What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-09-26 18:28:26 | Oracle Patches Apache Struts, Reminds Users to Update Equifax Bug (lien direct) | Oracle released fixes for a handful of recently patched Apache Struts 2 vulnerabilities late last week. | Equifax | ||
 |
2017-09-26 17:29:56 | Equifax boss leaves after data breach (lien direct) | The credit report giant's chairman and chief executive, Richard Smith, steps down with immediate effect. | Equifax | ||
 |
2017-09-26 13:39:22 | Equifax CEO Steps Down After Massive Data Breach (lien direct) | Equifax CEO Richard Smith Steps Down After Massive Data Breach, Will Not Get Annual Bonus | Equifax | ||
 |
2017-09-26 13:02:00 | Equifax chief executive steps down after massive data breach (lien direct) | The former chief executive made over $4 million in salary last year. | Equifax | ||
 |
2017-09-26 11:45:25 | Equifax breach claims another scalp (lien direct) | The CEO of Equifax has stepped down – the third executive to leave the company after it disclosed a massive data breach | Equifax | ||
 |
2017-09-26 10:15:00 | Equifax CEO Retires in Wake of Breach (lien direct) | After the company's CIO and CSO resigned Sep. 14, Chairman and CEO Richard F. Smith follows them out the door. | Equifax | ||
 |
2017-09-26 02:35:47 | Under Cover of Graham-Cassidy, Senate GOP Moving to Gut Major CFPB Rule (lien direct) | The kind of forced arbitration Equifax pushed in the wake of its hack would be banned by the CFPB. Republican senators want to keep it legal. | Equifax | ||
 |
2017-09-25 18:23:03 | Equifax hack sheds light on ripe attack vector: open-source protocols used in business networks (lien direct) | A major takeaway from the Equifax debacle that hasn't gotten enough attention is this: The massive data theft happened because of a vulnerability in an open-source component, which the credit bureau failed to lock down. Remember Heartbleed and Shellshock, the two massive security flaws discovered in open-source internet protocols back in 2014? The waves of network […] | Equifax | ||
 |
2017-09-25 16:24:17 | A week in security (September 18 – September 24) (lien direct) |
A compilation of notable security news and blog posts from the 18th of September to the 24th of September. Read all about the CCleaner supply chain attack and a lot of other security news.
Categories:
Security world
Week in security
Tags: atsccleanerEquifaxiceIRSmacnetflixweekly blog roundup
(Read more...)
|
CCleaner Equifax | ||
 |
2017-09-24 13:46:54 | Security Affairs newsletter Round 129 – News of the week (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Once again thank you! ·Â Â Â Â Â 400,000 UK consumers at risk after the Equifax data breach ·Â Â Â Â Â Chrome will label Resources delivered via FTP as Not Secure ·Â Â Â Â Â MAGENTO 2.0.16 and 2.1.9 security update fixes critical flaw in […] | Equifax | ||
 |
2017-09-24 12:53:16 | Equifax or Equiphish? (lien direct) | More than a week after it said most people would be eligible to enroll in a free year of its TrustedID identity theft monitoring service, big three consumer credit bureau Equifax has begun sending out email notifications to people who were able to take the company up on its offer. But in yet another security stumble, the company appears to be training recipients to fall for phishing scams. | Equifax | ||
|
2017-09-23 09:13:05 | The Equifax Breach – Another case for professionalizing Information Security (lien direct) | One of my part-time hobbies is pushing to professionalize the Information Security profession. Admittedly, it is a lonely pastime and not nearly as exhilarating as it sounds. I wrote a multi-part article about the topic called “What does Information Security have in common with Eastern Air Lines Flight 401?” Allow me to quote myself: Providing […] |
Equifax | ||
 |
2017-09-23 04:45:27 | Weekly update 53 (Salt Lake City edition) (lien direct) | Presently sponsored by: Get a security solution that will keep your website up and running-and keep you sleeping soundly: Symantec Website Security. Learn howWhat a week! Epic hardly describes the experience I've just had at Pluralsight Live in Utah, not least of which was this stage:
No new writing this week but I did want to comment on the Equifax CSO degree story (and my poorly worded tweet about it) as well as... |
