Tag Archives: Equifax

Security Never Sleeps- Equifax Breach, DU Data Siphon

Equifax Discloses Earlier Cybersecurity Incident, But No Details

“March breach is still shaded with uncertainty”

Equifax Inc. hired cybersecurity experts to deal with an incident on its corporate networks in March, two months before the massive hack began that it has said led to the potential compromise of personal data belonging to 143 million U.S. consumers.

Infrared signals in surveillance cameras let malware jump network air gaps

“Many networks disconnected as precaution”

Researchers have been successful in creating malware that can jump airgaps by using the infrared capabilities of an infected network’s surveillance cameras to transmit data to and from attackers. The malware prototype could be a crucial ingredient for attacks that target some of the world’s most sensitive networks that were previously thought to be safe. Militaries, energy producers, and other critical infrastructure providers frequently disconnect such networks from the Internet as a precaution.

Chinese Mobile Antivirus App Caught Siphoning User Data

“Secret data theft”

Google has removed, and then reinstated, one of the most popular mobile antivirus apps on the Play Store. The move was taken after security firm Check Point discovered that DU Antivirus Security, created by the DU Group, was secretly collecting device data from users’ smartphones. Over 10 million downloads occurred without proper security precautions.

Enterprise IT security planning: Five ways to build a better strategy

“Helpful tips for a competent defense”

Those buzzwords recommended for building a successful digital business, such as flexibility, agility and openness, don’t always fit nicely with more sober requirements like the needs of a corporate security policy. So, how can IT leaders create an approach to information security that is fit for the modern business? ZDNet speaks to five experts about the key issues CIOs face.

  1. Make cybersecurity your number one priority
  2. Understand the importance of making a commitment
  3. Embed a culture of risk management across the business
  4. Apply measures that are fit for the open world
  5. Create a long-term strategy for system integrity

Enjoy your read? Check out our other content here.

Security Never Sleeps- BitGlass Talks Infosec, Equifax Failure

OurMine hacks video hosting service Vevo; leaks 3.12TB data online

“White hat hacking group strikes again”

The self proclaimed White Hat Hacking group OurMine is back in the news and this time it has targeted Vevo and released nearly 3.12TB of its internal data online. According to analysis, some of the documents released online are of sensitive nature.

Rich Campagna, CEO of 10Fold client Bitglass has commented on situations likes this before, saying that: “Acquiring credentials to access sensitive data is increasingly easy and incredibly lucrative for today’s hackers. The ease with which credentials can be compromised starts with risky behavior among users. Many end-users, for example, have a habit of recycling passwords across corporate and personal accounts, including personal social media, banking, and corporate email. This practice poses a risk to all data accessible to that user.”


“Over a week of failures has taken its toll”

Incompetence, failures, and general shady behavior in responding to its massive data breach from Equifax has confirmed that attackers entered its system in mid-May through a web-application vulnerability that had a patch available in March. In other words, the credit-reporting giant had more than two months to take precautions that would have defended the personal data of 143 million people from being exposed. It didn’t.

Northern Exposure: Data on 600K Alaskan Voters is Leaked

“Personal details leaked”

Researchers at Kromtech Security Center have discovered the personal details of over half a million US voters exposed to the public internet, once again thanks to a misconfigured database. It was a CouchDB database of 593,328 Alaskan voter records including names, addresses, dates of birth, voting preferences, household income and much more. The data in question is part of Voterbase; a larger trove of info on 191 million voters and 58m unregistered US voters managed by a TargetSmart.

Enjoy your read? Check out our other content here.

Security Never Sleeps- Equifax Hack, Google Play Malware

Equifax Confirms Hackers Used Apache Struts Vulnerability to Breach Its Servers

“More details on the major hack”

In an update posted to its security breach website, Equifax announced that hackers used an Apache Struts security bug to breach its servers and later steal data on over 143 million customers, from both the US and the UK. At the time it was discovered, in March 2017, the Apache Struts CVE-2017-5638 vulnerability was a zero-day — a term used to describe security bugs exploited by attackers but which vendors are not aware of or have a patch released. Equifax did not reveal the exact date when the security breach occurred, but only when it became aware of it — July 29, 2017. It is unclear if Equifax was breached before the Struts zero-day became public, or months after Apache made a patch available.

