Cyber Security News Roundup: It Keeps Getting Worse for Equifax
Trouble keeps brewing for Equifax after its breach, including increasing reports of negligence and calls for jail time.
As per usual, we’re going to wrap up this week with a cyber security news roundup, but consider this the Equifax edition. Equifax, as you’re probably well aware, is one of the three major credit monitoring bureaus. It was recently revealed that over 140-million records were compromised after Equifax failed to secure its systems properly.
In the days since the initial news broke, things have only gotten worse.
Equifax Went Months Without Patching its Server
The vulnerability that was used to exploit Equifax was Apache Struts CVE-2017-5638. Apache Struts is an open-source framework for developing Java web applications. This particularly vulnerability was discovered on March 6 of 2017 and patched within a week. Equifax failed to follow up and patch its systems accordingly. Equifax learned of the breach on July 29, over four months after the issue had been patched. As a result of Equifax’s gross negligence, 143 million records – including full names, addresses, social security numbers and other personal identifying information – were exposed. If ever you needed a real life example of why keeping up with security updates and patches is important: this is it.
[Source: CBS]
Equifax Uses “Admin” as Login and Password for Database
Now that everyone’s scrutinizing Equifax’s lax security practices, other disheartening reports are starting to surface about other potential vulnerabilities affecting other areas of Equifax’s digital infrastructure. Case in point, the security firm Hold Security was able to retrieve employee information from one of Equifax’s Argentinian websites after a little guesswork unveiled that Equifax was using the word “admin” as both a login and password to the database. I can hear someone, somewhere, defending the mistake by pointing out that millions of people fail to update passwords and usernames from their default settings all the time. But the rules are a little different when you’re a major credit monitoring service storing information on millions of people. Once again, this is a pretty egregious mistake.
[Source: CNBC]
US Senator: Someone Needs to Go to Jail
A group of 36 US Senators is requesting that federal authorities investigate the sale of around $2-million in Equifax stock after the data breach had occurred. To many, including the Senators, that would be tantamount to insider trading. “If that happened, somebody needs to go to jail,” Senator Heidi Heitkamp, a Democrat on the Senate Banking Committee said. It may all be completely coincidental, but if it’s not then add another black eye to Equifax.
[Source: Reuters]
Your Credit Card Info Isn’t Worth Much
Though it may be a bit deflating to our collective egos, the one good bit of news about the Equifax breach is that our data really isn’t worth all that much. The price for a verified credit card – meaning it has been tested and is still working – is only about 10-20 dollars. Unverified cards sell for even cheaper, sometimes for just cents. For those interested (and that’s entirely a figure of speech, hopefully you’re not interested in anything more than an academic level), you can also purchase full identities – dossiers of personal, financial and geographical information that can facilitate identity theft – for just around ten dollars a pop.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownA Call To Let’s Encrypt: Stop Issuing “PayPal” Certificates
in Industry Lowdown