What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-09-15 19:51:48 | Quand une société d\'assurance a comme mot de passe son login (lien direct) | Mot de passe or not mot de passe ! La société Equifax voit un second problème de sécurité piratage toucher ses services d’assurance. Sa filiale en Argentine utilisait comme mot de passe… son login d’identification. Le piratage informatique tient souvent à pas grand chose, à un mot ... Cet article Quand une société d’assurance a comme mot de passe son login est apparu en premier sur ZATAZ. | Equifax | ||
 |
2017-09-15 16:15:15 | NEWS THIS WEEK: Kaspersky ban underway for U.S. agencies; Equifax data breach lawsuits pile up; Europe plans new agency to quell cyber threats (lien direct) | By Byron V. Acohido The U.S. government moved to ban the use of a Russian brand of security software by federal agencies amid concerns the company has ties to state-sponsored cyber espionage activities. Acting Homeland Security Secretary Elaine Duke ordered that federal civilian agencies identify Kaspersky Lab software on their networks. After 90 days, unless otherwise directed, […] | Equifax | ||
 |
2017-09-15 13:14:10 | Scammers Offer to Sell Data Stolen in Equifax Hack (lien direct) | While the large amount of information stolen in the recent Equifax hack might be up for sale somewhere on the dark web, scammers have also set up websites offering the data from the U.S. credit reporting agency. | Equifax | ||
 |
2017-09-15 13:00:00 | Things I Hearted this Week (lien direct) |
A new beginning, a refresh, or has nostalgia finally caught up? We’re changing the name of this weekly update back to “Things I Hearted this Week”. Here are some of the popular and not-so-popular security and technology stories that caught our fancy for your reading pleasure.
“It’s the only and most fascinating read you need to keep up to date with your security needs.” – Someone I hired to say this from fiverr.com
Equifax
The big one on the tip of everyone’s tongue this week has been Equifax.
There’s little value in repeating every interesting article that was published on this topic during the week. From Adrian Sanabria’s Savage Security blog telling us Equifax breached, no eyebrows raised. To Brian Krebs providing his characteristic in-depth review The Equifax Breach: What you should know. All the way to articles exposing the poor manner in which the company has decided to respond, we tested Equifax's data breach checker — and it's basically useless.
There have been many large breaches, what makes Equifax largely different is that the details stolen weren’t things like usernames or passwords that could be easily changed. Rather it was users names, date of birth, and social security numbers – which are almost impossible to change.
Then there’s the case that a lot of the impacted individuals weren’t even customers of Equifax. They merely had their data held by the credit bureau. So it’s unlike, say, the Yahoo breach, where users can simply shut down their account and take their business elsewhere.
All eyes will be on the regulators to see if they can get to the bottom of the mess, and levy appropriate penalties. Maybe it’s time for the US to crystallise data protection, much like GDPR is seeking to achieve across Europe.
Chatbot to sue Equifax
It turns out that if you want to sue Equifax, you can do so without involving a lawyer. The creator, Joshua Browder, originally developed the chatbot to help people appeal against parking enforcement tickets. But now it’s looking to take on the big one and sue Equifax for its colossal breach.