Equifax | ||
|
2017-09-22 15:53:26 | Our Analog Future: Election Hacking puts Paper Ballots back in Vogue (lien direct) | Virginia is reverting from electronic to paper ballots while Rhode Island’s legislature this week passed a law to mandate audits comparing paper and electronic voting records. One of the natural responses to an increasingly digital world is to fall back to non-digital and electronic alternatives to digital technologies that we’ve...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/460710140/0/thesecurityledger -->»Related StoriesIt’s the Corruption, Stupid: why Russians aren’t the biggest threat to Election SecurityFacebook: Russia’s Hand in Disinformation Campaign That Reached MillionsBeset by Lawsuits, Scams, Investigations, Equifax names Source of Breach | Equifax | ||
|
2017-09-22 13:00:01 | Threatpost News Wrap, September 24, 207 (lien direct) | The Equifax data breach saga so far, a Google HTTPS warnings paper, cryptocurrency mining at the Pirate Bay, and bringing machine learning to passwords are all discussed. | Equifax | ||
|
2017-09-22 13:00:01 | (Déjà vu) Threatpost News Wrap, September 22, 2017 (lien direct) | The Equifax data breach saga so far, a Google HTTPS warnings paper, cryptocurrency mining at the Pirate Bay, and bringing machine learning to passwords are all discussed. | Equifax | ||
|
2017-09-22 10:30:34 | Equifax faces small business class action over data breach (lien direct) | Small businesses in the US have filed a class-action lawsuit against credit rating firm Equifax, representing millions of others affected by a breach of personal data | Equifax | ★★★★★ | |
|
2017-09-21 22:21:31 | Court Balks at FTC\'s D-Link Complaint, Wants Proof of Harm (lien direct) | A federal judge in California put the brakes on the U.S. Federal Trade Commission’s complaint against D-Link Systems over lax security in its consumer routers and IP cameras, saying that the Commission needs to produce evidence of concrete harm to consumers. A federal judge in California has put the brakes on the U.S. Federal Trade...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/460548382/0/thesecurityledger -->»Related StoriesEquifax Executives Depart Amid Growing BacklashA Year Later: FDA approves Software Fix for Security Flaws in PacemakersBeset by Lawsuits, Scams, Investigations, Equifax names Source of Breach | Equifax | ||
 |
2017-09-21 16:01:41 | a-PATCH-e: Struts Vulnerabilities Run Rampant (lien direct) | Equifax confirmed the attack vector used in its data breach to be CVE-2017-5638, a vulnerability patched last March 2017 via S2-045. The vulnerability was exploited to gain unauthorized access to highly sensitive data of approximately 143 million U.S. and 400,000 U.K. customers, as well as 100,000 Canadian consumers. This vulnerability was first disclosed in March, almost immediately followed by publicly available POCs, weaponized exploits, and scanners produced by third parties. Trend Micro observed thousands of filter events via our intrusion prevention solutions against the filters for this vulnerability since March, and these exploits or enumeration attempts are still being seen. It's worth noting that these Trend Micro customers can leverage these filters to provide a highly effective virtual patch to address critical Apache Struts vulnerabilities until actual software updates are deployed to secure the system. Post from: Trendlabs Security Intelligence Blog - by Trend Micro a-PATCH-e: Struts Vulnerabilities Run Rampant | Equifax | ||
|
2017-09-21 09:53:42 | Equifax Sent Breach Victims to Fake Website (lien direct) | Equifax has made another blunder following the massive data breach suffered by the company – it advised some customers on Twitter to access a fake support website set up by a security researcher. | Equifax | ||
|
2017-09-21 03:35:26 | Equifax Breach: Setting the Record Straight (lien direct) | Bloomberg published a story this week citing three unnamed sources who told the publication that Equifax experienced a breach earlier this year which predated the intrusion that the big-three credit bureau announced on Sept. 7. To be clear, this earlier breach at Equifax is not a new finding and has been a matter of public record for months. Furthermore, it was first reported on this Web site in May 2017. | Equifax | ||
