What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-11-28 11:00:00 | Pour le manque de cyber ongle, le royaume est tombé For want of a cyber nail the kingdom fell (lien direct) |
An old proverb, dating to at least the 1360’s, states: "For want of a nail, the shoe was lost, for want of a shoe, the horse was lost, for want of a horse, the rider was lost, for want of a rider, the battle was lost, for want of a battle, the kingdom was lost, and all for the want of a horseshoe nail," When published in Ben Franklin’s Poor Richard’s Almanack in 1768, it was preceded by the cautionary words: “a little neglect may breed great mischief”. This simple proverb and added comment serve as emblematic examples of how seemingly inconsequential missteps or neglect can lead to sweeping, irreversible, catastrophic losses. The cascade of events resonates strongly within the increasingly complex domain of cybersecurity, in which the omission of even the most elementary precaution can result in a spiraling series of calamities. Indeed, the realm of cybersecurity is replete with elements that bear striking resemblance to the nail, shoe, horse, and rider in this proverb. Consider, for example, the ubiquitous and elementary software patch that may be considered the proverbial digital "nail." In isolation, this patch might seem trivial, but its role becomes crucial when viewed within the broader network of security measures. The 2017 WannaCry ransomware attack demonstrates the significance of such patches; an unpatched vulnerability in Microsoft Windows allowed the malware to infiltrate hundreds of thousands of computers across the globe. It wasn\'t just a single machine that was compromised due to this overlooked \'nail,\' but entire networks, echoing how a lost shoe leads to a lost horse in the proverb. This analogy further extends to the human elements of cybersecurity. Personnel tasked with maintaining an organization\'s cyber hygiene play the role of the "rider" in our metaphorical tale. However, the rider is only as effective as the horse they ride; likewise, even the most skilled IT professional cannot secure a network if the basic building blocks—the patches, firewalls, and antivirus software—resemble missing nails and shoes. Numerous reports and studies have indicated that human error constitutes one of the most common causes of data breaches, often acting as the \'rider\' who loses the \'battle\'. Once the \'battle\' of securing a particular network or system is lost, the ramifications can extend much further, jeopardizing the broader \'kingdom\' of an entire organization or, in more extreme cases, critical national infrastructure. One glaring example that serves as a cautionary tale is the Equifax data breach of 2017, wherein a failure to address a known vulnerability resulted in the personal data of 147 million Americans being compromised. Much like how the absence of a single rider can tip the scales of an entire battle, this singular oversight led to repercussions that went far beyond just the digital boundaries of Equifax, affecting millions of individuals and shaking trust in the security of financial systems. | Ransomware Data Breach Malware Vulnerability | Wannacry Wannacry Equifax Equifax | ★★ |
|
2023-10-19 10:00:00 | Pourquoi les organisations ne détectent-elles pas les menaces de cybersécurité? Why are organizations failing to detect cybersecurity threats? (lien direct) |
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. With the changing security landscape, the most daunting task for the CISO and CIO is to fight an ongoing battle against hackers and cybercriminals. Bad actors stay ahead of the defenders and are always looking to find new vulnerabilities and loopholes to exploit and enter the business network. Failing to address these threats promptly can have catastrophic consequences for the organization. A survey finds that, on average, it takes more than five months to detect and remediate cyber threats. This is a significant amount of time, as a delayed response to cyber threats can result in a possible cyber-attack. One can never forget the devastating impacts of the Equifax breach in 2017 and the Target breach in 2013 due to delayed detection and response. This is concerning and highlights the need for proactive cybersecurity measures to detect and mitigate rising cyber threats. Amidst this, it\'s also crucial to look into why it is challenging to detect cyber threats. Why do organizations fail to detect cyber threats? Security teams are dealing with more cyber threats than before. A report also confirmed that global cyber attacks increased by 38% in 2022 compared to the previous year. The increasing number and complexity of cyber-attacks make it challenging for organizations to detect them. Hackers use sophisticated techniques to bypass security systems and solutions - like zero-day vulnerabilities, phishing attacks, business email compromises (BEC), supply chain attacks, and Internet of Things (IoT) attacks. Some organizations are unaware of the latest cyber threat trends and lack the skills and resources to detect them. For instance, hackers offer professional services like ransomware-as-a-service (RaaS) to launch ransomware attacks. Surprisingly, two out of three ransomware attacks are facilitated by the RaaS setup, but still, companies fail to have a defensive strategy against them. Enterprises relying on legacy devices and outdated software programs are no longer effective at recognizing certain malicious activities, leaving the network vulnerable to potential threats. Additionally, the lack of trained staff, insider threats, and human errors are other reasons why many organizations suffer at the hands of threat actors. Besides this, much of the company\'s data is hidden as dark data. As the defensive teams and employees may be unaware of it, the hackers take complete advantage of dark data and either replicate it or use it to fulfill their malicious intentions. Moreover, cloud migration has rapidly increased in recent years, putting cybersecurity at significant risk. The complexity of the cloud environments, poorly secured remote and hybrid work environments, and sharing security responsibilities between cloud service providers and clients have complicated the situation. In addition, cloud vulnerabilities, which have risen to 194% from the previous year, have highlighted the need for organizations to look out for ways to strengthen their security infrastructure. Security measures to consider to prevent cyber threats Since businesses face complex cyber threats, mitigating them require | Ransomware Data Breach Tool Vulnerability Threat Cloud | Equifax | ★★ |
 |
2023-10-16 11:41:41 | Equifax a condamné à une amende de 13,5 millions de dollars par rapport à la violation de données 2017 Equifax Fined $13.5 Million Over 2017 Data Breach (lien direct) |
> La Watchdog financier de l'UK \'s FCA impose A & Pound; 11 millions (environ 13,5 millions de dollars) amende à Equifax sur la violation de données de 2017.
