From DZone.com Feed: Struts2 Vulnerabilities: Who Is Responsible? (Video and Podcast)

Update: This article was originally published on September 14, 2017. The same day, Kevin McGrail published an article on LinkedIn, Act II: Equifax tries and fails to throw Apache Struts under the Bus, where he, too, talks about how commercial compani…

Read more

From VentureBeat: Twitter removed 299,649 accounts tied to terrorism in the first half of 2017

(Reuters) — Twitter Inc said that its internal controls were allowing it to weed out accounts being used for the “promotion of terrorismâ€� earlier rather than responding to government requests to close them down. U.S. and European governments have been pressuring social media companies including Twitter, Facebook Inc, and Alphabet Inc’s Google to fight harder […]

Read more

From BGR: Report: Discovery of an earlier Equifax hack complicates matters even further

Earlier this month, credit reporting agency Equifax informed the public that its computer systems had been breached, exposing the private data of 143 million Americans. But according to a new report from Bloomberg, it wasn’t the first time that Equifax was the victim of a cyber attack in 2017. Unnamed sources tell the publication that Equifax’s systems were also breached in March in a separate, previously undisclosed incident.

The Equifax breach that has been making headlines for the past few weeks is said to have taken place in May and was then discovered by the credit reporting agency in late July. Equifax said in a statement this week that the March hack was unrelated to the May hack, but one source believes that both hacks were perpetrated by the same intruders. As Bloomberg notes, whether or not the hackers were the same or even connected, the earlier hack makes a series of stock sales by Equifax executives look even more suspicious.

Back in March, Equifax hired security firm Mandiant to conduct an investigation into “a security incident involving a payroll-related service.” Equifax then retained Mandiant once again when suspicious activity was detected on July 29th. The timing of the two incidents raises questions about when Equifax executives who subsequently sold off stock knew about the breaches, and whether that affected their decisions.

To that end, ThinkAdvisor reports that the US Department of Justice has opened a criminal investigation to find out if Equifax executive violated insider trading laws when they sold their stock.

Equifax CFO John Gamble, president of U.S. information solutions Joseph Loughran, and president of workforce solutions Rodolfo Ploder are all said to be subjects of the DOJ probe. The three sold off shares worth over $1.8 million in early August, but Equifax maintains that the executives didn’t know about the breach at the time, but there’s no indication that “the transactions were part of pre-scheduled trading plans.”

You can read the full statement from Equifax regarding the March hack below (via Gizmodo):

In response to the Bloomberg story attempting to connect two separate Cybersecurity events and suggesting the earlier event went unreported, Equifax offers the following response.

Earlier this year, during the 2016 tax season, Equifax experienced a security incident involving a payroll-related service. The incident was reported to customers, affected individuals and regulators. This incident was also covered in the media.

The March event reported by Bloomberg is not related to the criminal hacking that was discovered on July 29. Mandiant has investigated both events and found no evidence that these two separate events or the attackers were related. The criminal hacking that was discovered on July 29 did not affect the customer databases hosted by the Equifax business unit that was the subject of the March event.

Read more

From Latest news and stories from BleepingComputer.com: iTerm2 Leaks Everything You Hover in Your Terminal via DNS Requests

iTerm2, a popular Mac application that comes as a replacement for Apple’s official Terminal app, just received a security fix minutes ago for a severe security issue that leaked terminal content via DNS requests. […]

Read more

From BetaNews: Businesses having difficulties filling specialized IT positions

With most organizations now increasingly using a wide variety of software and IT tools to maximize their potential, keeping track of all your various services has never been more important. This importance has been highlighted by new research from CA Technologies showing that those organizations that are able to adopt modern software development practices are seeing overwhelmingly more benefits than those who don’t. In a survey of over 460 senior executives from six European countries including the UK, companies that have adopted a modern, flexible approach to software development were benefitting from a 70 percent higher rate of profit growth, and 50… [Continue Reading]

Read more

From Latest news and stories from BleepingComputer.com: Malware Uses Security Cameras With Infrared Capabilities to Steal Data

Proof-of-concept malware created by a team of Israeli researchers uses the infrared capabilities of modern security cameras as a channel for data exfiltration, but also to receive new commands from its operators. […]

Read more

From TechCrunch: CryptoMove protects sensitive data by fragmenting it and moving it around

 CryptoMove thinks that data encryption is not enough. If you want to protect your data against hackers, the startup is using a new strategy by fragmenting your data, encrypting it and moving it around so that it doesn’t stay still on a server somewhere. CryptoMove is participating in the Startup Battlefield at TechCrunch Disrupt SF. At the same time, CryptoMove doesn’t try to… Read More

Read more

From DZone.com Feed: Boosting Agility With Security by Design

A convergence of digital forces – notably mobile, SaaS, cloud, big data, IoT and social – is creating a massive disruption in the market and pushing businesses to move at much faster speeds. However, with a fixed set of resources and a constrained capacity to deliver on new projects, IT is often accused of holding the business back rather than enabling it.

The resulting IT delivery gap is exacerbated even further when IT resorts to shortcuts that get projects done on time and on budget. While the shortcuts might solve the problem in the short-term, these point-to-point connections create tight dependencies between applications, making any future changes costly and time-consuming. When everything is hardwired together, nothing can move without breaking everything else.

Read more