Chatbot lets you sue Equifax for up to $25,000 without a lawyer | The Verge
Legal technology: the rise of the chatbots | Law Gazette
Artificial intelligence developed its own non-human language | The Atlantic
Phishers targeting LinkedIn users via hijacked accounts
As users, we’re often aware of the dangers that could arise from a poorly secured bank account, but we don’t often give as much thought to other accounts we own such as email or social media. While an individual may not find LinkedIn particularly interesting themselves beyond maintaining a professional presence, attackers look at such accounts differently and will leverage to their advantage wherever possible. Therefore it is important users take the right steps to protect all of their accounts and social media profiles as best as possible by using stro |
Equifax Yahoo | ||
|
2017-09-15 10:41:42 | U.S. Politicians Demand Probe of Equifax After Hack (lien direct) | A senior US senator called Wednesday for a federal investigation of credit rating agency Equifax after the company lost the personal data of 143 million customers to hackers. | Equifax | ||
 |
2017-09-15 08:15:01 | How many people outside the U.S. are affected by the Equifax breach? (lien direct) | In the recent Equifax breach you may have noticed that people in the UK and Canada are also affected but there has been little clarification as to how many. | Equifax | ||
 |
2017-09-15 03:00:39 | 4 Credit Bureau Data Breaches that Predate the 2017 Equifax Hack (lien direct) | Equifax made headlines on September 7, 2017, when it announced its discovery of a data breach earlier in the year. In the security incident, computer criminals leveraged a “U.S. website application vulnerability” to view some of the consumer credit reporting agency’s files, access which helped them compromise 143 million U.S. consumers’ Social Security Numbers, dates […]… Read More | Equifax | ||
|
2017-09-14 22:51:57 | Beset by Lawsuits, Scams, Investigations, Equifax names Source of Breach (lien direct) | In-brief:Â Beset by a plunging share price, class action lawsuits in dozens of states, pending Congressional hearings and a FTC investigation, Equifax on Wednesday finally settled speculation and named a six month old hole in a common software platform, Apache Struts, as the cause of a massive hack. Beset by a plunging share price, class action...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/459006806/0/thesecurityledger -->»Related StoriesBluetooth Flaw affects Billions of Devices and has a Name: BlueBorneMcKinsey: CEOs need IoT Security PlanA Year Later: FDA approves Software Fix for Security Flaws in Pacemakers | Equifax | ||
 |
2017-09-14 20:00:34 | Equifax Confirms March Struts Vulnerability Behind Breach (lien direct) | Equifax divulged on Wednesday that the culprit behind this summer's breach of 143 million Americans was an Apache Struts vulnerability, CVE-2017-5638, patched back in March. | Equifax | ||
 |
2017-09-14 18:14:00 | Equifax Data Breach – Hack Due To Missed Apache Patch (lien direct) |  The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
The original statement about the breach is as follows for those that weren't up to date with it, which came out Sept 7th (4 months AFTER the breach happened).
Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S.
Read the rest of Equifax Data Breach – Hack Due To Missed Apache Patch now! Only available at Darknet.
|
Equifax | ||
 |
2017-09-14 18:08:58 | News in brief: FTC to probe Equifax; Bitcoin price falls on China move; HBO teases GoT finale news (lien direct) | Your daily round-up of some of the other stories in the news  |
Equifax | ||
 |
2017-09-14 18:03:12 | Equifax Hackers Stole 200k Credit Card Accounts in One Fell Swoop (lien direct) | Visa and MasterCard are sending confidential alerts to financial institutions across the United States this week, warning them about more than 200,000 credit cards that were stolen in the epic data breach announced last week at big-three credit bureau Equifax. At first glance, the private notices obtained by KrebsOnSecurity appear to suggest that hackers were first able to steal credit card numbers from Equifax starting in November 2016. But Equifax says the accounts were all stolen at the same time -- when hackers accessed the company's systems in mid-May 2017. | Equifax | ||
|
2017-09-14 17:13:22 | Equifax: researchers find leaky customer help portal in Argentina (lien direct) | Researchers pulled thousands of records from site secured by a username and password of 'admin'  |
Equifax | ||
 |
2017-09-14 16:28:00 | FTC Opens Probe into Equifax Data Breach (lien direct) | Apache Struts flaw was known to be critical and should have been addressed, security researchers say. | Equifax | ||
|
2017-09-14 15:33:49 | U.S. Watchdog Confirms Probe of Huge Equifax Data Breach (lien direct) | A U.S. consumer protection watchdog agency said Thursday it has begun an investigation into a massive data breach at credit bureau Equifax that may have leaked sensitive information on 143 million people. | Equifax | ||
|
2017-09-14 15:05:16 | Equifax felled by a months-old Apache Struts vulnerability (lien direct) | Patching vulnerabilities often means juggling risk and practicality - which can mean gambling with customer data |
Equifax | ||
 |
2017-09-14 15:00:39 | Equifax aftermath: How to protect against identity theft (lien direct) |
If you are one of the victims of the Equifax breach, you have a heightened risk of becoming a victim of identity theft. And even if you're not, you should take these precautions.