>UK\'s financial watchdog FCA imposes a £11 million (approximately $13.5 million) fine to Equifax over the 2017 data breach. |
Data Breach Legislation | Equifax | ★★ |
 |
2023-10-13 18:15:00 | Les amendes britanniques Equifax 13,6 millions de dollars pour la violation de données 2017 UK fines Equifax $13.6 million for 2017 data breach (lien direct) |
Vendredi, la société britannique de rédaction de crédit a été condamnée à une amende et à 11 164 400 (environ 13,6 millions de dollars) par un régulateur britannique pour avoir permis aux pirates d'accéder à des informations personnelles de millions de personnes en 2017. Environ 13,8 millions de consommateurs britanniques ont été touchés dans l'incident, selonà la Financial Conduct Authority, et il reste l'un des
The UK arm of credit reporting firm Equifax was fined £11,164,400 (about $13.6 million) on Friday by a British regulator for allowing hackers to access personal information of millions of people in 2017. About 13.8 million UK consumers were affected in the incident, according to the Financial Conduct Authority, and it remains one of the |
Data Breach Legislation | Equifax | ★★★ |
 |
2023-10-13 11:45:00 | Amendes du régulateur britannique Equifax & Pound; 11m pour la violation de données 2017 UK Regulator Fines Equifax £11m for 2017 Data Breach (lien direct) |
La FCA britannique a tenu Equifax Ltd responsable de ne pas protéger les données des consommateurs britanniques détenues par sa société mère basée aux États-Unis
The UK FCA held Equifax Ltd responsible for failing to protect UK consumer data held by its US-based parent company |
Data Breach | Equifax | ★★ |
 |
2022-08-16 02:00:00 | The 12 biggest data breach fines, penalties, and settlements so far (lien direct) | Sizable fines assessed for data breaches since 2019 suggest that regulators are getting more serious about organizations that don't properly protect consumer data. Marriott was hit with a $124 million fine, later reduced, while Equifax agreed to pay a minimum of $575 million for its 2017 breach. Now, the Equifax fine has been eclipsed by the $1.19 billion fine levied against the Chinese firm Didi Global for violating that nation's data protection laws, and by the $877 million fine against Amazon last year for running afoul of the General Data Protection Regulation (GDPR) in Europe.To read this article in full, please click here | Data Breach | Equifax Equifax | |
|
2022-06-14 02:00:00 | Vulnerability management mistakes CISOs still make (lien direct) | Multiple breaches, including the massive 2017 data breach at the credit reporting agency Equifax, have been traced back to unpatched vulnerabilities-a 2019 Tripwire study found that 27% of all breaches were caused by unpatched vulnerabilities, while a 2018 Ponemon study put the number at a jaw-dropping 60%.To read this article in full, please click here | Data Breach | Equifax | |
 |
2022-04-14 19:54:44 | Incomplete Fix for Apache Struts 2 Vulnerability (CVE-2021-31805) Amended (lien direct) | FortiGuard Labs is aware that the Apache Software Foundation disclosed and released a fix for a potential remote code execution vulnerability (CVE-2021-31805 OGNL Injection vulnerability ) that affects Apache Struts 2 on April 12th, 2022. Apache has acknowledged in an advisory that the fix was issued because the first patch released in 2020 did not fully remediate the issue. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also released an advisory on April 12th, 2022, warning users and administrators to review the security advisory "S2-062" issued by Apache and upgrade to the latest released version as soon as possible. Why is this Significant?This is significant because Apache Struts is widely used and successfully exploiting CVE-2021-31805 could result in an attacker gaining control of a vulnerable system. Because of the potential impact, CISA released an advisory urging users and administrators to review the security advisory "S2-062" issued by Apache and upgrade to the latest released version as soon as possible.On the side note, an older Struts 2 OGNL Injection vulnerability (CVE-2017-5638) was exploited in the wild that resulted in a massive data breach of credit reporting agency Equifax in 2017.What is Apache Struts 2?Apache Struts 2 is an open-source web application framework for developing Java web applications that extends the Java Servlet API to assist, encourage, and promote developers to adopt a model-view-controller (MVC) architecture.What is CVE-2021-31805?CVE-2021-31805 is an OGNL injection vulnerability in Struts 2 that