equifax   356

« earlier    

New Study Finds Lax Compliance and Employee Error the Major Threats to Data Security
Over the last few weeks, the news media has been widely covering the disastrous cybersecurity breaches at credit report company, Equifax.
Equifax  lax  compliance  data  security  intelligent 
yesterday by Adventure_Web
Take a Lesson from Equifax: Know Who Is Accessing Your Network
Last week, Intelligent ID offered its commentary on the ongoing controversy surrounding the nationwide Equifax security breach – an incident that is widely being considered one of the largest hacks in modern history.
equifax  Activity  Analysis  intelligent 
yesterday by Adventure_Web
GDS - Blog - An Analysis of CVE-2017-5638
An Analysis of CVE-2017-5638 (How Equifax was hacked)
hacking  tweet  equifax 
2 days ago by martin.weber
Equifax Breach: Setting the Record Straight — Krebs on Security
Bloomberg published a story this week citing three unnamed sources who told the publication that Equifax experienced a breach earlier this year which predated the intrusion that the big-three credit bureau announced on Sept. 7. To be clear, this earlier breach at Equifax is not a new finding and has been a matter of public record for months. Furthermore, it was first reported on this Web site in May 2017.
In my initial Sept. 7 story about the Equifax breach affecting more than 140 million Americans, I noted that this was hardly the first time Equifax or another major credit bureau has experienced a breach impacting a significant number of Americans.
breach  credit_report  data  equifax  identity_theft  privacy  security  krebs 
2 days ago by rgl7194
RT : Putting the 'music major CISO' theory of the breach to bed. points out examples of creative p…
Equifax  from twitter
2 days ago by kcarruthers
Massive Equifax hack reportedly started 4 months before it was detected | Ars Technica
Attackers likely spent months escalating their intrusion into Equifax's network.
Hackers behind the massive Equifax data breach began their attack no later than early March, more than four months before company officials discovered the intrusion, according to a report published Wednesday by the Wall Street Journal.
The first evidence of the hackers' "interaction" with the Equifax network occurred on March 10, according to the report, which cited a confidential note that security firm FireEye sent to some Equifax customers. By then, a critical vulnerability in the Apache Struts Web application framework was already under active exploit on the Internet. Equifax officials have said the Struts flaw was the opening that gave attackers an initial hold in the targeted network.
Equifax has said that the breach that exposed sensitive data for as many as 143 million US consumers started on May 13 and lasted until July 30. The company didn't disclose the breach until September 7.
breach  credit_report  data  equifax  identity_theft  privacy  security  hack 
2 days ago by rgl7194
Equifax sends breach victims to fake notification site | Ars Technica
Mixup shows that even company officials can be fooled by look-alike names.
The official Equifax Twitter account encouraged people to visit a knock-off website that mocks the company's security practices instead of the site the company created to warn of a massive data breach. That recent breach exposed personal details for as many as 143 million US consumers.
In a tweet on Tuesday afternoon, an Equifax representative using the name Tim wrote: "Hi! For more information about the product and enrollment, please visit: securityequifax2017.com." The message came in response to a question about free credit monitoring Equifax is offering victims. The site is a knock-off of the official Equifax breach notification site, equifaxsecurity2017.com. A security researcher created the imposter site to demonstrate how easy it is to confuse a legitimate name with a bogus one. The Equifax tweet suggests that even company representatives can be easily fooled. The tweet was deleted late Wednesday morning, more than 18 hours after it went live.
breach  credit_report  data  equifax  identity_theft  privacy  security  URL  scam 
2 days ago by rgl7194
The Equifax Hack - SecureMac
The personal information of 143-million people may have been compromised when the consumer credit reporting agency Equifax was hacked. What do we know about the attack? And what can we do going forward? These are the questions we’re tackling on this week’s Checklist.
On a recent episode of the Checklist, we talked about hacks that affected billions of people. Today, we are talking about a hack that is smaller in number with only 143-million people affected, and yet the ramifications could be bigger than any of those hacks. If you watch local news, national news, or keep track of any blogs, you’ve no doubt heard about the Equifax hack. If you are like me, you got to the part where it says 143-million people affected and you said, “I wonder what’s on TV.” Sometimes numbers get just so big that we can’t get our heads around it. We know a couple of security guys that we can talk to about it, so we are going to do that. To start with, let’s recap exactly what happened and who Equifax is.
breach  credit_report  data  equifax  identity_theft  privacy  security  podcast 
2 days ago by rgl7194
accidentally sent data breach victims to a fake website
Equifax  from twitter_favs
3 days ago by electroponix
Equifax just sent hack victims to a fake phishing site • Mashable
Jack Morse:
<p>Following a data breach of this size, it's not unusual to see websites pop up that mimic official help pages. Typically, the goal of these phishing sites is to trick worried consumers into handing over their personal information. In this case, Equifax created a very real site — https://www.equifaxsecurity2017.com — where people can enter their last name along with the last six digits of their social security number to see if they were affected by the hack. 

Unsurprisingly, someone cloned that site and hosted that copy at a very similar URL: https://securityequifax2017.com. The two sites, one real and one fake, look the same to the casual observer. In fact, they are so easily confused that Equifax itself apparently can't tell the difference. 

<img src="https://i.amz.mshcdn.com/BdHO15BWiBg3uQ9Z49xQ5qzlZgQ=/fit-in/1200x9600/https%3A%2F%2Fblueprint-api-production.s3.amazonaws.com%2Fuploads%2Fcard%2Fimage%2F598202%2Fac26bac4-faeb-455f-83a6-d3893bd9e7a1.png" width="100%" />

If you look closely at the above pictured Twitter exchange, you'll see that someone operating the Equifax account named Tim linked to the fake website. The timestamp on the tweet is from September 19, and the tweet was still up as of the morning of September 20 (it was deleted during the course of writing this story). </p>
equifax  phishing 
3 days ago by charlesarthur

« earlier    

related tags

091617  0917  0day  1password  a  activity  advice  alexholden  also  analysis  announces  apple  argentina  attack  bad  bank  banking  banks  behavior  breach  briankrebs  bug  business  capitalism  card  changes  cio  comp3911  compliance  credit-karma  credit-reporting  credit  credit_cards  credit_report  creditfreeze  creditreport  cybersecurity  dark_web  data  details  digital-ethics  economics  equifax_fail  equifaxhack  equihax  experian  fail  failure  finance  fix  fraud  freeze  gov2.0  government  guide  hack  hacking  head  holdsecurity  how-to  howto  ia  identity-theft  identity  identity_theft  identitytheft  incident  infosec  intelligent  iphone  java  jorgesperanza  krebs  krebsonsecurity  lax  leaks  lifehack  linkedin  lobbying  mauldin  minor  money  monitoring  music  networkedmedia  news  nytimes  of  on  osint  passwords  patch  personal-finance  personaldata  personnel  phishing  podcast  policy  politics  preventable  privacy  reference  regulation  releases  report  resign  sale  scam  sec  security-hacking  security  securitybreach  securitytheatre  sep17  site  sp_issues  stock  struts  struts2  technology  theft  todo  transunion  tranunion  tweet  uk  update  upgrade  url  vulnerability  vulnerable  web  writeup  wtf  | 

Copy this bookmark: