Security Never Sleeps – Equifax Hack, Google Play Malware

Equifax Confirms Hackers Used Apache Struts Vulnerability to Breach Its Servers

“More details on the major hack”

In an update posted to its security breach website, Equifax announced that hackers used an Apache Struts security bug to breach its servers and later steal data on over 143 million customers, from both the US and the UK. At the time it was discovered, in March 2017, the Apache Struts CVE-2017-5638 vulnerability was a zero-day — a term used to describe security bugs exploited by attackers but which vendors are not aware of or have a patch released. Equifax did not reveal the exact date when the security breach occurred, but only when it became aware of it — July 29, 2017. It is unclear if Equifax was breached before the Struts zero-day became public, or months after Apache made a patch available.

Attackers Can Bypass SKEL Protection in macOS High Sierra

“Malicious kernel extensions allow security evasion”

A new security feature added in macOS High Sierra (10.13) named “Secure Kernel Extension Loading” can be bypassed to allow the loading of malicious kernel extensions. Just like Linux and Windows, macOS allows applications to load third-party kernel extensions whenever they need to perform actions that require access to lower levels of the operating system.

Backdoored Plugin Impacts 200,000 WordPress Sites

“Malware updated in plugin”

Wordfence reports that around 200,000 WordPress websites were impacted after a plugin they were using was updated to include malicious code. Dubbed Display Widgets, the plugin was sold by its original author to a third-party developer on May 19, 2017, for $15,000. Roughly one month after that, the plugin was updated by its new owner and started displaying malicious behavior.

Google Is Fighting One Of The Biggest Ever Android Malware Outbreaks — Up To 21 Million Victims

“More malware!”

Surprising almost no one, another batch of Android malware has found its way onto Google Play. Researchers from Check Point have claimed to have found the second-biggest outbreak to ever hit Google’s platform, with as many as 21.1 million infections from one malware family.

Enjoy your read? Check out our other content here.

Leave a Reply

Your email address will not be published.