Equifax hack could affect half the population of the US

By Shane Curtis

The credit reporting agency, Equifax, has revealed that they suffered a huge cyberattack that could affect up 143 million Americans.

The hackers gained access to sensitive personal data, including social security numbers, birth dates and addresses of nearly half the population of the US.

The company released a statement on their website saying: “Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017.”

Equifax confirmed that the breach occurred on September 7, but has so far refused to disclose why it waited six weeks before disclosing the cyberattack.

In addition to gaining access to personal data, the cybersecurity breach also exposed 209,000 credit card numbers that also includes customers from Canada and the United Kingdom.

Equifax is one of the largest credit reporting agencies in the US and analyze financial data records that cover a wide range of consumers from around the world. They often get this information from credit card companies, banks and lenders. They then use this data to determine a person’s credit score.

In a video posted on their website, Rick Smith, Chairman and CEO of Equifax, said, “This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes.”

The Atlanta-based company also announced that they will be contacting all those affected by mail and have set up a website, equifaxsecurity2017.com, and a dedicated call center to deal with consumer concerns.

While the numbers possibly affected is staggering, it’s still dwarfed by the data breach suffered by Yahoo when more than 1 billion users’ accounts were breached throughout the world.

In further developments, Bloomberg News reported that three senior executives – Chief Financial Officer John W. Gamble; Joseph M. Loughran III, the president of U.S. information solutions; and Rodolfo O. Ploder, the president of workforce solutions – sold shares worth almost $1.8 million shortly after Equifax discovered the security breach.

The company did confirm that the trio had no knowledge of the incident before they sold their shares.

Equifax shares fell 13% after news of the cyberattack was announced.

https://www.welivesecurity.com/2017/09/08/equifax-hack-half-us-population-affected/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29

Critical security flaw leaves Fortune 100 firms vulnerable

By Shane Curtis

 

Fortune 100 companies could be open to hackers after a security vulnerability was discovered in widely used server software, security researchers have said.

The discovered weakness would allow hackers to remotely run code on servers that utilize the REST plugin from Apache Struts, and it is reported that all versions since 2008 are affected.

Due to the vulnerability, hackers could easily take control of an affected server that uses the popular Java MVC framework, effectively leaving highly sensitive data at the mercy of would-be cybercriminals.

The issue is estimated to affect 65% of Fortune 100 companies including organizations such as Citigroup, Vodafone, Virgin Atlantic, along with several US governmental websites such as the Internal Revenue Service (IRS) and Department of Motor Vehicles.

According to the researchers the risk is so high because the framework used is to design and build “publicly-accessible web applications.”

One of the security researchers who discovered the vulnerability, Man Yue Mo, outlined the severity of the issue: “Struts is used in several airline booking systems as well as a number of financial institutions who use it in internet banking applications. On top of that, it is incredibly easy for an attacker to exploit this weakness: all you need is a web browser.”

Struts released a full patch on Tuesday that they say will fix the vulnerability and are urging users to upgrade to the latest version – 2.5.13. – immediately. The company has identified the patch as critical with the upgrade able to deal with “Possible Remote Code Execution attack when using the Struts REST plugin with XStream handler to handle XML payloads.”

The researchers developed an exploit but have not released it in order to give companies using the software time to patch their systems. It is currently not known if any companies have been affected by the security vulnerability.

https://www.welivesecurity.com/2017/09/06/security-vulnerability-leaves-fortune-100-firms-vulnerable/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29

Chinese cryptocurrency crackdown

By Shane Curtis 

China banned the raising of funds using token-based digital currencies and deemed the practice illegal on Monday, in a move seen as an attempt to impose more regulations on the virtual market.

The move by the Chinese government was reported by Chinese financial news outlet Yicai, and comes as the initial coin offerings (ICO) market has seen $2.16 billion, added this year alone, to the total global value of $2.32 billion.

ICOs have exploded in popularity among digital cryptocurrency magnates around the world, creating a bubble that some fear will eventually bust.

The news of the Chinese cryptocurrency crackdown saw a drop in trading with almost 20% knocked of the value of some digital currency vendors when the news first broke.

A joint statement from the People’s Bank of China (PBOC), China Securities Regulatory Commission, China Banking Regulatory Commission and China Insurance Regulatory Commission released on Monday, said that individuals and organizations that have raised funds using ICOs should arrange to return the funds.

The statement also declared that any attempt to raise funds through ICO activity was now banned. This ban also applies to banks and other financial institutions operating in the country.

The news of the Chinese crackdown comes on the back of reports that hacks on cryptocurrency exchanges has increased over the last few months.

