This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-13T03:36:51+00:00 www.secnews.physaphae.fr Dark Reading - Informationweek Branch CVE-2023-50164 is harder to exploit than the 2017 Struts bug behind the massive breach at Equifax, but don\'t underestimate the potential for attackers to use it in targeted attacks.]]> 2023-12-15T20:55:00+00:00 https://www.darkreading.com/cloud-security/patch-exploit-activity-dangerous-apache-struts-bug www.secnews.physaphae.fr/article.php?IdArticle=8423394 False Threat Equifax 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Richard’s Almanack in 1768, it was preceded by the cautionary words: “a little neglect may breed great mischief”. This simple proverb and added comment serve as emblematic examples of how seemingly inconsequential missteps or neglect can lead to sweeping, irreversible, catastrophic losses. The cascade of events resonates strongly within the increasingly complex domain of cybersecurity, in which the omission of even the most elementary precaution can result in a spiraling series of calamities. Indeed, the realm of cybersecurity is replete with elements that bear striking resemblance to the nail, shoe, horse, and rider in this proverb. Consider, for example, the ubiquitous and elementary software patch that may be considered the proverbial digital "nail." In isolation, this patch might seem trivial, but its role becomes crucial when viewed within the broader network of security measures. The 2017 WannaCry ransomware attack demonstrates the significance of such patches; an unpatched vulnerability in Microsoft Windows allowed the malware to infiltrate hundreds of thousands of computers across the globe. It wasn\'t just a single machine that was compromised due to this overlooked \'nail,\' but entire networks, echoing how a lost shoe leads to a lost horse in the proverb. This analogy further extends to the human elements of cybersecurity. Personnel tasked with maintaining an organization\'s cyber hygiene play the role of the "rider" in our metaphorical tale. However, the rider is only as effective as the horse they ride; likewise, even the most skilled IT professional cannot secure a network if the basic building blocks—the patches, firewalls, and antivirus software—resemble missing nails and shoes. Numerous reports and studies have indicated that human error constitutes one of the most common causes of data breaches, often acting as the \'rider\' who loses the \'battle\'. Once the \'battle\' of securing a particular network or system is lost, the ramifications can extend much further, jeopardizing the broader \'kingdom\' of an entire organization or, in more extreme cases, critical national infrastructure. One glaring example that serves as a cautionary tale is the Equifax data breach of 2017, wherein a failure to address a known vulnerability resulted in the personal data of 147 million Americans being compromised. Much like how the absence of a single rider can tip the scales of an entire battle, this singular oversight led to repercussions that went far beyond just the digital boundaries of Equifax, affecting millions of individuals and shaking trust in the security of financial systems. ]]> 2023-11-28T11:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/for-want-of-a-cyber-nail-the-kingdom-fell www.secnews.physaphae.fr/article.php?IdArticle=8417468 False Ransomware,Data Breach,Malware,Vulnerability Wannacry,Wannacry,Equifax,Equifax 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC A survey finds that, on average, it takes more than five months to detect and remediate cyber threats. This is a significant amount of time, as a delayed response to cyber threats can result in a possible cyber-attack.  One can never forget the devastating impacts of the Equifax breach in 2017 and the Target breach in 2013  due to delayed detection and response. This is concerning and highlights the need for proactive cybersecurity measures to detect and mitigate rising cyber threats. Amidst this, it\'s also crucial to look into why it is challenging to detect cyber threats. Why do organizations fail to detect cyber threats? Security teams are dealing with more cyber threats than before. A report also confirmed that global cyber attacks increased by 38% in 2022 compared to the previous year. The increasing number and complexity of cyber-attacks make it challenging for organizations to detect them. Hackers use sophisticated techniques to bypass security systems and solutions - like zero-day vulnerabilities, phishing attacks, business email compromises (BEC), supply chain attacks, and Internet of Things (IoT) attacks. Some organizations are unaware of the latest cyber threat trends and lack the skills and resources to detect them. For instance, hackers offer professional services like ransomware-as-a-service (RaaS) to launch ransomware attacks. Surprisingly, two out of three ransomware attacks are facilitated by the RaaS setup, but still, companies fail to have a defensive strategy against them. Enterprises relying on legacy devices and outdated software programs are no longer effective at recognizing certain malicious activities, leaving the network vulnerable to potential threats. Additionally, the lack of trained staff, insider threats, and human errors are other reasons why many organizations suffer at the hands of threat actors. Besides this, much of the company\'s data is hidden as dark data. As the defensive teams and employees may be unaware of it, the hackers take complete advantage of dark data and either replicate it or use it to fulfill their malicious intentions. Moreover, cloud migration has rapidly increased in recent years, putting cybersecurity at significant risk. The complexity of the cloud environments, poorly secured remote and hybrid work environments, and sharing security responsibilities between cloud service providers and clients have complicated the situation. In addition, cloud vulnerabilities, which have risen to 194% from the previous year, have highlighted the need for organizations to look out for ways to strengthen their security infrastructure. Security measures to consider to prevent cyber threats Since businesses face complex cyber threats, mitigating them require]]> 2023-10-19T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/why-are-organizations-failing-to-detect-cybersecurity-threats www.secnews.physaphae.fr/article.php?IdArticle=8397627 False Ransomware,Data Breach,Tool,Vulnerability,Threat,Cloud Equifax 2.0000000000000000 SecurityWeek - Security News La Watchdog financier de l'UK \'s FCA impose A & Pound; 11 millions (environ 13,5 millions de dollars) amende à Equifax sur la violation de données de 2017.

---

>UK\'s financial watchdog FCA imposes a £11 million (approximately $13.5 million) fine to Equifax over the 2017 data breach. ]]> 2023-10-16T11:41:41+00:00 https://www.securityweek.com/equifax-gets-13-5-million-fine-over-2017-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8396199 False Data Breach,Legislation Equifax 2.0000000000000000 Recorded Future - FLux Recorded Future Vendredi, la société britannique de rédaction de crédit a été condamnée à une amende et à 11 164 400 (environ 13,6 millions de dollars) par un régulateur britannique pour avoir permis aux pirates d'accéder à des informations personnelles de millions de personnes en 2017. Environ 13,8 millions de consommateurs britanniques ont été touchés dans l'incident, selonà la Financial Conduct Authority, et il reste l'un des

---

The UK arm of credit reporting firm Equifax was fined £11,164,400 (about $13.6 million) on Friday by a British regulator for allowing hackers to access personal information of millions of people in 2017. About 13.8 million UK consumers were affected in the incident, according to the Financial Conduct Authority, and it remains one of the]]> 2023-10-13T18:15:00+00:00 https://therecord.media/uk-fines-equifax-millions-for-2017-data-breach www.secnews.physaphae.fr/article.php?IdArticle=8395238 False Data Breach,Legislation Equifax 3.0000000000000000 The Register - Site journalistique Anglais Not quite a pound for every one of the 13.8 million affected UK citizens, and it could have been more The UK\'s Financial Conduct Authority (FCA) has fined Equifax a smidge over £11 million ($13.6 million) for severe failings that put millions of consumers at risk of financial crime.…]]> 2023-10-13T13:05:49+00:00 https://go.theregister.com/feed/www.theregister.com/2023/10/13/equifax_fca_fine/ www.secnews.physaphae.fr/article.php?IdArticle=8395121 False None Equifax 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The UK FCA held Equifax Ltd responsible for failing to protect UK consumer data held by its US-based parent company]]> 2023-10-13T11:45:00+00:00 https://www.infosecurity-magazine.com/news/regulator-fine-equifax-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8395107 False Data Breach Equifax 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain bon article sur la façon dont les pirates obtiennent à moindre coût les informations personnelles des bureaux de crédit: C'est le résultat d'un criminel d'armes secret vend l'accès en ligne qui semble exploiter un ensemble de données particulièrement puissant: l'en-tête de crédit de la cible.Il s'agit d'informations personnelles que les bureaux de crédit Experian, Equifax et TransUnion ont sur la plupart des adultes en Amérique via leurs cartes de crédit.Grâce à un réseau complexe d'accords et d'achats, ces données se déplacent des bureaux de crédit à d'autres sociétés qui l'offrent aux collecteurs de dettes, aux compagnies d'assurance et aux forces de l'ordre ...