enables an attacker to perform remote code execution on a vulnerable system. The vulnerability was originally assigned CVE-2020-17530, however CVE-2021-31805 was newly assigned to the vulnerability as some security researchers found a workaround for the original patch released in 2020.The vulnerability is described as "some of the tag's attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation."What Versions of Apache Struts are Vulnerable to CVE-2021-31805?Struts 2.0.0 - Struts 2.5.29 are vulnerable.Struts 2.0.0 and 2.5.29 were released in 2006 and 2022 respectively. Has the Vendor Released a Patch for CVE-2021-31805?Yes, Apache released a fixed version (2.5.30) of Apache Struts 2 on April 12th, 2022.Users and administrators are advised to upgrade to Struts 2.5.30 or greater as soon as possible.Has the Vendor Released an Advisory?Yes, Apache released an advisory on April 12th, 2022. See the Appendix for a link to "Security Bulletin: S2-062".What is the Status of Coverage?FortiGuard Labs provides the following IPS coverage for CVE-2020-17530, which applies for CVE-2021-31805:Apache.Struts.OGNL.BeanMap.Remote.Code.Execution | Data Breach Vulnerability Guideline | Equifax Equifax | |
 |
2021-02-24 13:30:31 | Dangers of Only Scanning First-Party Code (lien direct) |  When it comes to securing your applications, it???s not unusual to only consider the risks from your first-party code. But if you???re solely considering your own code, then your attack surface is likely bigger than you think.
Our recent State of Software Security report found that 97 percent of the typical Java application is made up of open source libraries. That means your attack surface is exponentially larger than just the code written in-house. Yet a study conducted by Enterprise Strategy Group (ESG) established that less than half of organizations have invested in security controls to scan for open source vulnerabilities.
If the majority of applications are made up of open source libraries, why are most organizations only scanning their first-party code? Because most organizations assume that third-party code was already scanned for vulnerabilities by the library developer. But you can???t base the safety of your applications on assumptions. Our State of Software Security: Open Source Edition report revealed that approximately 42 percent of the third-party code pulled directly by an application developer has a flaw on first scan. And even if the third-party code appears to be free of flaws, more than 47 percent of third-party code has a transitive flaw that???s pulled indirectly from another library in use.
Over the years, several organizations have learned the hard way just how dangerous it is to only scan first-party code.
In 2014, the notorious open source vulnerability ??? Heartbleed ??? occurred. Heartbleed was the result of a flaw in OpenSSL, a third-party library that implemented the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. The vulnerability enabled cyberattackers to access over 4.5 million healthcare records from Community Health Systems Inc.
In 2015, there was a critical vulnerability in Glibc, a GNU C library. The open source security vulnerability nicknamed ???Ghost,??? affected all Linux servers and web frameworks such as Python, PHP, Ruby on Rails as well as API web services that use the Glibc library. The vulnerability made it possible for hackers to compromise applications with a man-in-the-middle attack.
In 2017, Equifax suffered a massive data breach from Apache Struts which compromised the data ??? including social security numbers ??? of more than 143 million Americans. Following the breach, Equifax's stock fell over 13 percent.
On the good news front: Close to 74 percent of open source flaws can be fixed with an update like a revision or patch. Even high-priority open source flaws don???t require extensive refactoring of code ??? close to 91 percent can be fixed with an update. Equifax had to pay up to $425 million to help people affected by the data breach that the court deemed ???entirely preventable.??? In fact, it was discovered that the breach could have been avoided with a simple patch to its open source library, Apache Struts.
Don???t become a victim to the monsters lurking in your third-party libraries. Download our whitepaper Accelerating Software Development with Secure Open Source So |
Data Breach Vulnerability | Equifax Equifax | |
|
2021-01-12 11:00:00 | Why cybersecurity awareness is a team sport (lien direct) |
Image Source
This blog was written by an independent guest blogger.
