Boulevard News

Latest News from Security Boulevard

Like Equifax, Thousands of Companies Use Vulnerable Apache Struts Versions

U.S. credit monitoring bureau Equifax has been heavily criticized for its failure to patch a known critical vulnerability in the Apache Struts web development framework, an oversight that led to a massive data breach affecting 143 million people. A new report shows that poor patch management practices are common in enterprise environments and that...

Another Cloud Storage Leak Exposes Verizon IT Files

Security researchers have found yet another Amazon S3 storage container with sensitive data that was publicly accessible to anyone on the internet. The S3 bucket contained around 100MB of data, including internal files, usernames, passwords and email messages from U.S. telecommunications provider Verizon Wireless. Many of the files were associated with an internal middleware...

Read More

CCleaner Supply Chain Attack Targeted Technology Companies

New evidence shows the hackers who infected the installers for the popular CCleaner system optimization tool were primarily targeting the program’s business users. There are also links between the malware code and a well-known Chinese cyber-espionage group. The malware-infected installers for 32-bit versions of CCleaner and CCleaner Cloud released in August were installed on...

Read More

Attackers Use Undocumented Word Feature to Fingerprint Victims’ Software

Attackers are taking advantage of an undocumented feature in Microsoft Word to gather information about potential victims by using seemingly harmless documents that have no active code embedded in them. The technique was discovered by researchers from Kaspersky Lab in OLE2-formatted documents distributed as attachments to spearphishing emails. The files abused a feature called...

Read More

Equifax Story Roundup: Separating Fact from Fog, how to protect yourself

  The “unthinkable” happened when Equifax, one of the three credit reporting agencies in the U.S., announced that attackers had breached its systems and potentially gained access to the files of 143 million consumers. According to Equifax, the culprits made off with names, Social Security numbers, birth dates, addresses, some driver’s license numbers, as...

Read More

Hackers Steal More Than 3TB of Data from Vevo

A group of hackers called OurMine has leaked 3.12TB of files belonging to video-hosting service Vevo. The files were obtained after hackers compromised an employee’s account on Okta, a single sign-on service used by Vevo’s staff to access business applications, Gizmodo reports. The company confirmed to Gizmodo that it is investigating a data breach...

Read More

Equifax Confirms Hackers Broke In Through Apache Struts Flaw

U.S. credit reporting bureau Equifax confirmed Wednesday that the theft of personal information of more than 143 million consumers from its systems in May was the result of a vulnerability in the Apache Struts framework. The culprit was not the critical Struts REST plugin vulnerability patched recently, as some unsubstantiated reports suggested over the...

Read More

Insecure Elasticsearch Nodes Host Malware Command-and-Control Servers

More than 4,000 misconfigured Elasticsearch nodes, most of them running on Amazon Web Services’ platform, have been hijacked by attackers to host malware command-and-control servers. The compromised nodes were discovered by researchers from security firm Kromtech Alliance, who were researching Elasticsearch servers that had been configured by their owners to be publicly accessible without...

Read More

BlueBorne Attack Can Compromise Bluetooth-Enabled Devices

Phones, tablets, smart watches, computers, TVs, medical devices, wearables and other internet-of-things devices could be in danger of getting hacked because of vulnerabilities in the Bluetooth implementations of major operating systems. The attack vector has been dubbed BlueBorne. Researchers from an IoT security firm called Armis have found critical vulnerabilities in the Bluetooth stacks...

Read More

Equifax Rated ‘F’ in Application Security Before Breach

One of the biggest data security and privacy nightmares became real for millions of Americans last week as news broke that Equifax, one of the three major credit reporting agencies in the United States, made it public that attackers had successfully broken into its systems and potentially gained access to the personal information of...

Read More