|
2017-09-20 17:52:49 | INFOGRAPHIC: Studies show \'security fatigue\' may trigger apathy in wake of Equifax hack (lien direct) | By Byron V. Acohido There is no mistaking that, by now, most consumers have at least a passing awareness of cyber threats. Two other things also are true: All too many people fail to take simple steps to stay safer online; and individuals who become a victim of identity theft, in whatever form, tend to […] | Equifax | ||
|
2017-09-20 16:03:58 | Report: 1.9b Records Lost in First Half of 2017, topping 2016 (lien direct) | A survey of public data breaches has found a large increase in the number of records that have been stolen, lost or compromised in the first six months of 2017. The firm Gemalto said that the number of records caught up in breaches jumped 164% from the second half of 2016 and the first half 2017 to almost 2 billion lost records. That is more than...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/460186528/0/thesecurityledger -->»Related StoriesBeset by Lawsuits, Scams, Investigations, Equifax names Source of BreachEquifax Executives Depart Amid Growing BacklashHeading to College? Job 1: Lock Down your ‘Directory Information’ | Equifax | ||
 |
2017-09-20 13:00:00 | Blockchain Technology as a Replacement for Our Stolen Identities (lien direct) |
Just when we thought, “it couldn’t get worse”. Just when we boldly exclaimed, “I never applied for a government job, so I don’t have to worry about what happened at the Office of Personnel Management”.
Just when we confidently boasted, “Well, I was never an Ashley Madison subscriber”.
Equifax happened.
None of us can behave with any certainty that our personal information is protected. As we have all seen, Equifax is incapable of reliably alerting anyone whether their data was taken or not. That data is all available to anyone willing to pay the market price. Perhaps a full-fledged identity theft ring will use the information for their own enrichment, or perhaps a less nefarious entity will use the information just to pry into your private information. Either way, the discomfort is real.
After this new mess, we have to reconsider our identities. Assume that all of the information that was previously used to identify you is no longer valid. Your Social Security number, driver’s license information, and even some of your credit card data is now out in the wild. What method will be used from this point forward?
About a month ago, there was a bit of shock when it was reported that a company had developed an implantable chip that could be used for simple tasks such as opening a door, or authenticating you to a computer system. This implantable biochip and its associated perils is reminiscent of those in so many science fiction movies. Many of us recoiled at the idea that we would become trackable by organizations that we did not trust.
Is it too late to reconsider this idea? Many would say that the bio-chip data must be stored somewhere, so it is just as vulnerable as the data that was already taken, so how is it any different than that held by the credit bureaus?
This difference is that the biochip companies have a clean security slate from which to build their practice and they have plenty of breach history to draw upon in order to avoid doing it incorrectly. However, is that any guarantee that they will get it right? Of course not. I, like most, am not ready for my biochip.
Perhaps the next system of identification could be based on blockchain technology, whereby we are all issued a hash number. Think of the possibilities of that. We can all have a unique identifier based on a characteristic that is unique to each of us. Perhaps a hash value of the digitized value of all of your fingerprints, or the hash of your iris scan at a particular point in time. The interesting part would be that all biological children of two individuals would be given an identity generated from the parents’ hash IDs until such time that they may be issued an individual hash.
The worst part of all the recent data loss is that no matter what method is devised to replace our identities, it must still be linked back to those old, stolen credentials, or much of the economic structures of society will unravel.
