Equifax Archives - Cyber Security Minute

Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug

Issued by: Dark Reading

Concerns are high over a critical, recently disclosed remote code execution (RCE) vulnerability in Apache Struts 2 that attackers have been actively exploiting over the past few days. Apache Struts is a widely used open source framework for building Java applications. Developers can use it to build modular Web applications based on what is known…

News

UK FCA Fines Equifax 11 Million Pounds for 2017 Data Breach

Issued by: DataBreach Today

A British financial regulator fined American credit reporting agency Equifax 11 billion pounds for its role in one of the world’s largest data breaches. Chinese military hackers in 2017 exploited a vulnerability in Equifax’s online dispute portal to download the personal data of nearly 14 million residents of the United Kingdom as well as approximately…

Network Security

As malware and network attacks increase in 2019, zero day malware accounts for 50% of detections

Issued by: Help Net Security

Amid significant increases in both malware and network attacks, multiple Apache Struts vulnerabilities – including one used in the devastating Equifax data breach – appeared for the first time on WatchGuard’s list of most popular network attacks in Q3 2019. Massive fallout from the Equifax breach The report also highlights a major rise in zero…

Vulnerabilities

Cardholders still dropping the ball when it comes to basic ID theft prevention

Issued by: Help Net Security

Four in 10 people with a credit or debit card have provided their full Social Security number in an online form in the past month, according to a new report from CompareCards, as Americans continue to wrestle with how best to combat identity theft two years after the Equifax data breach. For the second straight…

Malware & Threats

Could an Equifax-sized data breach happen again?

Issued by: Help Net Security

Many global financial services organizations are targeted by sophisticated cyberattackers in an attempt to steal critical data and personally-identifiable information (PII), according to Vectra. Vectra disclosed that cyberattackers build hidden tunnels to break into networks and steal information. These tunnels are used to remotely control an attack, known as command-and-control, and steal data, known as…

Network Security

Equifax, former CEO reveal more details about the devastating breach

Issued by: Help Net Security

Mandiant has concluded the forensic part of its Equifax breach investigation, and the results are as follows: 2.5 million additional US consumers were potentially impacted, bringing the total to 145.5 million The initial estimate of some 100,000 Canadian citizens being impacted was incorrect: in the end, the information of some 8,000 Canadian consumers was compromised,…

Network Security

Equifax CEO Steps Down After Massive Data Breach

Issued by: Security Week

Equifax chairman and CEO Richard Smith stepped down Tuesday, just weeks after the company disclosed a massive data breach that exposed more than 143 million U.S. individuals. Paulino do Rego Barros, Jr., who most recently served as President, Asia Pacific, and is a seven-year veteran of the company, has been appointed as interim Chief Executive Officer. The…

Malware & Threats

Equifax Sent Breach Victims to Fake Website

Issued by: Security Week

Equifax has made another blunder following the massive data breach suffered by the company – it advised some customers on Twitter to access a fake support website set up by a security researcher. Equifax staff advised breach victims on Twitter at least 8 times to access securityequifax2017.com instead of equifaxsecurity2017.com, the website created by the credit reporting agency…

Vulnerabilities

Equifax attackers got in through an Apache Struts flaw?

Issued by: Help Net Security

Have the attackers responsible for the Equifax data breach exploited a vulnerability in Apache Struts, a popular open source framework for developing web applications, to compromise the company’s networks? Equifax has yet to share more details about how the attack was pulled off, but a report by financial services firm Robert W. Baird & Co….