Categories:
101
How-tos
Tags: breachEquifaxEquifax breachidentity theftsocial security numbers
(Read more...)
|
Equifax | ||
|
2017-09-14 11:56:07 | Equifax: four simple steps to secure yourself (lien direct) | Take these four steps to get through the Equifax breach with your identity and finances intact |
Equifax | ||
|
2017-09-14 11:12:38 | Equifax Confirms Apache Struts Flaw Used in Hack (lien direct) | U.S. credit reporting agency Equifax confirmed on Wednesday that an Apache Struts vulnerability exploited in the wild since March was used to breach its systems. | Equifax | ||
 |
2017-09-14 09:35:09 | Equifax data breach caused due to patch update being missed (lien direct) | The post Equifax data breach caused due to patch update being missed | Equifax | ||
 |
2017-09-14 08:48:43 | Smashing Security podcast #042: Equifax, BlueBorne, and the iPhone X (lien direct) |  Equifax's shambolic response to its huge data breach, a scary-sounding Bluetooth exploit, and Apple's iPhone X comes with Face ID.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Javvad Malik.
|
Equifax | ||
 |
2017-09-14 07:00:12 | Equifax confirms massive data breach was result of missed patch (lien direct) | Equifax appears to have failed to roll out a patch that might have stopped the massive breach of its systems | Equifax | ||
 |
2017-09-14 04:28:47 | Equifax Confirms Hackers Used Apache Struts Vulnerability to Breach Its Servers (lien direct) | In an update posted to its security breach website, Equifax said hackers used an Apache Struts security bug to breach its servers and later steal data on over 143 million customers, from both the US and the UK. [...] | Equifax | ||
 |
2017-09-14 01:38:28 | Equifax Suffered Data Breach After It Failed to Patch Old Apache Struts Flaw (lien direct) | The massive Equifax data breach that exposed highly sensitive data of as many as 143 million people was caused by exploiting a flaw in Apache Struts framework, which Apache patched over two months earlier of the security incident, Equifax has confirmed.
Credit rating agency Equifax is yet another example of the companies that became victims of massive cyber attacks due to not patching a
|
Equifax | ||
 |
2017-09-14 01:27:00 | Equifax confirms Apache Struts security flaw it failed to patch is to blame for hack (lien direct) | The company said the March vulnerability was exploited by hackers. | Equifax | ||
|
2017-09-13 13:00:00 | How Does The Equifax Incident Compare to Other Data Breaches? (lien direct) |
The Equifax data breach news which broke last week was a bit of a shocker. About 143 million Americans were affected, which is most of the US adult population, and an unknown number of Canadians and Britons. The leaked data included some highly sensitive information including social security numbers, home addresses and credit card numbers. The cyber-attack on Equifax occurred between mid-May and July, and the incident is still under investigation. The story is so significant that my friends from outside of the cybersecurity industry heard about it in the mainstream news.
Data breaches are dangerous. Very often cyber attackers will sell the databases of sensitive information they acquire on the Dark Web, where other attackers can use the information to conduct identity fraud, financial fraud, or perform more targeted attacks in general. When a data breach happens to an organization, they open themselves up to litigation and reputational damage.
What happened to Equifax?
“For far too long, businesses have under-invested in software integrity, relying on network-based defenses that are incapable of protecting many exploit vectors, including those associated with open source security defects. The Equifax breach and loss of 143 million records (including mine) serves as a painful reminder of why every link in the software supply chain must be automatically and continuously managed. To do otherwise is simply negligent,” said Wayne Jackson, CEO of Sonatype.
“As a larger company, Equifax most likely spent a lot of money, time and resources securing their customer data, and yet they still fell victim to a massive attack. Everyone should pause and ask themselves: is my enterprise doing enough? Organizations must evolve their cybersecurity programs at a faster pace, and employing security service providers (where necessary) can be one way of doing so. Security programs must also be continuously tested, so an annual red team assessment with qualified, ethical hackers can be critical in understanding how strong your cybersecurity really is,” said Steve Groom, director of cyberdefense at Proficio.
To make matters even worse, Equifax has probably mismanaged the incident initially a bit from a public relations standpoint as well.
“Equifax adds insult to injury by requiring consumers to waive their rights to a day in court and accept mandatory binding arbitration in order to take advantage of the company’s free year of credit monitoring. Cybersecurity experts estimate that the effects of this breach may be felt by consumers for decades. Consumers who choose to take advantage of Equifax’s credit monitoring in response to this breach should be sure to read the fine print carefully to find out how to opt out of these outrageous arbitration clauses,” John Breyault of National Consumers League said.