We are certainly at the doorway of a new age of identity and identity protection.
   |
Equifax | ||
|
2017-09-20 10:00:00 | 1.9 Billion Data Records Exposed in First Half of 2017 (lien direct) | Every second, 122 records are exposed in breaches around the globe, a new report shows. And that's doesn't even include the new Equifax breach data. | Equifax | ||
|
2017-09-20 02:19:33 | FedEx: NotPetya Cost $300m, Wrecked Q1 Earnings (lien direct) | FedEx, the worldwide package delivery giant, said in a regulatory filing on Tuesday that the NotPetya ransomware outbreak in late June has cost it an estimated $300 million dollars and forced the company to miss its fiscal first quarter earnings. The company said in its quarterly “8K” report to the U.S. Securities and Exchange...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/460060256/0/thesecurityledger -->»Related StoriesEquifax Executives Depart Amid Growing BacklashBeset by Lawsuits, Scams, Investigations, Equifax names Source of BreachBluetooth Flaw affects Billions of Devices and has a Name: BlueBorne | FedEx NotPetya Equifax | ||
|
2017-09-19 18:32:53 | Equifax Breach Affects 100,000 Canadians (lien direct) | Equifax revealed on Tuesday that the recent data breach affects roughly 100,000 Canadian consumers, but the company's systems in Canada were not compromised. | Equifax | ||
|
2017-09-19 17:47:58 | Equifax Suffered Earlier Breach in March (lien direct) | Equifax suffered another breach of its systems, back in March, the company revealed Monday. | Equifax | ||
 |
2017-09-19 11:33:58 | Misleading headlines about Equifax\'s *earlier* hack (lien direct) |  |
Guideline | Equifax | |
|
2017-09-19 10:23:58 | New York Pushes to Regulate Credit Agencies After Equifax Breach (lien direct) | New York Governor Andrew Cuomo announced on Monday plans to make credit reporting firms comply with the 23 NYCRR 500 cybersecurity regulations enacted earlier this year. | Equifax | ||
|
2017-09-19 09:13:03 | Heads roll, as it\'s revealed Equifax\'s IT team knew it hadn\'t patched web app vulnerability (lien direct) |  |
Equifax | ||
 |
2017-09-19 03:05:10 | The Equifax Hack (lien direct) | The personal information of 143-million people may have been compromised when the consumer credit reporting agency Equifax was hacked. What do we know about the attack? And what can we do going forward? | Equifax | ||
 |
2017-09-19 01:04:32 | Reaction To Equifax Story (lien direct) | The ISBuzz Post: This Post Reaction To Equifax Story | Equifax | ||
|
2017-09-18 22:10:42 | A week in security (September 11 – September 17) (lien direct) |
A compilation of security news and blog posts from the 11th - 17th September. We look at 0days, more Equifax developments, our usual smattering of blog posts, and more!
Categories:
Security world
Week in security
Tags: 0dayAndroidEquifaxLinkedInmalwarephishingroundupweek in security
(Read more...)