Cybersecurity may be different based on a person's viewpoint. One may want to simply protect and secure their social media accounts from hackers, and that would be the definition of what cybersecurity is to them. On the other hand, a small business owner may want to protect and secure credit card information gathered from their point-of-sale registers and that is what they define as cybersecurity.
Despite differences in implementation, at its core, cybersecurity pertains to the mitigation of potential intrusion of unauthorized persons into your system(s). It should encompass all aspects of one’s digital experience--whether you are an individual user or a company.
Your cyber protection needs to cover your online platforms, devices, servers, and even your cloud storage. Any unprotected area of your digital journey can serve as an exploit point for hackers and cyber criminals intent on finding vulnerabilities.
People assume that it is the responsibility of the IT Department to stop any intrusion. That may be true up to a certain point, cybersecurity responsibility rests with everyone, in reality.
Cybersecurity should be everybody’s business.
The cybersecurity landscape is changing. With 68% of businesses saying that their cybersecurity risks have increased, it is no wonder that businesses have been making increased efforts to protect from, and mitigate attacks.
During the height of the pandemic, about 46% of the workforce shifted to working from home. We saw a surge in cybersecurity attacks - for example, RDP brute-force attacks increased by 400% around the same time.
This is why cybersecurity must be and should be everybody’s business. According to the 2019 Cost of Cybercrime Study, cyberattacks often are successful due to employees willingly participating as an internal actors or or employees and affiliates carelessly clicking a link by accident.
Sadly, it is still happening today. Unsuspecting employees can be caught vulnerable and cause a corporate-wide cyberattack by opening a phishing email or bringing risks into the company’s network in a BYOD (Bring Your Own Device) system.
Just a decade ago, Yahoo experienced a series of major data breaches, via a backdoor to their network system established by a hacker (or a group of hackers). Further digital forensic investigation shows the breach started from a phishing email opened by an employee.
Another example was Equifax when it experienced a data breach in 2017 and was liable for fines amounting to $425 million by the Federal Trade Commission (FTC).
Companies continue to double up on their investments in cybersecurity and privacy protection today to ensure that incidents like these do not happen to their own networks. But a network is only as strong as its weakest link. Hackers continue to innovate, making their attacks more and mo |
Ransomware Data Breach Malware Vulnerability Guideline | Equifax Equifax Yahoo Yahoo | |
|
2021-01-05 13:25:00 | Nature vs. Nurture Tip 3: Employ SCA With SAST (lien direct) |  For this year???s State of Software Security v11 (SOSS) report, we examined how both the ???nature??? of applications and how we ???nurture??? them contribute to the time it takes to close out a security flaw. We found that the ???nature??? of applications ??? like size or age ??? can have a negative effect on how long it takes to remediate a security flaw. But, taking steps to ???nurture??? the security of applications ??? like using multiple application security (AppSec) testing types ??? can have a positive effect on how long it takes to remediate security flaws.
In our first blog, Nature vs. Nurture Tip 1: Use DAST With SAST, we explored how organizations that combine DAST with SAST address 50 percent of their open security findings almost 25 days faster than organizations that only use SAST. In our second blog, Nature vs. Nurture Tip 2: Scan Frequently and Consistently, we addressed the benefits of frequent and consistent scanning by highlighting the SOSS finding that organization that scan their applications at least daily reduced time to remediation by more than a third, closing 50 percent of security flaws in 2 months.
For our third tip, we will explore the importance of software composition analysis (SCA) and how ??? when used in conjunction with static application security testing (SAST) ??? it can shorten the time it takes to address security flaws.
What is SCA and why is it important?
SCA inspects open source code for vulnerabilities. Some assume that open source code is more secure than first-party code because there are ???more eyes on it,??? but that is often not the case. In fact, according to our SOSS report, almost one-third of applications have more security findings in their third-party libraries than in primary code. Given that a typical Java application is 97 percent third-party code, this is a concerning statistic.
Since SCA is the only AppSec testing type that can identify vulnerabilities in open source code, if you don???t employ SCA, you could find yourself victim of a costly breach. In fact, in 2017, Equifax suffered a massive data breach from Apache Struts that compromised the data ??? including Social Security numbers ??? of more than 143 million Americans. Following the breach, Equifax's stock fell over 13 percent.
How can SCA with SAST shorten time to remediation?
If you are only using static analysis to assess the security of your code, your attack surface is likely bigger than you think. You need to consider third-party code as part of your attack surface, which is only uncovered by using SCA.