Attackers Can Bypass SKEL Protection in macOS High Sierra

“Malicious kernel extensions allow security evasion”

A new security feature added in macOS High Sierra (10.13) named “Secure Kernel Extension Loading” can be bypassed to allow the loading of malicious kernel extensions. Just like Linux and Windows, macOS allows applications to load third-party kernel extensions whenever they need to perform actions that require access to lower levels of the operating system.

Backdoored Plugin Impacts 200,000 WordPress Sites

“Malware updated in plugin”

Wordfence reports that around 200,000 WordPress websites were impacted after a plugin they were using was updated to include malicious code. Dubbed Display Widgets, the plugin was sold by its original author to a third-party developer on May 19, 2017, for $15,000. Roughly one month after that, the plugin was updated by its new owner and started displaying malicious behavior.

Google Is Fighting One Of The Biggest Ever Android Malware Outbreaks — Up To 21 Million Victims

“More malware!”

Surprising almost no one, another batch of Android malware has found its way onto Google Play. Researchers from Check Point have claimed to have found the second-biggest outbreak to ever hit Google’s platform, with as many as 21.1 million infections from one malware family.

Enjoy your read? Check out our other content here.

Security Never Sleeps- Data Breach Protection, Bluetooth Security

Three Ways Small Businesses Can Guard Against Data Breaches

“Cybercrime ranked as more pressing than terrorism”

After the recent Equifax data breach, now is a good time for small business owners and everyone else to review account statements and credit reports to check for incidents of ID theft and illegal activity. This should be brought to the forefront of every  especially since the U.S. Director of National Intelligence ranks cybercrime as the top national security threat in 2014, according to Pew Research Center’s State of Cybercrime Survey.

Billions of Bluetooth devices could get hit by this attack

“Over 5 billion devices at risk”

Huge numbers of devices with Bluetooth signals are at risk of a malware attack newly identified by an internet of things security company. That is most of the estimated 8.2 billion devices that use Bluetooth, which allows for our gadgets to connect and communicate wirelessly. Nearly every connected device out there has Bluetooth capability. Your phones, laptops, speakers, car entertainment systems — the list goes on and on to even the most mundane gadgets.

Apache Struts Flaw Increasingly Exploited to Hack Servers

“Imperva has detected thousands of attacks”

Security firm Imperva has detected thousands of attacks attempting to exploit a recently patched remote code execution vulnerability affecting the Apache Struts 2 open source development framework. The security hole, tracked as CVE-2017-9805, affects applications that use the REST plugin with the XStream handler for XML payloads, and it exists due to the way Struts deserializes untrusted data. An exploit was made available within hours after a patch was released.

Enjoy your read? Check out our other content here.

Big Data Horizons- Equifax, Big Data 50

Why do big hacks happen? Blame Big Data

“Databanks likely far too big”

Equifax, one of the largest credit reporting agencies, revealed on Thursday that it was hacked back in May, exposing the personal data of up to 143 million people. The data accessed by hackers contains extremely sensitive information like social security numbers, consumer’s names, and more.

This breach is a huge failure of cybersecurity, which raises many pressing privacy concerns. But it also illustrates a fundamental problem of the data economy as a whole: databanks like Equifax are too big. Consumer credit agencies like Equifax are part of the multi-billion dollar data broker industry, which is based on collecting, analyzing, and selling thousands of data points about individual people.

These companies are essentially able to accumulate as much sensitive, personal data as they can get their hands on. There is an urgent need for strict regulations on what types of data companies can collect and how much data a company can possess, both in aggregate and about individuals.