|
Equifax | ||
|
2017-09-18 22:07:05 | After Equifax: What Makes a Good CSO? Also: App Sec is a Mess. We Talk about Why. (lien direct) | What makes a good CSO? In the wake of the Equifax breach, we talk about the controversy over that company’s CSO’s music degree. Also: we talk with Signal Sciences about why companies keep getting hacked via application vulnerabilities like the Apache Struts hole that felled Equifax. What makes a good CSO? In the wake of the Equifax...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/459821364/0/thesecurityledger -->»
Related StoriesAfter Equifax: What Makes a Good CSO? Also: App Sec is a Mess. We Talk about Why. - EnclosureBeset by Lawsuits, Scams, Investigations, Equifax names Source of BreachEquifax Executives Depart Amid Growing Backlash
|
Equifax | ||
|
2017-09-18 19:49:37 | Equifax Cybersecurity Failings Revealed Following Breach (lien direct) | Shortcomings revealed by researchers and cybersecurity firms following the massive data breach suffered by Equifax show that a successful hacker attack on the credit reporting agency's systems was inevitable. | Equifax | ||
|
2017-09-18 18:20:00 | Equifax Exec Departures Raise Questions About Responsibility for Breach (lien direct) | Disclosed details suggest a failure by the technology team but senior executives and the board are not above responsibility as well, experts say. | Equifax | ||
 |
2017-09-18 10:20:17 | 400,000 UK Customers Affected in Huge Equifax Breach (lien direct) | Equifax have finally revealed that 400,000 UK Customers have been affected in the recent breach. Read Full Story ORIGINAL SOURCE: IT Pro Portal | Equifax | ||
|
2017-09-18 09:40:38 | Equifax Shares More Details About Breach (lien direct) | Equifax has shared more details about the recent breach that affects roughly 143 million U.S. consumers, including how it discovered the unauthorized access and the number of individuals impacted by the incident in the United Kingdom. | Equifax | ||
|
2017-09-18 09:32:10 | Equifax Leaders Retire (lien direct) | Equifax’s CIO and CISO are retiring, after the company acknowledged they knew about, and failed to act upon, the vulnerability which led to the huge data breach. View Full Story Original Source: The Register | Equifax | ★★ | |
|
2017-09-18 05:30:55 | Heads roll as Equifax reveals 400,000 Britons affected by breach (lien direct) | Equifax replaces two senior staff members as it reveals how many Britons were hit by a massive data breach that affected millions of consumers | Equifax | ||
|
2017-09-17 07:54:57 | 400,000 UK consumers at risk after the Equifax data breach (lien direct) | About 400,000 Britons may have had their information stolen following the Equifax data breach, the news was reported by the UK division of the company. More details are emerging from the recent Equifax data breach that impacted approximately 143 million U.S. consumers. The attackers exploited the CVE-2017-5638 Apache Struts vulnerability that was fixed back in March, but the company […] | Equifax | ||
 |
2017-09-16 22:37:33 | Equifax confirms up to 400,000 UK consumers at risk after data breach (lien direct) | Credit reporting agency Equifax has revealed more details of just how many people are affected in the UK, as consumers are warned of the risk of phishing attacks. | Equifax | ||
|
2017-09-16 22:10:21 | Opinion: when they say your major is a problem, what they mean is your gender is a problem (lien direct) | In-brief: Talking about Susan Mauldin’s music degree is a socially acceptable way for men to vent about a woman who they don’t feel belongs in their workplace – especially not in a senior role. Have you heard the latest scandal about Equifax? Not content to lose sensitive and personally identifying information on 143 million...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/459428158/0/thesecurityledger -->»Related StoriesInside the Equifax Hack, Facebook’s Problem with Authoritarianism & ASPertise harnesses Asperger’s Syndrome to solve Cyber Security ProblemsInside the Equifax Hack, Facebook’s Problem with Authoritarianism & ASPertise harnesses Asperger’s Syndrome to solve Cyber Security Problems - EnclosureHeading to College? Job 1: Lock Down your ‘Directory Information’ | Equifax | ||
|
2017-09-16 18:55:40 | Equifax Executives Depart Amid Growing Backlash (lien direct) | In-brief: Equifax said on Friday that its Chief Information Officer and Chief Security Officer had “retired” in the wake of a massive data breach that leaked sensitive on some 143 million people. Equifax said on Friday that two of its senior executives had “retired” in the wake of a massive data breach that leaked...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/459407974/0/thesecurityledger -->»Related StoriesBeset by Lawsuits, Scams, Investigations, Equifax names Source of BreachMcKinsey: CEOs need IoT Security PlanAnalysis: there is both Means and Motive for Cyber Attacks on Navy Vessels | Equifax | ||
 |