By incorporating software composition analysis into your security testing mix, you can find and address more flaws. According to SOSS, organizations that employ ???good??? scanning practices (like SCA with SAST), tend to be more mature and further along in their AppSec journey. And organizations with mature AppSec programs tend to remediate flaws faster. For example, employing SCA with SAST cuts ti |
Data Breach | Equifax | |
|
2020-10-01 14:10:28 | 96% of Organizations Use Open Source Libraries but Less Than 50% Manage Their Library Security Flaws (lien direct) |  Most modern codebases are dependent on open source libraries. In fact, a recent research report sponsored by Veracode and conducted by Enterprise Strategy Group (ESG) found that more than 96 percent of organizations use open source libraries in their codebase. But ??? shockingly ??? less than half of these organizations have invested in specific security controls to scan for open source vulnerabilities.
Why is it important to scan open source libraries?
For our State of Software Security: Open Source Edition report, we analyzed the security of open source libraries in 85,000 applications and found that 71 percent have a flaw. The most common open source flaws identified include Cross-Site Scripting, insecure deserialization, and broken access control. By not scanning open source libraries, these flaws remain vulnerable to a cyberattack. ツ?ツ?ツ?
Equifax made headlines by not scanning its open source libraries. In 2017, Equifax suffered a massive data breach from Apache Struts which compromised the data ??? including social security numbers ??? of more than 143 million Americans. Following the breach, Equifax's stock fell over 13 percent. The unfortunate reality is that if Equifax performed AppSec scans on its open source libraries and patched the vulnerability, the breach could have been avoided. ツ?
Why aren???t more organizations scanning open source libraries?
If 96 percent of organizations use open source libraries and 71 percent of applications have a third-party vulnerability, why is it that less than 50 percent of organizations scan their open source libraries? The main reason is that when application developers add third-party libraries to their codebase, they expect that library developers have scanned the code for vulnerabilities. Unfortunately, you can???t rely on library developers to keep your application safe. Approximately 42 percent of the third-party code pulled directly by an application developer has a flaw on first scan. And even if the third-party code appears to be free of flaws, more than 47 percent of third-party code has a transitive flaw that???s pulled indirectly from another library in use.
What are your options for managing library security flaws?
First off, it???s important to note that most flaws in open source libraries are easy to fix. Close to 74 percent of the flaws can be fixed with an update like a revision or patch. Even high priority flaws are easy to fix ??? close to 91 percent can be fixed with an update.
So, when it comes to managing your library security flaws, the concentration should not just be, ???How |
Data Breach Tool Vulnerability | Equifax | |
 |
2020-02-11 15:52:00 | China denies it was behind the Equifax hack, as four men charged for data breach (lien direct) | China has denied that it was behind the hack of Equifax in 2017, which saw the personal data of hundreds of millions of individuals stolen – including the names, birth dates and social security numbers for nearly half of all American citizens. Read more in my article on the Hot for Security blog. | Data Breach Hack | Equifax | |
 |
2020-02-10 07:57:01 | U.S. Charges 4 Chinese Military Hackers Over Equifax Data Breach (lien direct) | The United States Department of Justice today announced charges against 4 Chinese military hackers who were allegedly behind the Equifax data breach that exposed the personal and financial data of nearly 150 million Americans.