---

The new site 404 Media has a good article on how hackers are cheaply getting personal information from credit bureaus: This is the result of a secret weapon criminals are selling access to online that appears to tap into an especially powerful set of data: the target’s credit header. This is personal information that the credit bureaus Experian, Equifax, and TransUnion have on most adults in America via their credit cards. Through a complex web of agreements and purchases, that data trickles down from the credit bureaus to other companies who offer it to debt collectors, insurance companies, and law enforcement...]]> 2023-09-07T11:09:35+00:00 https://www.schneier.com/blog/archives/2023/09/the-hacker-tool-to-get-personal-data-from-credit-bureaus.html www.secnews.physaphae.fr/article.php?IdArticle=8380027 False Tool Equifax 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) It\'s no secret that data leaks have become a major concern for both citizens and institutions across the globe. They can cause serious damage to an organization\'s reputation, induce considerable financial losses, and even have serious legal repercussions. From the infamous Cambridge Analytica scandal to the Equifax data breach, there have been some pretty high-profile leaks resulting in massive]]> 2023-05-22T16:42:00+00:00 https://thehackernews.com/2023/05/are-your-apis-leaking-sensitive-data.html www.secnews.physaphae.fr/article.php?IdArticle=8338400 False None Equifax,Equifax 3.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain 2023-02-14T12:06:06+00:00 https://www.schneier.com/blog/archives/2023/02/what-will-it-take.html www.secnews.physaphae.fr/article.php?IdArticle=8310001 False Ransomware Solardwinds,Equifax,Equifax 2.0000000000000000 SecurityWeek - Security News The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while cybercriminals have had their restraints reduced. ]]> 2023-02-01T12:00:00+00:00 https://www.securityweek.com/cyber-insights-2023-ics-and-operational-technology/ www.secnews.physaphae.fr/article.php?IdArticle=8306213 False Industrial Equifax 3.0000000000000000 Krebs on Security - Chercheur Américain 2022-12-20T20:08:40+00:00 https://krebsonsecurity.com/2022/12/the-equifax-breach-settlement-offer-is-real-for-now/ www.secnews.physaphae.fr/article.php?IdArticle=8293161 False None Equifax,Equifax 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 2022-08-23T17:30:00+00:00 https://www.infosecurity-magazine.com/news/ex-security-chief-twitter-cyber/ www.secnews.physaphae.fr/article.php?IdArticle=6487271 False None Equifax None CSO - CSO Daily Dashboard data breaches since 2019 suggest that regulators are getting more serious about organizations that don't properly protect consumer data. Marriott was hit with a $124 million fine, later reduced, while Equifax agreed to pay a minimum of $575 million for its 2017 breach. Now, the Equifax fine has been eclipsed by the $1.19 billion fine levied against the Chinese firm Didi Global for violating that nation's data protection laws, and by the $877 million fine against Amazon last year for running afoul of the General Data Protection Regulation (GDPR) in Europe.To read this article in full, please click here]]> 2022-08-16T02:00:00+00:00 https://www.csoonline.com/article/3410278/the-biggest-data-breach-fines-penalties-and-settlements-so-far.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=6349701 False Data Breach Equifax,Equifax None CSO - CSO Daily Dashboard the massive 2017 data breach at the credit reporting agency Equifax, have been traced back to unpatched vulnerabilities-a 2019 Tripwire study found that 27% of all breaches were caused by unpatched vulnerabilities, while a 2018 Ponemon study put the number at a jaw-dropping 60%.To read this article in full, please click here]]> 2022-06-14T02:00:00+00:00 https://www.csoonline.com/article/3663493/vulnerability-management-mistakes-cisos-still-make.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=5141340 False Data Breach Equifax None Fortinet ThreatSignal - Harware Vendor 2022-04-14T19:54:44+00:00 https://fortiguard.fortinet.com/threat-signal-report/4501 www.secnews.physaphae.fr/article.php?IdArticle=4453059 False Data Breach,Vulnerability,Guideline Equifax,Equifax None Kaspersky Threatpost - Kaspersky est un éditeur antivirus russe 2022-01-05T19:00:03+00:00 https://threatpost.com/ftc-pursue-companies-log4j/177368/ www.secnews.physaphae.fr/article.php?IdArticle=3928350 False None Equifax None Naked Security - Blog sophos 2022-01-05T16:37:54+00:00 https://nakedsecurity.sophos.com/2022/01/05/ftc-threatens-legal-action-over-unpatched-log4j-and-other-vulns/ www.secnews.physaphae.fr/article.php?IdArticle=3927897 False None Equifax,Equifax None Veracode - Application Security Research, News, and Education Blog 2021-09-23T08:55:21+00:00 https://www.veracode.com/blog/managing-appsec/appsec-testing-evolution-software-bill-materials www.secnews.physaphae.fr/article.php?IdArticle=3416942 False Vulnerability Equifax None IT Security Guru - Blog Sécurité 2021-09-09T10:25:08+00:00 https://www.itsecurityguru.org/2021/09/09/jenkins-discloses-attack-on-its-atlassian-confluence-service/?utm_source=rss&utm_medium=rss&utm_campaign=jenkins-discloses-attack-on-its-atlassian-confluence-service www.secnews.physaphae.fr/article.php?IdArticle=3358698 False Hack,Vulnerability,Guideline Equifax,Equifax None Krebs on Security - Chercheur Américain 2021-07-01T18:56:42+00:00 https://krebsonsecurity.com/2021/07/intuit-to-share-payroll-data-from-1-4m-small-businesses-with-equifax/ www.secnews.physaphae.fr/article.php?IdArticle=3008279 False None Equifax,Equifax None SecurityWeek - Security News It's a bigger problem than is immediately apparent, and has the potential for hacks as big as Equifax and as widespread as SolarWinds. ]]> 2021-04-08T15:06:39+00:00 http://feedproxy.google.com/~r/Securityweek/~3/zhkWu5KOBMo/library-dependencies-and-open-source-supply-chain-nightmare www.secnews.physaphae.fr/article.php?IdArticle=2605488 False None Equifax,Equifax None Veracode - Application Security Research, News, and Education Blog When it comes to securing your applications, it???s not unusual to only consider the risks from your first-party code. But if you???re solely considering your own code, then your attack surface is likely bigger than you think. Our recent State of Software Security report found that 97 percent of the typical Java application is made up of open source libraries. That means your attack surface is exponentially larger than just the code written in-house. Yet a study conducted by Enterprise Strategy Group (ESG) established that less than half of organizations have invested in security controls to scan for open source vulnerabilities. If the majority of applications are made up of open source libraries, why are most organizations only scanning their first-party code? Because most organizations assume that third-party code was already scanned for vulnerabilities by the library developer. But you can???t base the safety of your applications on assumptions. Our State of Software Security: Open Source Edition report revealed that approximately 42 percent of the third-party code pulled directly by an application developer has a flaw on first scan. And even if the third-party code appears to be free of flaws, more than 47 percent of third-party code has a transitive flaw that???s pulled indirectly from another library in use. Over the years, several organizations have learned the hard way just how dangerous it is to only scan first-party code. In 2014, the notorious open source vulnerability ??? Heartbleed ??? occurred. Heartbleed was the result of a flaw in OpenSSL, a third-party library that implemented the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. The vulnerability enabled cyberattackers to access over 4.5 million healthcare records from Community Health Systems Inc. In 2015, there was a critical vulnerability in Glibc, a GNU C library. The open source security vulnerability nicknamed ???Ghost,??? affected all Linux servers and web frameworks such as Python, PHP, Ruby on Rails as well as API web services that use the Glibc library. The vulnerability made it possible for hackers to compromise applications with a man-in-the-middle attack. In 2017, Equifax suffered a massive data breach from Apache Struts which compromised the data ??? including social security numbers ??? of more than 143 million Americans. Following the breach, Equifax's stock fell over 13 percent. On the good news front: Close to 74 percent of open source flaws can be fixed with an update like a revision or patch. Even high-priority open source flaws don???t require extensive refactoring of code ??? close to 91 percent can be fixed with an update. Equifax had to pay up to $425 million to help people affected by the data breach that the court deemed ???entirely preventable.??? In fact, it was discovered that the breach could have been avoided with a simple patch to its open source library, Apache Struts. Don???t become a victim to the monsters lurking in your third-party libraries. Download our whitepaper Accelerating Software Development with Secure Open Source So]]> 2021-02-24T13:30:31+00:00 https://www.veracode.com/blog/intro-appsec/dangers-only-scanning-first-party-code www.secnews.physaphae.fr/article.php?IdArticle=2399323 False Data Breach,Vulnerability Equifax,Equifax None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Image Source This blog was written by an independent guest blogger. Cybersecurity may be different based on a person's viewpoint. One may want to simply protect and secure their social media accounts from hackers, and that would be the definition of what cybersecurity is to them. On the other hand, a small business owner may want to protect and secure credit card information gathered from their point-of-sale registers and that is what they define as cybersecurity. Despite differences in implementation, at its core, cybersecurity pertains to the mitigation of potential intrusion of unauthorized persons into your system(s). It should encompass all aspects of one’s digital experience--whether you are an individual user or a company. Your cyber protection needs to cover your online platforms, devices, servers, and even your cloud storage. Any unprotected area of your digital journey can serve as an exploit point for hackers and cyber criminals intent on finding vulnerabilities.  People assume that it is the responsibility of the IT Department to stop any intrusion. That may be true up to a certain point, cybersecurity responsibility rests with everyone, in reality. Cybersecurity should be everybody’s business. The cybersecurity landscape is changing. With 68% of businesses saying that their cybersecurity risks have increased, it is no wonder that businesses have been making increased  efforts to protect from, and mitigate attacks. During the height of the pandemic,  about 46% of the workforce shifted to working from home. We saw a surge in cybersecurity attacks - for example, RDP brute-force attacks increased by 400% around the same time. This is why cybersecurity must be and should be everybody’s business. According to the 2019 Cost of Cybercrime Study, cyberattacks often are successful due to employees willingly participating as an internal actors or or employees and affiliates carelessly clicking a link by accident. Sadly, it is still happening today. Unsuspecting employees can be caught vulnerable and cause a corporate-wide cyberattack by opening a phishing email or bringing risks into the company’s network in a BYOD (Bring Your Own Device) system. Just a decade ago, Yahoo experienced a series of major data breaches, via a backdoor to their network system established by a hacker (or a group of hackers). Further digital forensic investigation shows the breach started from a phishing email opened by an employee. Another example was Equifax when it experienced a data breach in 2017 and was liable for fines amounting to $425 million by the Federal Trade Commission (FTC). Companies continue to double up on their investments in cybersecurity and privacy protection today to ensure that incidents like these do not happen to their own networks. But a network is only as strong as its weakest link. Hackers continue to innovate, making their attacks more and mo]]> 2021-01-12T11:00:00+00:00 https://feeds.feedblitz.com/~/641451762/0/alienvault-blogs~Why-cybersecurity-awareness-is-a-team-sport www.secnews.physaphae.fr/article.php?IdArticle=2175341 False Ransomware,Data Breach,Malware,Vulnerability,Guideline Equifax,Equifax,Yahoo,Yahoo None SecurityWeek - Security News 2021-01-08T19:00:08+00:00 http://feedproxy.google.com/~r/Securityweek/~3/39phWYZyWg8/equifax-buys-kount-640-million-deal www.secnews.physaphae.fr/article.php?IdArticle=2160432 False None Equifax,Equifax None Veracode - Application Security Research, News, and Education Blog For this year???s State of Software Security v11 (SOSS) report, we examined how both the ???nature??? of applications and how we ???nurture??? them contribute to the time it takes to close out a security flaw. We found that the ???nature??? of applications ??? like size or age ??? can have a negative effect on how long it takes to remediate a security flaw. But, taking steps to ???nurture??? the security of applications ??? like using multiple application security (AppSec) testing types ??? can have a positive effect on how long it takes to remediate security flaws. In our first blog, Nature vs. Nurture Tip 1: Use DAST With SAST, we explored how organizations that combine DAST with SAST address 50 percent of their open security findings almost 25 days faster than organizations that only use SAST. In our second blog, Nature vs. Nurture Tip 2: Scan Frequently and Consistently, we addressed the benefits of frequent and consistent scanning by highlighting the SOSS finding that organization that scan their applications at least daily reduced time to remediation by more than a third, closing 50 percent of security flaws in 2 months. For our third tip, we will explore the importance of software composition analysis (SCA) and how ??? when used in conjunction with static application security testing (SAST) ??? it can shorten the time it takes to address security flaws. What is SCA and why is it important? SCA inspects open source code for vulnerabilities. Some assume that open source code is more secure than first-party code because there are ???more eyes on it,??? but that is often not the case. In fact, according to our SOSS report, almost one-third of applications have more security findings in their third-party libraries than in primary code. Given that a typical Java application is 97 percent third-party code, this is a concerning statistic. Since SCA is the only AppSec testing type that can identify vulnerabilities in open source code, if you don???t employ SCA, you could find yourself victim of a costly breach. In fact, in 2017, Equifax suffered a massive data breach from Apache Struts that compromised the data ??? including Social Security numbers ??? of more than 143 million Americans. Following the breach, Equifax's stock fell over 13 percent. How can SCA with SAST shorten time to remediation? If you are only using static analysis to assess the security of your code, your attack surface is likely bigger than you think. You need to consider third-party code as part of your attack surface, which is only uncovered by using SCA. By incorporating software composition analysis into your security testing mix, you can find and address more flaws. According to SOSS, organizations that employ ???good??? scanning practices (like SCA with SAST), tend to be more mature and further along in their AppSec