2017-09-16 18:39:05 | People can\'t read (Equifax edition) (lien direct) | One of these days I'm going to write a guide for journalists reporting on the cyber. One of the items I'd stress is that they often fail to read the text of what is being said, but instead read some sort of subtext that wasn't explicitly said. This is valid sometimes -- as the subtext is what the writer intended all along, even if they didn't explicitly write it. Other times, though the imagined subtext is not what the writer intended at all.A good example is the recent Equifax breach. The original statement says:Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers.The word consumers was widely translated to customers, as in this Bloomberg story:Equifax Inc. said its systems were struck by a cyberattack that may have affected about 143 million U.S. customers of the credit reporting agencyBut these aren't the same thing. Equifax is a credit rating agency, keeping data on people who are not its own customers. It's an important difference.Another good example is yesterday's quote "confirming" that the "Apache Struts" vulnerability was to blame:Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted. We know that criminals exploited a U.S. website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638.But it doesn't confirm Struts was responsible. Blaming Struts is certainly the subtext of this paragraph, but it's not the text. It mentions that criminals had exploited the Struts vulnerability, but don't actually connect the dots to the breach we are all talking about.There's probably reasons for this. While it's easy for forensics to find evidence of Struts exploitation in logfiles, it's much harder to connect this to the breach. While they suspect Struts, they may not actually be able to confirm it. Or, maybe they are trying to cover things up, where they feel failing to patch is a lesser crime than what they really did.It's at this point journalists should earn their pay. Instead rewriting what they read on the Internet, they could do legwork and call up Equifax PR and ask.The purpose of this post isn't to discuss Equifax, but the tendency of people to "read between the lines", to read some subtext that wasn't actually expressed in the text. Sometimes the subtext is legitimately there, such as how Equifax clearly intends people to blame Struts thought they don't say it outright. Sometimes the subtext isn't there, such as how Equifax doesn't mean it's own customers, only "U.S. consumers". Journalists need to be careful about making assumptions about the subtext. Update: The Equifax CSO has a degree in music. Some people have criticized this. Most people have defended this, pointing out that almost nobody has an "infosec" degree in our industry, and many of the top people have no degree at all. Among others, @thegrugq has pointed out that infosec degrees are only a few years old -- they weren't around 20 years ago when today's corporate officers were getting their degrees.Again, we have the text/subtext problem, where people interpret infosec degrees as being the same as computer-science degrees, the later of which have existed for decades. Some, as in this case, consider them to be wildly different. Others consider them to be nearly the same. |
Guideline | Equifax | |
 |
2017-09-16 08:53:03 | Equifax Releases New Information About Security Breach as Top Execs Step Down (lien direct) | In a press release published late Friday night, credit rating and reporting firm Equifax revealed new details about the security breach that exposed the personal details of over 143 million users, and also announced the immediate retirement of two high-ranking executives. [...] | Equifax | ||
|
2017-09-16 08:31:31 | Equifax- or the new gold standard for “how not to do Incident Responseâ€! (lien direct) | The cybersecurity expert Stuart Peck, Director of Cyber Security Strategy, ZeroDayLab, shared its view on the Equifax data breach. For those of you living under a rock this week, Equifax suffered a major breach in their security, which led to over 143 million records being stolen by attackers. The information held by Equifax is highly […] | Equifax | ||
|
2017-09-16 07:35:26 | Hackers are offering Equifax data for sale, but they are scammers (lien direct) | It has happened, the information stolen in the recent Equifax data breach is offered for sale on the dark web by crooks, but watch out, they are scammers. Equifax discovered the intrusion on July 29, but only 3 months the agency notified customers the incident (on September 7) that occurred between mid-May and late July. The breach affects […] | Equifax | ||
|
2017-09-15 22:09:25 | Equifax Security Chief, CIO to \'Retire\' Immediately (lien direct) | Following the massive data breach that was disclosed on September 7, Equifax announced on Friday that Chief Security Officer Susan Mauldin and Chief Information Officer David Webb are retiring from the company effective immediately. | Equifax |
To see everything:
Our RSS (filtrered)
