Update: This article was originally published on September 14, 2017. The same day, Kevin McGrail published an article on LinkedIn, Act II: Equifax tries and fails to throw Apache Struts under the Bus, where he, too, talks about how commercial compani…Read more
(Reuters) — Twitter Inc said that its internal controls were allowing it to weed out accounts being used for the â€œpromotion of terrorismâ€� earlier rather than responding to government requests to close them down. U.S. and European governments have been pressuring social media companies including Twitter, Facebook Inc, and Alphabet Incâ€™s Google to fight harder […]Read more
Earlier this month, credit reporting agency Equifax informed the public that its computer systems had been breached, exposing the private data of 143 million Americans. But according to a new report from Bloomberg, it wasn’t the first time that Equifax was the victim of a cyber attack in 2017. Unnamed sources tell the publication that Equifax’s systems were also breached in March in a separate, previously undisclosed incident.
The Equifax breach that has been making headlines for the past few weeks is said to have taken place in May and was then discovered by the credit reporting agency in late July. Equifax said in a statement this week that the March hack was unrelated to the May hack, but one source believes that both hacks were perpetrated by the same intruders. As Bloomberg notes, whether or not the hackers were the same or even connected, the earlier hack makes a series of stock sales by Equifax executives look even more suspicious.
Back in March, Equifax hired security firm Mandiant to conduct an investigation into “a security incident involving a payroll-related service.” Equifax then retained Mandiant once again when suspicious activity was detected on July 29th. The timing of the two incidents raises questions about when Equifax executives who subsequently sold off stock knew about the breaches, and whether that affected their decisions.
To that end, ThinkAdvisor reports that the US Department of Justice has opened a criminal investigation to find out if Equifax executive violated insider trading laws when they sold their stock.
Equifax CFO John Gamble, president of U.S. information solutions Joseph Loughran, and president of workforce solutions Rodolfo Ploder are all said to be subjects of the DOJ probe. The three sold off shares worth over $1.8 million in early August, but Equifax maintains that the executives didn’t know about the breach at the time, but there’s no indication that “the transactions were part of pre-scheduled trading plans.”
You can read the full statement from Equifax regarding the March hack below (via Gizmodo):
In response to the Bloomberg story attempting to connect two separate Cybersecurity events and suggesting the earlier event went unreported, Equifax offers the following response.
Earlier this year, during the 2016 tax season, Equifax experienced a security incident involving a payroll-related service. The incident was reported to customers, affected individuals and regulators. This incident was also covered in the media.
The March event reported by Bloomberg is not related to the criminal hacking that was discovered on July 29. Mandiant has investigated both events and found no evidence that these two separate events or the attackers were related. The criminal hacking that was discovered on July 29 did not affect the customer databases hosted by the Equifax business unit that was the subject of the March event.
This week Padre and Steve discuss what was up with Security Now’s recent audio troubles, more on the Equifax Fiasco, the EFF & Cory Doctorow weigh in on forthcoming browser encrypted media extensions (EME), an emerging browser-based payment stand…Read more
iTerm2, a popular Mac application that comes as a replacement for Apple’s official Terminal app, just received a security fix minutes ago for a severe security issue that leaked terminal content via DNS requests. […]Read more
With most organizations now increasingly using a wide variety of software and IT tools to maximize their potential, keeping track of all your various services has never been more important. This importance has been highlighted by new research from CA Technologies showing that those organizations that are able toÂ adopt modern software development practicesÂ are seeing overwhelmingly more benefits than those who don’t. In a survey of over 460 senior executives from six European countries including the UK, companies that have adopted a modern, flexible approach to software development were benefitting from a 70 percent higher rate of profit growth, and 50… [Continue Reading]Read more
Proof-of-concept malware created by a team of Israeli researchers uses the infrared capabilities of modern security cameras as a channel for data exfiltration, but also to receive new commands from its operators. […]Read more
CryptoMove thinks that data encryption is not enough. If you want to protect your data against hackers, the startup is using a new strategy by fragmenting your data, encrypting it and moving it around so that it doesn’t stay still on a server somewhere. CryptoMove is participating in the Startup Battlefield at TechCrunch Disrupt SF. At the same time, CryptoMove doesn’t try to… Read More
At the United Nations Tuesday, Donald Trump’s incendiary North Korea remarks pushed the word even further from a peaceful outcome.Read more
A convergence of digital forces â€“ notably mobile, SaaS, cloud, big data, IoT and social â€“ is creating a massive disruption in the market and pushing businesses to move at much faster speeds. However, with a fixed set of resources and a constrained capacity to deliver on new projects, IT is often accused of holding the business back rather than enabling it.
The resulting IT delivery gap is exacerbated even further when IT resorts to shortcuts that get projects done on time and on budget. While the shortcuts might solve the problem in the short-term, these point-to-point connections create tight dependencies between applications, making any future changes costly and time-consuming. When everything is hardwired together, nothing can move without breaking everything else.Read more