journey. And organizations with mature AppSec programs tend to remediate flaws faster. For example, employing SCA with SAST cuts ti]]> 2021-01-05T13:25:00+00:00 https://www.veracode.com/blog/intro-appsec/nature-vs-nurture-tip-3-employ-sca-sast www.secnews.physaphae.fr/article.php?IdArticle=2146384 False Data Breach Equifax None Veracode - Application Security Research, News, and Education Blog Over the past year, the financial services industry has been challenged with pivoting its operations to a fully digital model, putting the security of its software center stage. Despite the unanticipated pivot, our recent State of Software Security v11 (SOSS) report found that the financial services industry has the smallest proportion of applications with security flaws compared to other sectors, along with the second-lowest prevalence of severe security flaws, and the best security flaw fix rate. But despite the impressive fix rate, the financial services industry is falling behind when it comes to the time to make those fixes. This is a troubling finding because speed matters in application security. The time it takes for attackers to come up with exploits for newly discovered vulnerabilities is measured in days, sometimes even hours. Letting known vulnerabilities linger unfixed dramatically increases your risk. For instance, it was merely days between disclosure and exploitation of the vulnerability in the Apache Struts framework that led to theﾂ?Equifax breach. By looking at the data, the reason for the delay in remediation becomes more clear. In the financial services sector, applications tend to be older than those in other industry sectors and the organizations are fairly large. Combined with these challenging factors, developers and security professionals in this industry aren???t regularly employing best practices consistent with DevSecOps and known to improve fix rates, such as scanning for security both frequently and regularly and using more than one testing type. What does this mean for the financial services industry? The data suggests that for many financial services firms, developers face a challenging environment, with the adoption of additional DevSecOps practices showing the most opportunity for improvement in addressing security flaws. And while talking about flaws, it???s worth noting that the most common security flaws in the financial services industry are information leakage, code quality, and CRLF injection. Injection flaws are especially important to keep an eye on since they???re the top web application security risk according to OWASP Top 10. On a positive note, the industry has lower than average cryptography, input validation, Cross-Site Scripting, and credentials management flaws. For more information on software security trends in the financial services industry, check out The State of Software Security Industry Snapshot.]]> 2020-11-10T09:10:27+00:00 https://www.veracode.com/blog/intro-appsec/financial-services-industry-74-apps-have-security-flaws www.secnews.physaphae.fr/article.php?IdArticle=2103304 False Vulnerability Equifax None The State of Security - Magazine Américain Read More ]]> 2020-10-13T03:01:09+00:00 https://www.tripwire.com/state-of-security/featured/shared-responsibility-configuration-management-cloud-sector-2020/ www.secnews.physaphae.fr/article.php?IdArticle=1972542 False None Equifax None Veracode - Application Security Research, News, and Education Blog Most modern codebases are dependent on open source libraries. In fact, a recent research report sponsored by Veracode and conducted by Enterprise Strategy Group (ESG) found that more than 96 percent of organizations use open source libraries in their codebase. But ??? shockingly ??? less than half of these organizations have invested in specific security controls to scan for open source vulnerabilities. Why is it important to scan open source libraries? For our State of Software Security: Open Source Edition report, we analyzed the security of open source libraries in 85,000 applications and found that 71 percent have a flaw. The most common open source flaws identified include Cross-Site Scripting, insecure deserialization, and broken access control. By not scanning open source libraries, these flaws remain vulnerable to a cyberattack. ﾂ?ﾂ?ﾂ? Equifax made headlines by not scanning its open source libraries. In 2017, Equifax suffered a massive data breach from Apache Struts which compromised the data ??? including social security numbers ??? of more than 143 million Americans. Following the breach, Equifax's stock fell over 13 percent. The unfortunate reality is that if Equifax performed AppSec scans on its open source libraries and patched the vulnerability, the breach could have been avoided. ﾂ? Why aren???t more organizations scanning open source libraries? If 96 percent of organizations use open source libraries and 71 percent of applications have a third-party vulnerability, why is it that less than 50 percent of organizations scan their open source libraries? The main reason is that when application developers add third-party libraries to their codebase, they expect that library developers have scanned the code for vulnerabilities. Unfortunately, you can???t rely on library developers to keep your application safe. Approximately 42 percent of the third-party code pulled directly by an application developer has a flaw on first scan. And even if the third-party code appears to be free of flaws, more than 47 percent of third-party code has a transitive flaw that???s pulled indirectly from another library in use. What are your options for managing library security flaws? First off, it???s important to note that most flaws in open source libraries are easy to fix. Close to 74 percent of the flaws can be fixed with an update like a revision or patch. Even high priority flaws are easy to fix ??? close to 91 percent can be fixed with an update. So, when it comes to managing your library security flaws, the concentration should not just be, ???How]]> 2020-10-01T14:10:28+00:00 https://www.veracode.com/blog/intro-appsec/96-organizations-use-open-source-libraries-less-50-manage-their-library-security www.secnews.physaphae.fr/article.php?IdArticle=2103312 False Data Breach,Tool,Vulnerability Equifax None The Last Watchdog - Blog Sécurité de Byron V Acohido Equifax or Capital One.Related: Why cybersecurity should reflect … (more…) ]]> 2020-03-26T14:54:41+00:00 https://www.lastwatchdog.com/qa-accedians-michael-rezek-on-using-network-traffic-analysis-to-defend-hybrid-networks/ www.secnews.physaphae.fr/article.php?IdArticle=1620889 False None Equifax None Malwarebytes Labs - MalwarebytesLabs A roundup of the previous week's security news, including Malwarebytes' release of the 2020 State of Malware Report, online dating woes, Emotet infection vectors, ransomware attacks, and more. Categories: A week in security Tags: accusoftCISOcoronavirusDellemotetEquifaxgigabytegridworkshelixHollywoodnude photosonline datingrobbinhoodstate of malware reportxHelper (Read more...) ]]> 2020-02-18T16:40:45+00:00 https://blog.malwarebytes.com/a-week-in-security/2020/02/a-week-in-security-february-10-16/ www.secnews.physaphae.fr/article.php?IdArticle=1549609 False Ransomware,Malware Equifax None Wired Threat Level - Security News 2020-02-11T19:58:27+00:00 https://www.wired.com/story/china-equifax-anthem-marriott-opm-hacks-data www.secnews.physaphae.fr/article.php?IdArticle=1536026 False None Equifax 5.0000000000000000 Graham Cluley - Blog Security 2020-02-11T15:52:00+00:00 https://www.grahamcluley.com/china-denies-it-was-behind-the-equifax-hack-as-four-men-charged-for-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=1535714 False Data Breach,Hack Equifax None InformationSecurityBuzzNews - Site de News Securite Chinese Government Hackers Implicated In Equifax Breach: What You Need To Know]]> 