30:00 | Why Patching Software Is Hard: Organizational Challenges (lien direct) | The Equifax breach shows how large companies can stumble when it comes to patching. Organizational problems can prevent best practices from being enforced. | Equifax | ||
|
2017-10-24 13:55:15 | UK Probes Equifax Hacking (lien direct) | Britain's financial watchdog on Tuesday said it was investigating a massive hack of the US consumer credit rating service Equifax that affected potentially almost 700,000 British customers. | Equifax | ||
|
2017-10-24 12:25:06 | Equifax to be investigated by FCA over data breach (lien direct) | The regulator is making enquiries after data belonging to many thousands of UK customers was lost. | Equifax | ||
 |
2017-10-24 10:30:58 | UK\'s FCA to probe Equifax breach of Britons\' data (lien direct) | The UK's financial regulatory body has announced it is to probe the Equifax data breach believed to have affected hundreds of thousands of Britons | Equifax | ||
|
2017-10-21 17:00:21 | US Banks Push To Improve Security Post-Equifax (lien direct) | The ISBuzz Post: This Post US Banks Push To Improve Security Post-Equifax | Equifax | ||
|
2017-10-20 15:46:03 | EquiFIX - Lessons Learned From the Most Impactful Breach in U.S. History (lien direct) | While Equifax is the latest major data breach to hit the headlines, we know it will not be the last. How prepared is your organization if you were similarly targeted? | Equifax | ||
|
2017-10-18 16:23:22 | Equifax Hack: Keep Your Friends Close, but Your Supply Chain Closer (lien direct) | After more than 145 million customer records were compromised in the Equifax data breach, the company's stock plummeted by more than 30 percent. That amounted to market capitalization losses north of $5 billion. | Equifax | ||
 |
2017-10-18 16:11:52 | PornHub et Equifax, même combat ! (lien direct) | >Après la fuite de plusieurs dizaines de millions de données clients, la société Equifax a dû faire face à l’infiltration de son site web par une publicité malveillante. Les révélations autour de la sécurité informatique de la société Equifax ne cessent de faire des vagues. Après un mot de pass... Cet article PornHub et Equifax, même combat ! est apparu en premier sur ZATAZ. | Equifax | ||
|
2017-10-18 13:00:00 | Streamline Incident Response with USM Anywhere and Jira (lien direct) | The recent data breach at Equifax is the latest cautionary tale for what can happen when the response to a threat lags behind the initial detection. The vulnerability that ultimately led to the breach was correctly identified, but the delay in patching the affected systems created a window of opportunity for attackers to exploit it. On this front, Equifax is not alone. According to the SANS 2017 Incident Response Survey, nearly half of the survey base reported that, on average, it takes more than 24 hours to contain a threat, and 82% reported a remediation time of one month or longer. There are many factors that can slow down an incident response process. Commonly, IT and security reside in different parts of the organization and may use different systems to track and prioritize work. Having to work across multiple ticketing workflow systems that are complex to integrate, redundant, or siloed by product can slow down or introduce errors into an incident response process. To help reduce time, complexity, and errors in kicking off incident response activities, we’ve brought AlienVault USM Anywhere closer together with Jira, a leading issue and project tracking software. Today, we’re announcing our newest AlienApp for Jira, instantly available to all USM Anywhere customers. The AlienApp for Jira helps close the gap between threat detection and incident response activities. With the AlienApp for Jira, you can open and track Jira issues directly from USM Anywhere, making it easy, fast, and efficient to monitor the lifecycle of your incident response activities, even across multiple security and IT teams. From any alarm, event, or vulnerability detected in USM Anywhere, you can create a new Jira issue that captures the relevant threat data needed for effective response, saving you time and effort. You can also automate the creation of new Jira issues in response to threats detected in USM Anywhere to further reduce the time between detection and resolution. By combining USM Anywhere with Jira, one of the most widely-used tools for both IT service organizations and software development teams, you can streamline your incident response activities and effectively reduce the time to resolution for security incidents. The Problem Returning to the Equifax example, let’s look at a simplified scenario of how a vulnerability moves from identification to remediation in many organizations. A regular network scan (usually off hours) identifies a critical vulnerability. The next day (and sometimes later), a security analyst reviews the scan results and identifies which machines need patching. The security analyst logs into a separate IT ticketing system and manually enters all of the relevant information about the vulnerability. The ticket is added to a long queue of requests for the IT team. The security analyst continually checks the ticketing system (and/or badgers his or her IT colleagues) to see the status of the request. Now, let’s look at the same scenario with USM Anywhere and Jira working in concert thanks to the AlienApp for Jira. A regular network scan (usually off hours) identifies a critical vulnerability. A USM Anywhere orchestration rule immediately responds to the new vulnerability by automatically creating an issue in Jira, including the relevant information about the vulnerability and the affected asset. The Jira issue is immediately triaged by the IT team and assigned. The security analyst arrives at work in the morning, checks USM Anywhere, and sees that the vulnerability has been identifie | Guideline | Equifax | |
|
2017-10-18 08:12:17 | Many Equifax Hack Victims Had Info Stolen Prior to Breach: IRS (lien direct) | The U.S. Internal Revenue Service (IRS) believes the recent Equifax breach will not make a significant difference in terms of tax fraud considering that many victims already had their personal information stolen prior to the incident. | Equifax | ||
|
2017-10-16 19:00:56 | A week in security (October 9 – October 15) (lien direct) |
A compilation of notable security news and blog posts from Monday, October 9 to Sunday, October 15. We presented our quarterly report, won security awards, and lots more.
Categories:
Security world
Week in security
Tags: a week in securityandroid ransomwarebotnetcryptominersddosEquifaxhack backsphishingTransunion
(Read more...)
|
Equifax | ||
|
2017-10-16 11:06:36 | US Banks to introduce New anti-fraud Measures (lien direct) | >US Banks are stepping up and increasing anti fraud measures after the Equifax breach. Read Full Story ORIGINAL SOURCE: FT | Equifax | ||
|
2017-10-16 03:01:29 | Secure Defaults and The Design of the Credit System (lien direct) | >When designing systems today, everyone is aware that security is an essential feature, even in systems that you don't think are critical. The recent Equifax breach brought home to me one of the most important factors of designing secure systems (software or not): delivering systems with secure defaults. In today's threat-rich environment, the secure configuration […]… Read More | Equifax |
To see everything:
Our RSS (filtrered)