Considering how huge data breaches can damage a company's reputation, they should be a lot more careful in how they present themselves to the general public during their incident response. Any perception of trying to waive a consumer's right to sue will have negative consequences.
At least Equifax has responded to public outrage regarding the “you cannot sue us” clause. On September 8th, |
Equifax | ||
|
2017-09-13 02:03:48 | Canadian Class Action Suit Launched Against Equifax Over Data Breach (lien direct) | A class action lawsuit by Canadian consumers whose data was stolen in a massive hack of US credit bureau Equifax was launched Tuesday, seeking damages of Can $550 billion ($450 billion US). | Equifax | ||
|
2017-09-12 22:02:49 | Ayuda! (Help!) Equifax Has My Data! (lien direct) | Equifax last week disclosed a historic breach involving Social Security numbers and other sensitive data on as many as 143 million Americans. The company said the breach also impacted an undisclosed number of people in Canada and the United Kingdom. But the official list of victim countries may not yet be complete: According to information […] | Equifax | ||
|
2017-09-12 15:47:58 | News in brief: lawyerbot offers Equifax help; Facebook faces privacy fine; gang hacks India ID scheme (lien direct) | Your daily round-up of some of the other stories in the news |
Equifax | ||
|
2017-09-12 13:58:58 | How to protect yourself in the wake of the Equifax data breach (lien direct) |  David Bisson describes some of the ways you can protect yourself against identity thieves following the hack of Equifax.
|
Equifax | ||
 |
2017-09-12 11:39:07 | Chatbot offers legal help to Equifax data breach victims (lien direct) | DoNotPay bot prints documents to help users sue Equifax in small claims courts for up to $25,000. | Equifax | ||
|
2017-09-12 09:11:05 | Up to 44 million UK consumers may have had their identity put at risk after Equifax hack (lien direct) |  And don't imagine for a second that because you may have never heard of Equifax, or done no business with them, that you have somehow escaped from being affected by this breach.
Read more in my article on the Hot for Security blog.
|
Equifax | ||
|
2017-09-12 03:51:16 | Apache Struts 2 Flaws Affect Multiple Cisco Products (lien direct) | After Equifax massive data breach that was believed to be caused due to a vulnerability in Apache Struts, Cisco has initiated an investigation into its products that incorporate a version of the popular Apache Struts2 web application framework.
Apache Struts is a free, open-source MVC framework for developing web applications in the Java programming language, and used by 65 percent of the
|
Equifax | ||
|
2017-09-12 00:31:40 | The Equifax Breach: What You Should Know (lien direct) | It remains unclear whether those responsible for stealing Social Security numbers and other data on as many as 143 million Americans from big-three credit bureau Equifax intend to sell this data to identity thieves. But if ever there was a reminder that you -- the consumer -- are ultimately responsible for protecting your financial future, this is it. Here's what you need to know and what you should do in response to this unprecedented breach. | Equifax | ||
|
2017-09-12 00:00:00 | Equifax\'s credit report monitoring site is also vulnerable to hacking (lien direct) | The site has at least one vulnerability that allows a hacker to trick users into turning over sensitive data. | Equifax | ||
|
2017-09-11 19:53:29 | A week in security (September 4 – September 10) (lien direct) |
A compilation of security news and blog posts from the 4th - 10th September. We touched on threat surveys, Android patching, the Equifax breach and more!
Categories:
Security world
Week in security
Tags: ddoshackersmalvertisingmalwareroundupspamweek in security
(Read more...)