In a joint press conference held today with the Attorney General William Barr and FBI Deputy Director David Bowdich, the DoJ officials labeled the state-sponsored |
Data Breach | Equifax | |
 |
2020-01-15 18:00:00 | 2017 Data Breach Will Cost Equifax at Least $1.38 Billion (lien direct) | Company agrees to set aside a minimum of $380.5 million as breach compensation and spend another $1 billion on transforming its information security over the next five years. The 147 million US consumers affected by the breach have one week from today to file a claim. | Data Breach | Equifax | |
 |
2019-10-30 09:51:54 | 10 percent of small businesses to impacted by Data breach (lien direct) | Data breaches hitting massive entities like Equifax, Facebook and Target grab headlines, but the impact on small businesses is just as severe with attacks causing bankruptcy or even forcing a firm to shutter its doors. A report issued by the National Cyber Security Alliance, based on a Zogby Analytics survey of 1,008 small businesses with up to […] | Data Breach | Equifax | |
 |
2019-10-22 13:39:47 | COMMENT: Equifax Used Default \'Admin\' User Name And Password To Secure Hacked Portal (lien direct) | Equifax staffers used the default user name and password – 'admin’ – to secure a portal containing sensitive customer information, Computing reported. That’s according to a class-action lawsuit launched against the company in the US, claiming securities fraud by the company over the 2017 data breach that spilled information on around 148 million accounts of people in … The ISBuzz Post: This Post COMMENT: Equifax Used Default ‘Admin’ User Name And Password To Secure Hacked Portal | Data Breach | Equifax | |
|
2019-10-14 03:00:00 | Equifax data breach FAQ: What happened, who was affected, what was the impact? (lien direct) | In March 2017, personally identifying data of hundreds of millions of people was stolen from Equifax, one of the credit reporting agencies that assess the financial health of nearly everyone in the United States.As we'll see, the breach spawned a number of scandals and controversies: Equifax was criticized for everything ranging from their lax security posture to their bumbling response to the breach, and top executives were accused of corruption in the aftermath. And the question of who was behind the breach has serious implications for the global political landscape.How did the Equifax breach happen? Like plane crashes, major infosec disasters are typically the result of multiple failures. The Equifax breach investigation highlighted a number of security lapses that allowed attackers to enter supposedly secure systems and exfiltrate terabytes of data. | Data Breach | Equifax | |
 |
2019-09-23 08:46:59 | NEW TECH: How \'cryptographic splitting\' bakes-in security at a \'protect-the-data-itself\' level (lien direct) | How can it be that marquee enterprises like Capital One, Marriott, Facebook, Yahoo, HBO, Equifax, Uber and countless others continue to lose sensitive information in massive data breaches? Related: Breakdown of Capital One breach The simple answer is that any organization that sustains a massive data breach clearly did not do quite enough to protect […] | Data Breach | Equifax Yahoo Uber | |
|
2019-09-20 15:43:55 | 200,000 Sign Petition Against Equifax Data Breach Settlement (lien direct) | 200,000 Sign Petition to "Force Equifax to Pay for Their Greed" | Data Breach | Equifax | |
|
2019-08-05 16:25:04 | ID Theft Stings, But it\'s Hard to Pin on Specific Data Hacks (lien direct) | Equifax 2017. Marriott 2018. Capital One 2019. | Data Breach | Equifax | |
 |
2019-08-02 16:00:00 | Capital One breach exposes over 100 million credit card applications (lien direct) |
The Capital One data breach is an exceptional example, if only because of how much we already know. Not only that, but the breach happened to one of the technical front-runners in banking.
Categories:
Reports
Tags: Amazon Elastic Compute CloudAmazon web servicesawsCapital OneCapital One data breachdata breachEC2EquifaxEquifax breachfintechiamidentity access managementPaige Thompson
(Read more...)
|
Data Breach | Equifax | |
|
2019-08-01 15:20:05 | FTC Warns Cash Option May be Small for Equifax Settlement (lien direct) | The Federal Trade Commission on Wednesday told consumers affected by the Equifax data breach that they are unlikely to get the full $125 cash payment that many sought. | Data Breach | Equifax | |
 |
2019-07-31 19:31:02 | FTC Tells Equifax Victims to Opt for Credit Monitoring Over $125 (lien direct) | The FTC says that Equifax data breach victims who already have credit monitoring and opted to get a $125 cash payment might not get it in full and should choose the free credit monitoring option instead. [...] | Data Breach | Equifax | |
|
2019-07-31 05:55:00 | IDG Contributor Network: Is the cloud lulling us into security complacency? (lien direct) | The recent CapitalOne breach has certainly made lots of headlines in less than a day since the story broke out. And sadly, it has already thrust the $700M settlement that was reached from the largest ever data breach – the Equifax one – onto the sidelines just days after the news of that settlement broke out.But going back to CapitalOne, there are lots of lessons to be learned there certainly. I want to focus on where CapitalOne's data centers were and what that means for the rest of the planet from a security perspective. CapitalOne has been one of the most vocal AWS customers. They have appeared at numerous AWS events and touted how they have completely shuttered all their data centers and run exclusively on Amazon. And to be fair, they have also shared their best practices and use of AWS services. | Data Breach | Equifax | |
|
2019-07-26 03:00:00 | The biggest data breach fines, penalties and settlements so far (lien direct) | Sizable fines assessed for data breaches in 2019 suggest that regulators are getting more serious about organizations that don't properly protect consumer data. In the UK British Airways was hit with a record $230 million penalty, followed shortly by a $124 million fine for Marriott, while in the US Equifax agreed to pay a minimum of $575 million for its 2017 breach. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | Equifax | |
|
2019-07-24 04:38:00 | Equifax\'s billion-dollar data breach disaster: Will it change executive attitudes toward security? (lien direct) | Equifax announced on Monday that it has agreed to a record-breaking settlement related to its massive 2017 data breach, which exposed the personal and financial records of more than 148 million people. The settlement requires the beleaguered credit ratings agency to spend at least $1.38 billion to resolve consumer claims against it. It creates a non-reversionary fund of $380.5 million to pay benefits to the class of consumers harmed by the breach, including cash compensation, credit monitoring, and help with identity restoration. [ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | Equifax | |
|
2019-07-23 17:26:01 | Experts Commentary On Equifax Settlement (lien direct) | Reuters is reporting that credit-reporting company Equifax Inc will pay up to a record $650 million to settle U.S. federal and state probes into a massive 2017 data breach of personal information, authorities said on Monday. The largest-ever settlement for a data breach draws to a close multiple probes into Equifax by the Federal Trade Commission, the … The ISBuzz Post: This Post Experts Commentary On Equifax Settlement | Data Breach | Equifax | |
|
2019-07-23 00:55:00 | Equifax to Pay up to $700 Million in 2017 Data Breach Settlement (lien direct) | Equifax, one of the three largest credit-reporting firms in the United States, has to pay up to $700 million in fines to settle a series of state and federal investigations into the massive 2017 data breach that exposed the personal and financial data of nearly 150 million Americans-that's almost half the country.