In June there were multiple cyberattacks on major cryptocurrency exchanges when Bitfinex, the largest US dollar-based bitcoin exchange, and the smaller BTC-e, fell victim to DDoS attacks. This was followed in July when hackers successfully stole user data and money from Bithumb, which is one of the biggest cryptocurrency exchanges in operation today, with phishing attacks.

Bithumb confirmed that the breach affected around 3% of the site’s customers and was a result of an attack on the personal computer of an employee — not through the company’s internal network system.

These attacks highlight the fact that hackers are actively trying to disrupt and steal from these exchange sites, either through an attack on personal users or through a compromised company network, and is something customers should be conscious of, along with understanding how best to protect themselves.

Whether the move by China can be viewed as a way to remove any possible hacking threats, or if it’s simply a way for them to slow the growth of these cryptocurrency exchanges so they can put stricter regulations in place, remains to be seen.

https://www.welivesecurity.com/2017/09/05/chinese-cryptocurrency-crackdown/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29

Six million Instagram accounts hacked

By Shane Curtis

A hack believed to target only celebrity accounts on Instagram has also accessed millions of users’ private data.

The warning comes just days after singer, Selena Gomez, appeared to be one of the first celebrity accounts to have been compromised, after hackers used a bug in the application programming interface (API), to access phone numbers and email addresses.

Originally believed to have focused solely on gaining access to A-lister accounts, it was revealed that almost six million Instagram accounts might also had private information stolen.

The news that ‘regular’ accounts were targeted is a further concern for the social media giant after they had assured everyone on August 30 that it was only celebs that were targeted.

The hackers, who are calling themselves Doxagram, have created an online database on the dark web that is accessible for cybercriminals. The group claim that “it is only $10 (price of two cups of coffee) for celebrity contact info”.

This news prompted Instagram CTO, Mike Krieger, to release a statement confirming the scale of the breach: “We care deeply about the safety and security of the Instagram community, so we want to let you know that we recently discovered a bug on Instagram that could be used to access some people’s email address and phone number even if they were not public”.

Instagram had originally claimed that only a “low percentage” of accounts were affected but the hackers quickly refuted this claim, forcing the Facebook-owned company to advice users how to protect themselves from such an attack. “Additionally, we’re encouraging you to report any unusual activity through our reporting tools,” Instagram said.

It is believed that an official account for the President of the United States of America, run by the White House social media team, was also among the six million Instagram accounts affected by the hack.

That’s not the first time Instagram is in the news for security issues, last time though it was used by cybercriminals to build URL paths for C&C administration but there was no hack and probably did not impact upon millions of users like this attack.

https://www.welivesecurity.com/2017/09/04/six-million-instagram-accounts-hacked/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29

WikiLeaks suffers defacement at the hands of OurMine group

By Shane Curtis

WikiLeaks’ whistleblowing website suffered an attack from the group known as OurMine on Thursday, when Julian Assange’s data-leaking site found itself on the receiving end of a ‘hack’.

The incident took the form of a defacement of WikiLeaks.org and meant that visitors to the site were redirected (using a technique known as DNS poisoning) to a page created by OurMine with a messages that said: “Hi, it’s OurMine (Security Group), don’t worry we are just testing your…. blablablab, oh wait, this is not a security test! Wikileaks, remember when you challenged us to hack you?”

The group, who have been in the spotlight recently, said they were responding to a challenge from WikiLeaks asking them to attempt to hack them.

For a short-lived period on Thursday morning, they attacked the DNS servers, so that browsers showed the WikiLeaks homepage as controlled by OurMine.

Not content with directing their message to WikiLeaks, they also addressed the hacktivist group, Anonymous: “Anonymous, remember when you tried to dox us with fake information for attacking wikileaks [sic]?”, the message stated. “There we go! One group beat you all! #WikileaksHack lets get it trending on twitter [sic]!”

Despite the defacement action it remains unlikely that the WikiLeaks servers were compromised by OurMine.

The group has been in the spotlight recently following attacks on the official social media accounts of HBO, Sony PlayStation and football giants, Real Madrid and FC Barcelona.

As of yet there is no evidence that the group stole any important personal data or caused any lasting damage – apart from the embarrassment of the companies impacted.

The high-profile attacks have raised considerable attention for the group though and have followed a template of using previously used passwords that came to light following data breaches.

This is usually followed with what appears to be a sales pitch pointing out that the security of the site that they took control of is subpar and to contact them if they want to upgrade.

WikiLeaks has not released any official statement regarding the incident with OurMine.

https://www.welivesecurity.com/2017/09/01/wikileaks-suffer-defacement-ourmine-group/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29