|
Equifax | ||
|
2017-09-11 19:02:31 | Apache Foundation Refutes Involvement in Equifax Breach (lien direct) | The Vice President of the Apache Struts PMC says the attackers likely used an unknown Struts zero day or an earlier announced vulnerability. | Equifax | ||
|
2017-09-11 18:30:00 | Equifax Gets Slammed, Removes Forced Arbitration Clause from Credit Monitoring Offer (lien direct) | Company's initial requirement that breach victims sign away their legal rights to get complimentary offer was one of several mistakes. | Equifax | ||
|
2017-09-11 13:54:40 | ROUNDTABLE: Will massive Equifax breach be the wake up call for companies, regulators, consumers? (lien direct) | By Byron V. Acohido The pain has only just begun for Equifax. Last Thursday, the giant credit bureau disclosed that hackers stole personal information for 143 million of its customers, presumably mostly Americans, but also Canadians and Europeans. In less than 24 hours, two Oregonians, Mary McHill and Brook Reinhard, filed a federal class-action lawsuit […] | Equifax | ||
|
2017-09-11 13:08:24 | Inside the Equifax Hack, Facebook\'s Problem with Authoritarianism & ASPertise harnesses Asperger\'s Syndrome (lien direct) | In-brief: In this week’s podcast, Security Ledger Editor in Chief Paul Roberts talks with noted security researcher Robert “RSnake” Hansen about the data breach at Equifax and why the company’s response to it was so lacking. Also: Chris Sumner of the Online Privacy Foundation talks about why Facebook is a killer app for...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/458212892/0/thesecurityledger -->»
Related StoriesInside the Equifax Hack, Facebook’s Problem with Authoritarianism & ASPertise harnesses Asperger’s Syndrome to solve Cyber Security Problems - EnclosureThe Spectrum of Mobile Risk: Protecting Your Corporate DataA Right to Repair the Internet of Things? Spear Phishing Detection and Nonstop Attacks on DVRs - Enclosure
|
Equifax | ||
|
2017-09-11 12:30:00 | 7 Takeaways From The Equifax Data Breach (lien direct) | The exposure of PII belonging to 143 million US consumers raises questions about the continued use of SSNs as identifiers, breach liability and app sec spending. | Equifax | ||
|
2017-09-11 07:48:13 | Equifax breach: 5 defensive steps to take now (lien direct) | Indications are that this breach occurred between mid-May and July 2017, and that it was discovered by Equifax on July 29. As this has potentially affected almost half of all adults in the US, you may be wondering how to identify or mitigate problems caused by this breach. | Equifax | ||
|
2017-09-11 06:16:38 | Apache Struts Flaw Reportedly Exploited in Equifax Hack (lien direct) | A vulnerability affecting the Apache Struts 2 open-source development framework was reportedly used to breach U.S. credit reporting agency Equifax and gain access to customer data. | Equifax | ||
|
2017-09-10 13:27:33 | Equifax: woeful PINs put frozen credit files at risk (lien direct) | Why the PINs protecting your frozen credit files aren't worthy of the name |
Equifax | ||
|
2017-09-09 09:22:35 | Three Equifax execs sold $1.8 million of stock days after breach discovery (lien direct) |  Three Equifax executives sold a combined $1.8 million worth of shares just days after the credit reporting agency discovered a massive data breach.
But before it was made public.
David Bisson reports.
|
Equifax | ||
|
2017-09-08 22:08:07 | NEWS THIS WEEK: Equifax admits losing data for 143 consumers; Symantec finds dozens of U.S. power plants compromised; Trump wants hacked email lawsuit thrown out (lien direct) | By Byron V. Acohido Credit-reporting agency Equifax said hackers gained access to sensitive personal data-Social Security numbers, birth dates and home addresses-for up to 143 million Americans, a major cybersecurity breach at a firm that serves as one of the three major clearinghouses for credit histories. Equifax said the breach began in May and continued […] | Equifax | ||
|
2017-09-08 22:06:00 | We tested Equifax\'s data breach checker - and it\'s basically useless (lien direct) | Several people have confirmed they have mixed or inaccurate results from the Equifax checker. | Equifax | ||
|
2017-09-08 18:15:13 | Equifax Breach Response Turns Dumpster Fire (lien direct) | I cannot recall a previous data breach in which the breached company's public outreach and response has been so haphazard and ill-conceived as the one coming right now from big-three credit bureau Equifax, which rather clumsily announced Thursday that an intrusion jeopardized Social security numbers and other information on 143 million Americans. | Equifax | ||
|
2017-09-08 17:29:57 | Equifax: highlighting the problems with social security numbers (lien direct) | With the SSNs of potentially half the US population exposed in the Equifax breach, it's time to rethink their ubiquitous use |
Equifax | ||
|
2017-09-08 17:23:11 | Many Questions, Few Answers For Equifax Breach Victims (lien direct) | Victims of the massive Equifax breach may have to wait days to find out if they were impacted. | Equifax |
To see everything:
Our RSS (filtrered)
