PAtch.png
This week more details on the Equifax data breach surfaced,  including the news that Equifax failed to patch a vulnerability that could have prevented the data breach;  FTC publically investigates the Equifax data breach; 200,000 stolen credit cards were traced to the Equifax data breach as old as 2016, but Equifax denies these accusations.

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

Failure to Patch, Equifax

Equifax confirmed the attackers exploited a web-application vulnerability.

Why is this significant?

          • The web application vulnerability, Apache-Struts that was exploited, had an available patch from March 2017 that could have possibly eliminated the massive data breach.
          • The Equifax data breach is different from other breaches, in that there was a patch that was not implemented causing the breach; it took six weeks to disclose the breach; the amount of sensitive data that jeopardizes victims’ identities for years to come and Equifax’s lax response in assisting their customers post breach.
          • Hopefully, this will prompt legislation to consult with a variety of cyber security professionals that will share their knowledge to assist in developing a cyber security audit plan, that will require companies to protect data efficiently and to enforce with hefty financial consequences, if not followed.

//**enSilo prevents the consequences of data theft/manipulation and our automated platform, updates product automatically, eliminating the need to patch manually //**

Read the full story in The Hacker News

 

FTC Investigates Equifax

The FTC joins the Equifax data breach investigating party.

Why is this significant?


          • Lawmakers and regulators have already begun their investigations. It is very unusual for the FTC to comment on their investigations and they have announced the investigation.
        • FTC Commissioner stated that she is “very concerned” about the size of the breach, as well as Equifax's response.”
          • A member of the U.S. Senate stated “one of the most egregious examples of corporate malfeasance since Enron.” This Senator gave Equifax’s CEO, 5 steps of corporate decency to complete by next week or to step down.

Read the full story in Washington Post

 

Credit Card Alerts

200,000 credit cards were stolen in the wake of the Equifax breach

Why is this significant?

          • There are claims that the credit cards were initially breached in November 2016, but Equifax states that all of the credit cards were stolen in one sweep in May 2017.
          • Visa and Master Card rarely indicate on their data breach alerts to their customers the source of exposure, but their current alert specifically states “Equifax breach”.
              • Sept. 7, Equifax reported the breach and said they discovered the infiltration 6 weeks prior in July 29, 2017. Although, Visa sent alerts to their customers with an alert window of exposure from the Equifax breach was between Nov. 10, 2016-July 6, 2017.  The investigation will indicate which party is accurate.

Read the full story in Krebs On Security