According to an official announcement by the U.S. Federal Trade Commission (FTC |
Data Breach | Equifax | |
 |
2019-07-22 19:27:01 | What You Should Know About the Equifax Data Breach Settlement (lien direct) | Big-three credit bureau Equifax has reportedly agreed to pay at least $650 million to settle lawsuits stemming from a 2017 breach that let intruders steal personal and financial data on roughly 148 million Americans. Here's a brief primer that attempts to break down what this settlement means for you, and what it says about the value of your identity. | Data Breach | Equifax | |
|
2019-07-22 18:23:00 | Equifax to Pay Up to $700mn for Data Breach Damages (lien direct) | In a settlement with the FTC, consumers affected by the breach are eligible for up to $20,000 in a cash settlement, depending on damages they can prove. | Data Breach | Equifax | |
 |
2019-07-22 14:31:00 | (Déjà vu) Equifax, regulators sign $700m deal to settle data breach lawsuits (lien direct) | The massive security incident exposed personal details belonging to almost 150 million customers. | Data Breach | Equifax | |
 |
2019-07-22 11:21:04 | Equifax to pay up to $700m to settle data breach (lien direct) | The credit score agency has agreed a settlement after hackers stole 147 million people's details. | Data Breach | Equifax | |
|
2019-07-22 08:06:05 | Equifax, regulators close to signing $700m deal to settle data breach lawsuits (lien direct) | The massive security incident exposed personal details belonging to almost 150 million customers. | Data Breach | Equifax | |
|
2019-07-01 11:30:03 | Former Equifax executive sent behind bars for insider trades, profiting on data breach (lien direct) | An opportunity to cash in on the data breach was seized, with prison as a consequence. | Data Breach | Equifax | |
|
2019-06-28 04:58:04 | Former Equifax Executive Gets 4 Months for Insider Trading (lien direct) | A former Equifax executive who sold stock a week and a half before the company announced a massive data breach was sentenced Thursday to serve four months in federal prison for insider trading. | Data Breach | Equifax | |
|
2019-05-23 12:04:01 | Moody\'s Downgrades Equifax Outlook to Negative Over 2017 Data Breach (lien direct) | Moody's has revised its Equifax outlook from stable to negative, citing the effect of the 2017 data breach. This is the first time that a cybersecurity incident has resulted in a Moody's outlook downgrading. | Data Breach | Equifax | |
|
2019-03-11 16:31:00 | Equifax Was Aware of Cybersecurity Weaknesses for Years, Senate Report Says (lien direct) | The massive Equifax data breach that impacted 148 million Americans in 2017 was the result of years of poor cybersecurity practices, a new Staff Report from the United States Senate's Permanent Subcommittee on Investigations reveals. | Data Breach | Equifax | |
 |
2019-02-15 22:30:01 | Data Breach Bonanza: Dating Apps, Equifax, Mass Credential Dumps (lien direct) | Data-exposure "lowlights" for the week ending Feb. 15, 2019. | Data Breach | Equifax | |
|
2019-02-15 21:30:00 | Equifax Data Breach A Sign Of Global Cyberwarfare? (lien direct) | The Equifax data breach in which millions of Americans had their personal details stolen may have been carried out by a foreign government in a bid to recruit U.S. spies, experts believe. Off the back of this, please see comments from Terry Ray, senior vice president and Imperva fellow who talks about how this is … The ISBuzz Post: This Post Equifax Data Breach A Sign Of Global Cyberwarfare? | Data Breach | Equifax | |
 |
2019-01-28 04:00:01 | Regulatory Fines, Prison Time Render “Check Box” Security Indefensible (lien direct) | In May 2017, the Equifax data breach compromised critical credit and identity data for 56 percent of American adults, 15 million UK citizens and 20,000 Canadians. The Ponemon Institute estimates that the total cost to Equifax could approach $600M in direct expenses and fines. That doesn't include the cost of the security upgrades required to […]… Read More | Data Breach | Equifax | |
|
