Another Cloud Storage Leak Exposes Verizon IT Files

Security researchers have found yet another Amazon S3 storage container with sensitive data that was publicly accessible to anyone on the internet. The S3 bucket contained around 100MB of data, including internal files, usernames, passwords and email messages from U.S. telecommunications provider Verizon Wireless. Many of the files were associated with an internal middleware application
Read more

Like Equifax, Thousands of Companies Use Vulnerable Apache Struts Versions

U.S. credit monitoring bureau Equifax has been heavily criticized for its failure to patch a known critical vulnerability in the Apache Struts web development framework, an oversight that led to a massive data breach affecting 143 million people. A new report shows that poor patch management practices are common in enterprise environments and that Equifax
Read more

Russian Criminal Monetized Identity Theft for $50 Million

With the plethora of data breaches that have occurred over the past five years reaching a crescendo with the Equifax breach, it should surprise no one that a criminal’s end goal is the use of identity theft to effect monetization. Yes, each piece of personal identifying data, financial data or medical information on an individual
Read more

Attackers Use Undocumented Word Feature to Fingerprint Victims’ Software

Attackers are taking advantage of an undocumented feature in Microsoft Word to gather information about potential victims by using seemingly harmless documents that have no active code embedded in them. The technique was discovered by researchers from Kaspersky Lab in OLE2-formatted documents distributed as attachments to spearphishing emails. The files abused a feature called INCLUDEPICTURE
Read more

The EU’s Looming GDPR Privacy Regulation Should Be Scaring You

If your company does business in any of the 28 member countries of the European Union, privacy is about to become a fierce preoccupation for the C-suite, thanks to the EU’s forthcoming General Data Protection Regulation (GDPR). According to a recent Trend Micro survey, 79 percent of business leaders who have read the requirements of
Read more

Equifax Story Roundup: Separating Fact from Fog, how to protect yourself

  The “unthinkable” happened when Equifax, one of the three credit reporting agencies in the U.S., announced that attackers had breached its systems and potentially gained access to the files of 143 million consumers. According to Equifax, the culprits made off with names, Social Security numbers, birth dates, addresses, some driver’s license numbers, as well
Read more

Equifax Confirms Hackers Broke In Through Apache Struts Flaw

U.S. credit reporting bureau Equifax confirmed Wednesday that the theft of personal information of more than 143 million consumers from its systems in May was the result of a vulnerability in the Apache Struts framework. The culprit was not the critical Struts REST plugin vulnerability patched recently, as some unsubstantiated reports suggested over the past
Read more
Page 1 of 212