Equifax Suffered Earlier Breach in March
Equifax suffered another breach of its systems, back in March, the company revealed Monday. Source: https://threatpost.com
Privacy
Risks Limited With Latest Apache Bug, Optionsbleed
The risks surrounding the latest Apache bug, called Optionsbleed, are limited given it can only be attacked under certain conditions. Apache, and many Linux distributions, have patched the flaw. Source: www.threatpost.com
Attackers Use Undocumented MS Office Feature to Leak System Profile Data
An undocumented Microsoft Office feature allows for spying via specially crafted Word documents—no macros, exploits or any other active content needed. Source: www.threatpost.com
200K WordPress Sites Exposed to Rogue Version of ‘Display Widgets’
A rogue version of the WordPress plugin called “Display Widget” allowed third-parties to injecting spam advertising content into victims’ sites. Source: https://threatpost.com
Equifax Confirms March Struts Vulnerability Behind Breach
Equifax divulged on Wednesday that the culprit behind this summer’s breach of 143 million Americans was an Apache Struts vulnerability, CVE-2017-5638, patched back in March. Source: https://threatpost.com
Firm offers up to $1 million for Tor zero-day exploits – but who will they sell them to?
A company is offering up to one million dollars in bounties for anyone who finds and reports exploitable zero-day flaws in the Tor Browser. David Bisson reports. Source: https://www.grahamcluley.com
How to protect yourself in the wake of the Equifax data breach
David Bisson describes some of the ways you can protect yourself against identity thieves following the hack of Equifax. Source: https://www.grahamcluley.com
Wireless ‘BlueBorne’ Attacks Target Billions of Bluetooth Devices
Bluetooth attack vector, dubbed ‘BlueBorne’, leaves billions of smart Bluetooth devices open to attack including Android and Apple phones and millions more Linux-based smart devices. Source: www.threatpost.com
Up to 44 million UK consumers may have had their identity put at risk after Equifax hack
And don’t imagine for a second that because you may have never heard of Equifax, or done no business with them, that you have somehow escaped from being affected by this breach. Read more in my article on the Hot for Security blog. Source: https://www.grahamcluley.com
Apache Foundation Refutes Involvement in Equifax Breach
The Vice President of the Apache Struts PMC says the attackers likely used an unknown Struts zero day or an earlier announced vulnerability. Source: https://threatpost.com