2019-01-07 06:05:00 | IDG Contributor Network: Managing identity and access management in uncertain times (lien direct) | If we remember one thing from 2018, it is that we are all victims now through one breach or another. Every day, we hear more news about another data breach affecting millions of users with significant financial and reputational consequences to its victims. With massive breaches like Equifax, Facebook, Deloitte, Quora and Yahoo, it is clear that breach notification services and multi-factor authentication (MFA) are not enough to prevent the next data breach headline from appearing in tomorrow's newspapers.Organizations have started thinking holistically, and rightly so, about risk and approaches to security using frameworks such as CARTA, Zero Trust, NIST SP 800 and IDSA. These frameworks offer progressive thinking and valuable approaches to modern identity strategy, but there is no one size fits all. These frameworks are akin to buying furniture from IKEA; assembly required, but with a lot more complexity and a lot more at stake. | Data Breach | Equifax Deloitte Yahoo | |
 |
2018-12-13 11:49:00 | Conflicted External Auditors at Heart of Equifax Data Breach (lien direct) | Equifax hired financial auditors and IT security auditors from different divisions of Ernst & Young, creating conflicts of interest that may have disincentivized both auditing teams from reporting problems that eventually led to the company's 2017 data breach. | Data Breach | Equifax | |
|
2018-11-05 17:15:01 | Equifax Offers Free Credit Monitoring - Via Rival Experian (lien direct) | A year after offering free credit monitoring to all Americans on account of its massive data breach that exposed the personal information of nearly 148 million people, Equifax now says it has chosen to extend the offer by turning to a credit monitoring service offered by a top competitor – Experian. And to do that, it will soon … The ISBuzz Post: This Post Equifax Offers Free Credit Monitoring - Via Rival Experian | Data Breach | Equifax | |
|
2018-11-01 16:47:01 | Equifax Has Chosen Experian. Wait, What? (lien direct) | A year after offering free credit monitoring to all Americans on account of its massive data breach that exposed the personal information of nearly 148 million people, Equifax now says it has chosen to extend the offer by turning to a credit monitoring service offered by a top competitor -- Experian. And to do that, it will soon be sharing with Experian contact information that affected consumers gave to Equifax in order to sign up for the service. | Data Breach | Equifax | |
|
2018-10-18 04:43:01 | Ex-Equifax Manager Gets Home Confinement for Insider Trading (lien direct) | A former Equifax manager was sentenced Tuesday to serve eight months home confinement for engaging in insider trading in the wake of the company's massive data breach last year. | Data Breach | Equifax | |
|
2018-09-20 11:09:03 | ICO to Fine Equifax £500,000 for 2017 Data Breach (lien direct) | The Information Commissioner’s Office (ICO) of the United Kingdom announced it will fine Equifax £500,000 for a data breach that occurred in 2017. In a monetary penalty notice filed on 19 September, the ICO revealed its decision to impose the maximum fine specified in section 55A of the Data Protection Act 1998 on Equifax. The […]… Read More | Data Breach | Equifax | |
|
2018-09-20 07:25:00 | Equifax fined £500,000 over customer data breach (lien direct) | If the security incident had taken place after GDPR came into play, the fine may have been far higher. | Data Breach | Equifax | |
|
2018-09-20 06:54:05 | UK Regulator Fines Equifax £500,000 Over 2017 Data Breach (lien direct) | Atlanta-based consumer credit reporting agency Equifax has been issued a £500,000 fine by the UK's privacy watchdog for its last year's massive data breach that exposed personal and financial data of hundreds of millions of its customers.
Yes, £500,000-that's the maximum fine allowed by the UK's Data Protection Act 1998, though the penalty is apparently a small figure for a $16 billion
|
Data Breach | Equifax | |
|
2018-09-19 23:12:00 | Equifax fined by ICO over data breach that hit Britons (lien direct) | The UK's Information Commissioner's Office imposes a fine of £500,000 over the 2017 breach. | Data Breach | Equifax |
To see everything:
Our RSS (filtrered)