2020-02-11T15:16:59+00:00 https://www.informationsecuritybuzz.com/expert-comments/chinese-government-hackers-implicated-in-equifax-breach-what-you-need-to-know/ www.secnews.physaphae.fr/article.php?IdArticle=1535683 False None Equifax None InformationSecurityBuzzNews - Site de News Securite CEO Comments On US Charges Four Chinese Military Officers Over Equifax Breach]]> 2020-02-11T12:22:31+00:00 https://www.informationsecuritybuzz.com/expert-comments/ceo-comments-on-us-charges-four-chinese-military-officers-over-equifax-breach/ www.secnews.physaphae.fr/article.php?IdArticle=1535377 False None Equifax None 01net. Actualites - Securite - Magazine Francais ]]> 2020-02-11T11:24:16+00:00 https://www.01net.com/actualites/les-etats-unis-inculpent-des-agents-chinois-pour-l-un-des-plus-gros-piratages-de-l-histoire-1855961.html www.secnews.physaphae.fr/article.php?IdArticle=1535140 False Hack Equifax None IT Security Guru - Blog Sécurité 2020-02-11T11:07:39+00:00 https://www.itsecurityguru.org/2020/02/11/chinese-military-charged-by-u-s-for-equifax-breach/?utm_source=rss&utm_medium=rss&utm_campaign=chinese-military-charged-by-u-s-for-equifax-breach www.secnews.physaphae.fr/article.php?IdArticle=1535278 True None Equifax None Krebs on Security - Chercheur Américain 2020-02-11T03:25:52+00:00 https://krebsonsecurity.com/2020/02/u-s-charges-4-chinese-military-officers-in-2017-equifax-hack/ www.secnews.physaphae.fr/article.php?IdArticle=1534680 True Hack Equifax None Security Affairs - Blog Secu 2020-02-10T22:46:29+00:00 https://securityaffairs.co/wordpress/97615/cyber-warfare-2/equifax-doj-charges-chinese-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=1534362 False None Equifax None Wired Threat Level - Security News 2020-02-10T17:52:32+00:00 https://www.wired.com/story/equifax-hack-china www.secnews.physaphae.fr/article.php?IdArticle=1533996 False Hack Equifax None BBC - BBC News - Technology 2020-02-10T17:00:03+00:00 https://www.bbc.co.uk/news/world-us-canada-51449778 www.secnews.physaphae.fr/article.php?IdArticle=1533954 False Hack Equifax None ZD Net - Magazine Info 2020-02-10T15:19:00+00:00 https://www.zdnet.com/article/doj-charges-four-chinese-military-hackers-for-equifax-hack/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1533764 False Hack Equifax None Bleeping Computer - Magazine Américain 2020-02-10T13:09:19+00:00 https://www.bleepingcomputer.com/news/security/us-charges-chinese-mlitary-hackers-for-equifax-breach/ www.secnews.physaphae.fr/article.php?IdArticle=1534098 False None Equifax None Bleeping Computer - Magazine Américain 2020-02-10T13:09:19+00:00 https://www.bleepingcomputer.com/news/security/us-charges-chinese-military-hackers-for-equifax-breach/ www.secnews.physaphae.fr/article.php?IdArticle=1534466 True None Equifax None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2020-02-10T07:57:01+00:00 http://feedproxy.google.com/~r/TheHackersNews/~3/3bn3pKfuKMM/equifax-chinese-military-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=1533847 False Data Breach Equifax None Dark Reading - Informationweek Branch 2020-01-15T18:00:00+00:00 https://www.darkreading.com/attacks-breaches/2017-data-breach-will-cost-equifax-at-least-$138-billion-/d/d-id/1336815?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1501538 False Data Breach Equifax None UnderNews - Site de news "pirate" francais Rapport WatchGuard Q3 2019 : la vulnérabilité à l'origine de la faille Equifax, toujours largement utilisée ; 50% des attaques détectées sont des "zéro-day". Le dernier rapport en matière de sécurité Internet de WatchGuard révèle également une augmentation significative des malwares et autres attaques réseau, les malwares dits " Zero Day " représentant 50 % de l'ensemble des attaques détectées.]]> 2019-12-17T13:40:21+00:00 https://www.undernews.fr/hacking-hacktivisme/la-faille-de-securite-dequifax-classee-principale-attaque-reseau.html www.secnews.physaphae.fr/article.php?IdArticle=1493932 False None Equifax None Bleeping Computer - Magazine Américain 2019-10-31T17:29:24+00:00 https://www.bleepingcomputer.com/news/security/active-duty-us-military-now-gets-free-credit-monitoring/ www.secnews.physaphae.fr/article.php?IdArticle=1437400 False None Equifax None IT Security Guru - Blog Sécurité 2019-10-30T09:51:54+00:00 https://www.itsecurityguru.org/2019/10/30/10-percent-of-small-businesses-to-impacted-by-data-breach/?utm_source=rss&utm_medium=rss&utm_campaign=10-percent-of-small-businesses-to-impacted-by-data-breach www.secnews.physaphae.fr/article.php?IdArticle=1434671 False Data Breach Equifax None Malwarebytes Labs - MalwarebytesLabs A new government front has emerged against stalkerware-the US Federal Trade Commission. Following enforcement against Retina-X and its founder, what's next? Categories: Stalkerware Tags: Capital Oneconsent agreementconsent orderdata breachdata breachesEquifaxFederal Trade CommissionFTCFTC Bureau of Consumer ProtectionMarriottMobileSpyMotherboardnational domestic violence hotlineNational Network to End Domestic ViolencePhoneSheriffRetina-XRetina-X StudiosstalkerwareStealthGenieTeenSafeUberUS Federal Trade CommissionVice (Read more...) ]]> 2019-10-29T15:56:37+00:00 https://blog.malwarebytes.com/stalkerware/2019/10/stalkerware-developer-dealt-new-blow-by-ftc/ www.secnews.physaphae.fr/article.php?IdArticle=1433405 False None Uber,Equifax None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC fascinating interview with the former Chief Information Officer of Equifax, Graeme Payne.  If you are unfamiliar with Graeme, he was the scapegoat for the Equifax breach; described in Congressional testimony as “the human error” that caused the breach.  Graeme, however, is a true gentleman who is very gracious about his situation.  He explained that the servers that were breached were “under his watch”, so it makes sense that he was the person who was ultimately held responsible for the breach. In Graeme’s recently published a book, The New Era of Cybersecurity Breaches, Graeme describes the events of the Equifax breach and offers practical steps to secure a company from the same fate that was suffered by Equifax.  The only reason I have not yet read the book is because I did not know it existed.  Now, it is on my wish list, and, if the description lives up to the book contents, I anticipate an excellent read! One item that struck me as peculiar during Graeme’s interview was that he stated, contrary to all the reports about the breach, that the breached server was patched against the Apache Struts.  To be clear, all of the news reports indicated that Equifax received notice of the vulnerability, the available patch, yet did nothing to prevent it. I asked the following question: Didn’t you scan the servers after the patches were applied?  (It is excellent that BrightTalk offers interactive webcasts like this.) Graeme responded that they scanned the servers for vulnerabilities, and the patch was reported as successfully applied to the server.  How is that possible? A further discussion ensued, in which the importance of authenticated versus unauthenticated scans was mentioned.  It even drifted into the idea that a company should use two different scanners!  We are not all the size of an Equifax corporation.  Running two scanners is simply unmanageable for many medium sized enterprises. I posted a follow-up question: How did the vendor of the vulnerability scanner respond once the breach occurred.  Unfortunately, Graeme was not at liberty to discuss that.  (If you are unfamiliar with the legal system, it probably means that the terms of his dismissal are confidential, and he cannot discuss various topics, such as any impending action against a vendor.) Whatever the vendor’s response, it doesn’t matter.  What matters is that the largest breach in history (to date), may not have been the result of human error or negligence.  