Security of data has been an incredibly important topic to users. This article calls out an important talking point that has been swirling in the data industry for some time, that is, what is an ethical collection of data, and how can companies better protect their data collections? Both are extremely important, as many obviously believe that their sensitive data should have a guaranteed protection, or else it shouldn’t be collected.

Big Data 50 – Companies Driving Innovation in 2017

“Some of the coolest firms operating now”

Evaluating new and disruptive technologies, as well as when and where they may prove useful, is the challenge. Against the rapidly evolving big data scene, this year, Big Data Quarterly presents the newest “Big Data 50,” an annual list of forward-thinking companies that are working to expand what’s possible in terms of collecting, storing, and deriving value from data.

DBTA released their annual Big Data 50 list, which include the top companies driving innovation within the big data industry. Along with naming top companies, the article also points out multiple predictions and current analysis of specific markets within the big data industry. Notable names included on the list are: Amazon Web Services, Dell EMC, IBM, MapR, Microsoft, Cloudera, and Splunk.

How Big Data Is Helping Professional Sports

“Revolutionizing game preparation” 

The use of analytical data is not solely limited to being used as a development tool for individuals and team in terms of performance but is also in popular use by clubs and leagues as they assess the interaction between fans and their stars.

Coaches Find New Ways of Developing Their Players

In the past sports relied largely on the naked eye to make a decision about the performance of specific players and teams which have now been placed in the hands of a large analytical and statistical department analyzing every aspect of the performance of a player and team.

Open to all but mainly to the richest sports

The use of big data has trickled down to the performance analysis provided for those choosing to run or walk for fitness and use mobile devices to track their distance, time, and other performance related statistics is available for all. Major sports teams and coaches have been working with analytical teams and software for a number of years with many of the world’s best-known soccer coaches leading the movement towards a technologically advanced form of coaching.

Big Data Impacts Every Aspect Of A Team

Almost every aspect of a team and club can be affected by the growing use of big data including the interaction of a club with its fans to make sure the social media interactions of fans and club reveal the impact on each spectator.

Big data is finding new use cases every day, and this article details the sports industry specifically. This big data trend is beginning to create competitive advantages in the leagues it’s being utilized in, and larger franchises that have enough disposable cash are willing to bet that data analytics will help them win.

Enjoy your read? Check out our other content here.

Security Never Sleeps- Equifax Breach, Law Enforcement Security

Equifax hack: What’s the worst that can happen?

“Tools can be used to impersonate targeted users”

Equifax has recently been the subject of a data breach, and hackers made off with the most crucial tools that identity thieves need to impersonate you. So what is the worst-case scenario? It turns out that this a very real threat to millions of Americans. If the stolen information from Equifax gets into the wrong hands, security experts say data thieves can open bank accounts, lines of credit, new credit cards and even drivers’ licenses in your name. They can saddle you with speeding tickets, steal your tax refund, swipe your Social Security check and prevent you from getting prescription drugs.

Hacking of upstate police shows need for strong cyber security

“Communications system disrupted by the attack”

In a recent incident that officials say illustrates the vulnerability of local government computer networks, the communications programs of an upstate New York police agency was disrupted by a hacking attack by a yet unknown perpetrator. The Schuyler County Sheriff’s Department, headquartered in Watkins Glen, had to get support from surrounding counties after the hack rendered its 911 emergency system and ability to dispatch deputies to calls, said Peter Kehoe, director of the New York State Sheriffs Association.

New malware stealing Indian users’ money through smartphones

“2017 is the year of malware attacks”

The most number of malware attacks have been reported this year, with the prevalence growing every day. Now a new malware — Xafecopy Trojan — has been detected in India. This malicious software attempts to steal money through its victims’ mobile phones, according to cyber security firm Kaspersky Labs. According to a new Kaspersky report, forty percent of the targeted users are Indians, indicating that geo-specific targeting is here and effetive.

Enjoy your read? Check out our other content here.