Collaborate Disseminate
Watch this episode on our YouTube channel! This is your Shared Security Weekly Blaze for December 17th 2018 with your host, Tom Eston. In this week’s episode: Equifax data breach details released, more Google+ API bugs and Supermicro strikes… Continue reading Equifax Data Breach Details Released, More Google+ API Bugs, Supermicro Strikes Back – WB47
A database containing personally identifying information of 120 million Brazilian citizens and residents was accessible on the open web for some time, according to a report published Tuesday by cybersecurity company InfoArmor. The records reportedly contained the Cadastro de Pessoas Físicas (CPF) — a counterpart to Social Security numbers — of more than half of Brazil’s population of 210 million. The unprotected CFPs were linked to people’s basic contact information, financial accounts, credit and debit history, voting history family relations and more, InfoArmor says. The company’s researchers say they encountered the openly accessible HTTP server in March 2018 while scanning the web for compromised machines. Within the database, the file “index.html” had been renamed to “index.html_bkp,” which the report says made it visible to the public. Anyone who knew what they were looking for could have found it, InfoArmor says. While the data wasn’t discovered as part of a breach, the researchers caution […]
The post Misconfigured server exposed half of Brazilian taxpayer ID numbers: report appeared first on CyberScoop.
Continue reading Misconfigured server exposed half of Brazilian taxpayer ID numbers: report
On Tuesday, Motherboard contacted Experian after a researcher found apparent customer data in an exposed training manual. Then the manuals went offline. Continue reading Experian Exposes Apparent Customer Data in Training Manuals
The devastating 2017 breach of credit-reporting company Equifax, which exposed data on 148 million people, was “entirely preventable” had the company applied proactive security measures, a congressional investigation has concluded. “Had the company taken action to address its observable security issues prior to this cyberattack, the data breach could have been prevented,” says the report issued Monday by the House Oversight and Government Reform Committee. The committee’s 96-page report lays out why the hack, which compromised people’s names, social security numbers, addresses, credit card numbers, and other identifiers, has become a case study in failed IT leadership and software patching. A “lack of accountability and no clear lines of authority in Equifax’s IT management structure” meant key security protocols were neglected, the House panel found: Equifax allowed over 300 security certificates to expire, including 79 for monitoring “business-critical” domains. Furthermore, the company did not spot data being exfiltrated from its […]
The post House panel: Equifax breach was ‘entirely preventable’ appeared first on Cyberscoop.
Continue reading House panel: Equifax breach was ‘entirely preventable’
When criminal hackers keep breaking into big company networks to grab consumer data, the reason comes down to dollars and nonsense. Continue reading Massive Data Leaks Keep Happening Because Big Companies Can Afford to Lose Your Data
The results could start a wave of major damages for companies that collect and sell consumer information. Continue reading Lawsuits Aim Billions in Fines at Equifax and Ad-Targeting Companies
Remember how an unpatched flaw in Apache Struts caused one of the biggest data breaches in history? It could happen again, if those using Apache Struts versions 2.3.x or lower fail to replace a file-upload component with a newer version. Apache release… Continue reading Equifax nemesis Apache Struts found vulnerable to 2-year old unpatched flaw; workaround available
Facebook was fined £500,000 by the UK’s Information Commissioner’s Office (ICO) for its role in the Cambridge Analytica data scandal. […]
The post UK’s Information Commissioner’s Office (ICO) Slap Fines on Facebook and Equifax appeared fir… Continue reading UK’s Information Commissioner’s Office (ICO) Slap Fines on Facebook and Equifax
Sudhakar Reddy Bonthu wasn’t told he was working on Equifax’s breach notification website, but when he worked it out he used the information for his financial advantage.
Read more in my article on the Hot for Security blog.
Continue reading Manager who worked on Equifax’s breach website sentenced for insider trading
In August 2017, Sudhakar Reddy Bonthu, a production development manager in Equifax’s software management team was given a project codenamed “Sparta.” Bonthu’s bosses told him that the project was for one of the company’s c… Continue reading Manager who worked on Equifax’s breach website sentenced for insider trading