It may have been just another case of a misconfiguration problem, this time, with a vulnerability scanner. Given the recent breaches that have involved cloud misconfigurations, it is important to remember that these problems can still exist within the cozy confines of an organization.  Graeme seems to be doing fine in his new existence, not as a scapegoat, but as a Phoenix.  I empathize with how he was treated, and I am confident that I speak for all the security community by saying, we wish him well.    ]]> 2019-10-29T13:00:00+00:00 https://feeds.feedblitz.com/~/608389106/0/alienvault-blogs~Was-the-largest-breach-in-history-a-misconfiguration-problem www.secnews.physaphae.fr/article.php?IdArticle=1432924 False Vulnerability Equifax None InformationSecurityBuzzNews - Site de News Securite COMMENT: Equifax Used Default ‘Admin’ User Name And Password To Secure Hacked Portal]]> 2019-10-22T13:39:47+00:00 https://www.informationsecuritybuzz.com/expert-comments/comment-equifax-used-default-admin-user-name-and-password-to-secure-hacked-portal/ www.secnews.physaphae.fr/article.php?IdArticle=1419806 False Data Breach Equifax None CSO - CSO Daily Dashboard 2019-10-14T03:00:00+00:00 https://www.csoonline.com/article/3444488/equifax-data-breach-faq-what-happened-who-was-affected-what-was-the-impact.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1402160 False Data Breach Equifax None The Last Watchdog - Blog Sécurité de Byron V Acohido 2019-09-23T08:46:59+00:00 https://www.lastwatchdog.com/new-tech-how-cryptographic-splitting-bakes-in-security-at-a-protect-the-data-itself-level/ www.secnews.physaphae.fr/article.php?IdArticle=1355563 False Data Breach Uber,Equifax,Yahoo None SecurityWeek - Security News 2019-09-20T15:43:55+00:00 http://feedproxy.google.com/~r/Securityweek/~3/_585AIyGv0E/200000-sign-petition-against-equifax-data-breach-settlement www.secnews.physaphae.fr/article.php?IdArticle=1353790 False Data Breach Equifax None Wired Threat Level - Security News 2019-09-09T21:25:03+00:00 https://www.wired.com/story/equifax-settlement-money-email-get-paid www.secnews.physaphae.fr/article.php?IdArticle=1316319 False None Equifax None IT Security Guru - Blog Sécurité 2019-09-05T13:22:05+00:00 https://www.itsecurityguru.org/2019/09/05/breach-costs-increasing-due-to-rising-fines/ www.secnews.physaphae.fr/article.php?IdArticle=1307730 True None Equifax None ZD Net - Magazine Info 2019-08-22T13:13:01+00:00 https://www.zdnet.com/article/uk-cybersecurity-agency-warns-devs-to-drop-python-2-due-to-looming-eol-security-risks/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1278580 False None Wannacry,Equifax None SecurityWeek - Security News Equifax 2017. Marriott 2018. Capital One 2019. ]]> 2019-08-05T16:25:04+00:00 https://www.securityweek.com/id-theft-stings-its-hard-pin-specific-data-hacks www.secnews.physaphae.fr/article.php?IdArticle=1248573 False Data Breach Equifax None Malwarebytes Labs - MalwarebytesLabs A roundup of security news from July 29 - August 4 including Capital One breach, Lord Exploit Kit, more Magecart skimming, ATM attacks, QR code scams, and Equifax payout. Categories: Malwarebytes news Tags: android qatm attacksboard of directorsCapital OneEquifaxEquifax breachexploit kitexploit kitsgermanwipergovernment cybersecurityLord exploit kitMagecartMageCart attacks (Read more...) ]]> 2019-08-05T15:44:03+00:00 https://blog.malwarebytes.com/malwarebytes-news/2019/08/a-week-in-security-july-29-august-4/ www.secnews.physaphae.fr/article.php?IdArticle=1244733 False None Equifax None CSO - CSO Daily Dashboard 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] I'll be there along with an assortment of my ESG colleagues. Here are some of the things we'll be looking for:]]> 2019-08-05T03:00:00+00:00 https://www.csoonline.com/article/3429363/looking-for-answers-at-black-hat-2019-5-important-cybersecurity-issues.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1243949 False Threat Equifax None Malwarebytes Labs - MalwarebytesLabs The Capital One data breach is an exceptional example, if only because of how much we already know. Not only that, but the breach happened to one of the technical front-runners in banking. Categories: Reports Tags: Amazon Elastic Compute CloudAmazon web servicesawsCapital OneCapital One data breachdata breachEC2EquifaxEquifax breachfintechiamidentity access managementPaige Thompson (Read more...) ]]> 2019-08-02T16:00:00+00:00 https://blog.malwarebytes.com/reports/2019/08/capital-one-breach-exposes-over-100-million-credit-card-applications/ www.secnews.physaphae.fr/article.php?IdArticle=1239194 False Data Breach Equifax None SecurityWeek - Security News 2019-08-01T15:20:05+00:00 https://www.securityweek.com/ftc-warns-cash-option-may-be-small-equifax-settlement www.secnews.physaphae.fr/article.php?IdArticle=1239273 False Data Breach Equifax None ZD Net - Magazine Info 2019-08-01T10:42:01+00:00 https://www.zdnet.com/article/ftc-too-many-people-signed-up-for-equifax-cash-so-theyll-be-getting-less-than-125/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1236577 False None Equifax None Wired Threat Level - Security News 2019-08-01T00:37:02+00:00 https://www.wired.com/story/equifax-settlement-money-will-get www.secnews.physaphae.fr/article.php?IdArticle=1235993 False None Equifax None Bleeping Computer - Magazine Américain 2019-07-31T19:31:02+00:00 https://www.bleepingcomputer.com/news/security/ftc-tells-equifax-victims-to-opt-for-credit-monitoring-over-125/ www.secnews.physaphae.fr/article.php?IdArticle=1235920 False Data Breach Equifax None Network World - Magazine Info 2019-07-31T10:33:00+00:00 https://www.networkworld.com/video/97107/the-latest-large-scale-data-breach-capital-one-tech-feed#tk.rss_security www.secnews.physaphae.fr/article.php?IdArticle=1237671 False None Equifax None CSO - CSO Daily Dashboard CapitalOne breach has certainly made lots of headlines in less than a day since the story broke out. And sadly, it has already thrust the $700M settlement that was reached from the largest ever data breach – the Equifax one – onto the sidelines just days after the news of that settlement broke out.But going back to CapitalOne, there are lots of lessons to be learned there certainly. I want to focus on where CapitalOne's data centers were and what that means for the rest of the planet from a security perspective. CapitalOne has been one of the most vocal AWS customers. They have appeared at numerous AWS events and touted how they have completely shuttered all their data centers and run exclusively on Amazon. And to be fair, they have also shared their best practices and use of AWS services.]]> 2019-07-31T05:55:00+00:00 https://www.csoonline.com/article/3412006/is-the-cloud-lulling-us-into-security-complacency.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1235036 False Data Breach Equifax None Malwarebytes Labs - MalwarebytesLabs Equifax has been ordered to pay at least $650 million in relation to its enormous 2017 data breach. Users who were affected might be eligible for a claim. But watch out for scams! Categories: Awareness Tags: credit monitoringdata breachdata breach settlementEquifaxEUEuropean UnionFederal Trade Commissionfraudfraud preventionFTCgdprGeneral Data Protection Regulationidentity theftphishingscamssettlementsocial security numbers (Read more...) ]]> 2019-07-30T15:00:00+00:00 https://blog.malwarebytes.com/awareness/2019/07/how-to-get-your-equifax-money-and-stay-safe/ www.secnews.physaphae.fr/article.php?IdArticle=1233560 False None Equifax None Wired Threat Level - Security News 2019-07-26T20:43:03+00:00 https://www.wired.com/story/spacex-rocket-test-starhopper-equifax-settlement-money www.secnews.physaphae.fr/article.php?IdArticle=1225772 False None Equifax None Wired Threat Level - Security News 2019-07-26T17:09:00+00:00 https://www.wired.com/story/how-to-get-equifax-settlement-money www.secnews.physaphae.fr/article.php?IdArticle=1225440 False None Equifax None CSO - CSO Daily Dashboard Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ]]]> 2019-07-26T03:00:00+00:00 https://www.csoonline.com/article/3410278/the-biggest-data-breach-fines-penalties-and-settlements-so-far.