Category Archives: Equifax

Congress rips ex-Equifax CEO over breach: ‘I don’t think we can pass a law that … fixes stupid’

Posted on by

Lawmakers shamed former Equifax CEO Richard Smith Tuesday over the company’s humongous data breach, scolding him over everything from allowing the breach to happen to the long list of issues that stemmed from the company’s public response. Smith took questioning from the House Energy and Commerce’s Subcommittee on Digital Commerce and Consumer Protection, the first of three breach-related hearings scheduled for this week. While the panel lambasted him for the company’s actions,  Smith offered little details outside of his prepared testimony. In an exchange with Rep. Greg Walden, R-Ore., Smith explained that the breach occurred because IT and security personnel at Equifax failed to find and patch the software vulnerability after being notified by the Department of Homeland Security. “It appears this breach happened because the company didn’t know it was running certain software on it’s system,” Walden said. “How does this happen when so much is at stake? I don’t think […]

The post Congress rips ex-Equifax CEO over breach: ‘I don’t think we can pass a law that … fixes stupid’ appeared first on Cyberscoop.

Continue reading Congress rips ex-Equifax CEO over breach: ‘I don’t think we can pass a law that … fixes stupid’

ICANN, Duo Security, iPhone Hacking, and Whole Foods – Hack Naked News #143

Posted on by

The internet isn’t ready for DNS sec, Netgear patches away, Whole Foods is the latest victim of a credit card breach, and more. Ferruh Mavituna and Sven Morgenroth of Netsparker join us to discuss Apache Struts vulnerability and the Equifax breach on this episode of Hack Naked News! News ICANN Postpones Scheduled DNS Crypto Key […]

The post ICANN, Duo Security, iPhone Hacking, and Whole Foods – Hack Naked News #143 appeared first on Security Weekly.

Continue reading ICANN, Duo Security, iPhone Hacking, and Whole Foods – Hack Naked News #143

FBI issues flash alert on Apache Struts vulnerability

Posted on by

Law enforcement is just beginning to understand the damage caused by a single, highly publicized software vulnerability that was labeled as a key reason credit reporting agency Equifax suffered a disastrous data breach earlier this year. The FBI is asking for help from the private sector to identify and track a group that recently was found to target older versions of the open source web application framework Apache Struts. The vulnerability, which was originally disclosed in March, remains present inside hundreds of corporate networks. Apache Struts is especially popular within the U.S.’s three big credit reporting agencies. More than 145 million people were affected by the Equifax breach. This call for information comes in the form of an FBI Flash alert sent Sept. 29 and obtained by CyberScoop. The flash alert, labeled “TLP:AMBER,” provides technical indicators related to a recent, unnamed corporate breach involving a hacker exploiting a remote code execution vulnerability in Apache […]

The post FBI issues flash alert on Apache Struts vulnerability appeared first on Cyberscoop.

Continue reading FBI issues flash alert on Apache Struts vulnerability

Whoops, Turns Out 2.5 Million More Americans Were Affected By Equifax Breach

Posted on by

Equifax data breach was bigger than initially reported, exposing highly sensitive information of more Americans than previously revealed.

Credit rating agency Equifax says an additional 2.5 million U.S. consumers were also impacted by the massive data… Continue reading Whoops, Turns Out 2.5 Million More Americans Were Affected By Equifax Breach

Equifax: 2.5 million more individuals impacted by hack, total rises to 145.5 million

Posted on by

More than 2 million more customers may be impacted by the Equifax data breach than the company’s original estimate of 143 million individuals, according to a statement from the company. The uncovered 2.5 million people brings the total number affected to 145.5 million. The news came as Equifax said the forensic investigation of the incident, conducted by the cybersecurity firm Mandiant, concluded on Sunday. There is no evidence attackers accessed databases outside of the United States, the company said in a release on Monday, but thousands of international customers’ data was accessed. Regulators in the United Kingdom are currently being briefed on the scope of the impact in that country. “I was advised Sunday that the analysis of the number of consumers potentially impacted by the cybersecurity incident has been completed, and I directed that the results be promptly released,” newly appointed interim CEO, Paulino do Rego Barros, Jr. said […]

The post Equifax: 2.5 million more individuals impacted by hack, total rises to 145.5 million appeared first on Cyberscoop.

Continue reading Equifax: 2.5 million more individuals impacted by hack, total rises to 145.5 million

USPS ‘Informed Delivery’ Is Stalker’s Dream

Posted on by

A free new service from the U.S. Postal Service that provides scanned images of incoming mail days before it is slated to arrive at its destination address is raising eyebrows among security experts who worry about the service’s potential for misuse by private investigators, identity thieves, stalkers or abusive ex-partners. The USPS says it hopes to have changes in place by early next year that could help blunt some of those concerns. Continue reading USPS ‘Informed Delivery’ Is Stalker’s Dream

Banking-focused phishing scheme hits inboxes in wake of Equifax breach

Posted on by

A group of hackers has been sending specially tailored phishing emails to online banking customers, stoking fears among an online population that is increasingly concerned with how cybercriminals could leverage the data stolen from credit monitoring giant Equifax. This specific phishing campaign, identified by U.S. technology firm Barracuda Networks, focuses on a string of recent banking-related emails that began to hit inboxes shortly after Equifax was originally breached, but several weeks before the incident was first publicly disclosed Sept. 7. The campaign remains active. Although the scheme’s timing has caught researchers’ attention, it remains unclear whether the criminal operation was directly related to the Equifax breach. Security experts have warned that the Equifax breach could lead to fraudulent credit card charges for affected individuals. As a result, it’s no surprise that hackers are actively attempting to impersonate legitimate banking companies as they communicate with clients about suspicious account activity. Barracuda […]

The post Banking-focused phishing scheme hits inboxes in wake of Equifax breach appeared first on Cyberscoop.

Continue reading Banking-focused phishing scheme hits inboxes in wake of Equifax breach

Amid data breach crisis, SEC head tells Congress he doesn’t know much

Posted on by

Securities and Exchange Commission chairman Jay Clayton told a panel of Senators on Tuesday that an investigation into his agency’s recently revealed data breach is ongoing and that he is looking to hire additional staff to help protect the agency’s network and data. Sitting before the Senate Banking, Housing and Urban Affairs Committee, Clayton fielded questions about the SEC breach as well as the Equifax breach, which occurred last month. In a lengthy written statement released last week, Clayton said that the SEC detected a breach into its EDGAR system in 2016. The database houses corporate disclosures that are not always immediately available to the public, meaning it could be used for insider trading. Clayton told the committee that the breach was made possible by a defect in a custom piece of software used by the independent regulator. While an exact timeline of the breach is unclear, a fix was pushed […]

The post Amid data breach crisis, SEC head tells Congress he doesn’t know much appeared first on Cyberscoop.

Continue reading Amid data breach crisis, SEC head tells Congress he doesn’t know much