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1224662 False Data Breach Equifax None CSO - CSO Daily Dashboard Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ]]]> 2019-07-24T04:38:00+00:00 https://www.csoonline.com/article/3411139/equifax-s-billion-dollar-data-breach-disaster-will-it-change-executive-attitudes-toward-security.html#tk.rss_all www.secnews.physaphae.fr/article.php?IdArticle=1221143 False Data Breach Equifax None InformationSecurityBuzzNews - Site de News Securite Experts Commentary On Equifax Settlement]]> 2019-07-23T17:26:01+00:00 https://www.informationsecuritybuzz.com/expert-comments/experts-commentary-on-equifax-settlement/ www.secnews.physaphae.fr/article.php?IdArticle=1220104 False Data Breach Equifax None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) ]]> 2019-07-23T00:55:00+00:00 https://thehackernews.com/2019/07/equifax-data-breach-fine.html www.secnews.physaphae.fr/article.php?IdArticle=1219933 False Data Breach Equifax None Wired Threat Level - Security News 2019-07-22T19:58:00+00:00 https://www.wired.com/story/equifax-fine-not-enough www.secnews.physaphae.fr/article.php?IdArticle=1220126 False None Equifax None Graham Cluley - Blog Security 2019-07-22T19:56:03+00:00 https://www.grahamcluley.com/700-million-reasons-for-equifax-to-remember-to-patch-its-vulnerable-it-systems-in-future/ www.secnews.physaphae.fr/article.php?IdArticle=1219985 False None Equifax None Krebs on Security - Chercheur Américain 2019-07-22T19:27:01+00:00 https://krebsonsecurity.com/2019/07/what-you-should-know-about-the-equifax-data-breach-settlement/ www.secnews.physaphae.fr/article.php?IdArticle=1220036 False Data Breach Equifax None Dark Reading - Informationweek Branch 2019-07-22T18:23:00+00:00 https://www.darkreading.com/attacks-breaches/equifax-to-pay-up-to-$700mn-for-data-breach-damages/d/d-id/1335315?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple www.secnews.physaphae.fr/article.php?IdArticle=1220068 False Data Breach Equifax None ZD Net - Magazine Info 2019-07-22T14:31:00+00:00 https://www.zdnet.com/article/equifax-regulators-sign-700m-deal-to-settle-data-breach-lawsuits/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1219845 True Data Breach Equifax None Security Affairs - Blog Secu 2019-07-22T13:21:05+00:00 https://securityaffairs.co/wordpress/88759/breaking-news/equifax-700m-settlement.html www.secnews.physaphae.fr/article.php?IdArticle=1219622 False None Equifax None SecurityWeek - Security News 2017 data breach that impacted roughly 147 million people. ]]> 2019-07-22T13:16:00+00:00 https://www.securityweek.com/equifax-pay-700-million-consumers-authorities-over-2017-breach www.secnews.physaphae.fr/article.php?IdArticle=1220627 False None Equifax None BBC - BBC News - Technology 2019-07-22T11:21:04+00:00 https://www.bbc.co.uk/news/technology-49070596 www.secnews.physaphae.fr/article.php?IdArticle=1219420 False Data Breach Equifax None ZD Net - Magazine Info 2019-07-22T08:06:05+00:00 https://www.zdnet.com/article/equifax-regulators-close-to-signing-700m-deal-to-settle-data-breach-case/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1219367 False Data Breach Equifax None Malwarebytes Labs - MalwarebytesLabs A roundup of cybersecurity news from July 1-7, including stalkerware, Bitcoin generators, app permissions, Chinese spyware, some giant leaks, and a new malware attack method. Categories: A week in security Tags: bitcoinbitcoin generatorscash generatorschinaEquifaxgermanygodluaironpythonopenpgppermissionsryuksmart homestalkerware (Read more...) ]]> 2019-07-08T15:08:03+00:00 https://blog.malwarebytes.com/a-week-in-security/2019/07/a-week-in-security-july-1-7/ www.secnews.physaphae.fr/article.php?IdArticle=1193695 False Malware Equifax None Graham Cluley - Blog Security 2019-07-01T16:15:00+00:00 https://www.grahamcluley.com/ex-equifax-cio-who-knew-about-huge-data-breach-jailed-for-insider-trading/ www.secnews.physaphae.fr/article.php?IdArticle=1181727 False None Equifax None We Live Security - Editeur Logiciel Antivirus ESET “Sounds bad”, the former Equifax CIO wrote in a text after learning of the breach that ended up affecting almost half the US population ]]> 2019-07-01T16:00:02+00:00 https://www.welivesecurity.com/2019/07/01/equifax-executive-jail-insider-trading/ www.secnews.physaphae.fr/article.php?IdArticle=1181718 False None Equifax None ZD Net - Magazine Info 2019-07-01T11:30:03+00:00 https://www.zdnet.com/article/former-equifax-executive-sent-behind-bars-for-insider-trading-after-data-breach/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1181356 False Data Breach Equifax None SecurityWeek - Security News sold stock a week and a half before the company announced a massive data breach was sentenced Thursday to serve four months in federal prison for insider trading. ]]> 2019-06-28T04:58:04+00:00 https://www.securityweek.com/former-equifax-executive-gets-4-months-insider-trading www.secnews.physaphae.fr/article.php?IdArticle=1179009 False Data Breach Equifax None SecurityWeek - Security News 2019-06-17T14:19:00+00:00 https://www.securityweek.com/federal-agencies-still-using-knowledge-based-identity-verification www.secnews.physaphae.fr/article.php?IdArticle=1161178 False None Equifax None ZD Net - Magazine Info 2019-06-17T10:31:00+00:00 https://www.zdnet.com/article/equifax-breach-impacted-the-online-id-verification-process-at-many-us-govt-agencies/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1160082 False None Equifax None We Live Security - Editeur Logiciel Antivirus ESET 2019-05-28T14:50:02+00:00 https://www.welivesecurity.com/2019/05/28/equifax-negative-rating-outlook-breach/ www.secnews.physaphae.fr/article.php?IdArticle=1129417 False None Equifax None InformationSecurityBuzzNews - Site de News Securite Downgrade Of Equifax By Moody’s Due To Cyber Breach]]> 2019-05-28T11:30:05+00:00 https://www.informationsecuritybuzz.com/expert-comments/downgrade-of-equifax-by-moodys-due-to-cyber-breach/ www.secnews.physaphae.fr/article.php?IdArticle=1129064 False None Equifax None ZD Net - Magazine Info 2019-05-24T09:12:01+00:00 https://www.zdnet.com/article/equifax-rated-outlook-decimated-over-cybersecurity-breach/#ftag=RSSbaffb68 www.secnews.physaphae.fr/article.php?IdArticle=1122928 False None Equifax None SecurityWeek - Security News 2019-05-23T12:04:01+00:00 https://www.securityweek.com/moodys-downgrades-equifax-outlook-negative-over-2017-data-breach www.secnews.physaphae.fr/article.php?IdArticle=1122023 False Data Breach Equifax None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Recent statistics show that 60% of businesses are forced to suspend operations after a cyber-attack are never able to reopen for business. This is largely due to revenue lost due to downtime as well as damage to the company’s reputation. The good news is that most of these threats can be mitigated with reliable cybersecurity. When it comes to cyberattacks, time is of the essence. Businesses should install systems that will enable them to detect potential threats so as to respond in a timely manner. One of the recommended solutions is a combination of services and products from AT&T Cybersecurity, which provides edge-to-edge protection to enable businesses stay ahead of threats. Data Breach Prevention Data breaches happen when cyber criminals successfully attack systems that hold sensitive information. In the case of businesses, this may include crucial information such as employee and customer records. The exfiltration of such data outside organizational boundaries can lead to costly fines and massive monetary losses. This is evident by the fining of Equifax after it experienced a breach that exposed data belonging to 146 million people. However, businesses can employ standard security software such as antivirus and intrusion detection systems to defend against data leakages by monitoring sensitive files and data transfers. Phishing prevention Phishing involves the use of digital messages by cyber criminals to steal credit card information, user logins and other types of sensitive data. Cases of phishing attacks have been on the rise and any business on the web can be targeted. As more businesses are aware of the risks posed by suspicious emails and links, hackers have upped the ante by using machine learning to distribute malicious messages with the aim of targeting frail businesses. Sensitive data can also be compromised by third parties, such as partners and contractors. Businesses should employ effective strategies for finding partners and contractors so as to reduce security risks posed by them. Employee training, installation of security systems and updating of all software are essential methods to greatly reduce phishing attacks. Ransomware prevention & detection For many businesses around the world, ransomware can be a nightmare. The average ransomware attack costs a company a whopping $133,000. Cyber criminals make use of malicious software to encrypt a victim’s data and then demand ransoms in order to decrypt the data. Paying these ransoms doesn’t always guarantee access, since criminals cannot be trusted and so businesses should take measures to avoid such situations. One of the measures is to use updated security software, have a good backup and restore plan and also to train employees on how to avoid emails that may carry ransomware. The importance of cybersecurity cannot be stressed enough. Companies have been reduced to rubble because of inadequate security to their systems. Cyber criminals are ]]> 2019-05-15T13:00:00+00:00 https://feeds.feedblitz.com/~/602730048/0/alienvault-blogs~Critical-Cyber-Security-features-that-your-business-needs-to-survive www.secnews.physaphae.fr/article.php?IdArticle=1140183 False Ransomware,Guideline Equifax 4.0000000000000000 Data Security Breach - Site de news Francais 2019-05-12T16:08:00+00:00 https://www.datasecuritybreach.fr/equifax-le-pirate-a-plus-de-14-milliard-de-perte/ www.secnews.physaphae.fr/article.php?IdArticle=1104143 False None APT 15,Equifax None Security Affairs - Blog Secu 2019-05-12T13:27:02+00:00 https://securityaffairs.co/wordpress/85379/security/equifax-data-breach-cost.html www.secnews.physaphae.fr/article.php?IdArticle=1104015 False None Equifax None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC A Beginner's Guide to Test Automation | Sticky Minds All roads lead to exploratory testing When I’m faced with something to test – be it a feature in a software application or a collection of features in a release, my general preference is weighted strongly towards exploratory testing. When someone who doesn’t know a great deal about testing wants me or my team to do testing for them, I would love to educate them on why exploratory testing could be a strong part of the test strategy. All roads lead to exploratory testing | Womentesters While on the topic of testing Testing Behaviours — Writing A Good Gherkin Script | Medium, Jo Mahadevan Single-page, server-side, static… say what? An emoji-filled learning journey about the trade-offs of different website architectures, complete with gifs, diagrams, and demo apps. If you’ve been hanging around the internet, trying to build websites and apps, you may have heard some words in conversation like static site or server-side rendered (SSR) or single-page app (SPA). But what do all of these words mean? How does each type of application architecture differ? What are the tradeoffs of each approach and which one should you use when building your website? Single-Page, Server-Side, Static… say what? | Marie Chatfield If, like me you enjoyed this post by Marie, check out some of her other posts which are great. Quick plug to Protocol-andia: Welcome to the Networking Neighborhood. A whimsical introduction to how computers talk to each other, and what exactly your requests are up to. Strengthen your security posture: start with a cybersecurity framework The 2017 Equifax data breach is expected to break all previous records for data breach costs, with Larry Ponemon, chairman of the Ponemon Institute, estimating the final cost to be more than $600 million. Even non-enterprise-level organizations suffer severe consequences for data breaches. According to the National Cyber Security Alliance, mid-market companies pay more than $1 million in post-attack mitigation, and the average cost of a data breach to an SMB is $117,000 per incident. While estimates vary, approximately 60% of businesses who suffer a breach are forced to shut down business within 6 months. It is mor]]> 2019-04-12T13:00:00+00:00 https://feeds.feedblitz.com/~/600760182/0/alienvault-blogs~Things-I-hearted-this-week-th-April www.secnews.physaphae.fr/article.php?IdArticle=1093204 False Guideline,Prediction APT 39,Equifax None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Known security vulnerabilities: hidden in plain sight While there are always going to be those exploits kicking around in the darker corners of the hackerverse and require an effective threat intelligence solution, the vast majority of vulnerabilities for both commercial and open source products end up on security advisories like the National Vulnerability Database (NVD), the popular U.S. government-backed database that analyzes reported software vulnerabilities (CVE’s). For years now, we have been seeing a moderate yet steady climb in the number of software vulnerabilities (CVEs) being reported. However, the count for 2017 more than doubled the previous year’s number, spiking from 6,447 to 14,714 CVEs in the books. Hardly a fluke - 2018 recorded 16,555 vulnerabilities. I have theorized on why we are seeing more of these vulnerabilities coming to light, due in part to bug bounties and corporate sponsorship for research into open source security efforts. Frankly, more money being thrown at the problem is helping to play a positive role in making software safer, but it only tells a part of the story. Where do software security vulnerabilities go once they are discovered? While the NVD is generally considered to be the authoritative listing for vulnerabilities and is where many security folk and developers go to search for known vulnerabilities, their details, and their fixes. Not all, but most known vulnerabilities can be found there, and that’s the good news. The bad news is that the information pertaining to these vulnerabilities is spread out across multiple sources, making the job of keeping track of them considerably more difficult. Not every vulnerability makes its way directly to the NVD through the standard CVE route. Vulnerabilities reach the CVE, another U.S.-government-backed organization run by the non-profit MITRE Corporation, through reports from security researchers, project maintainers, or companies in the case of commercial software. When a vulnerability is discovered by a researcher, the common practice is to notify the vendor or project maintainer and then reach out to the CVE to reserve an identification number. Information about what has been found to be vulnerable and how to exploit it is withheld during a grace period, (typically 60-90 days) which is meant to allow the product/project’s team time to develop a fix for the vulnerability.  Vulnerabilities reported for commercial products like Microsoft’s Win]]> 2019-04-02T13:00:00+00:00 https://feeds.feedblitz.com/~/600253258/0/alienvault-blogs~Information-on-open-source-vulnerabilities-is-as-distributed-as-the-community www.secnews.physaphae.fr/article.php?IdArticle=1087356 False None Equifax None