Time for a fresh edition of "learn from how others get breached" focusing on Equifax. The goal is not blame, but rather to highlight specific missteps so others can avoid making the same mistakes. The Equifax breach offers a plethora of takeaways to help organizations better repel attackers.
Who's surprised Chinese military hackers allegedly hacked Equifax? For a foreign power that continues to attempt to amass personal information on its adversaries, targeting a business that gets rich by buying and selling Americans' personal data remains an obvious play.
Four members of China's People's Liberation Army have been indicted for allegedly hacking Equifax in 2017 and stealing the personal data of over 145 million Americans as well as a vast trove of the company's trade secrets and intellectual property, the U.S. Justice Department announced Monday.
The latest edition of the ISMG Security Report offers an analysis of the missteps that led to problems with the app used in this week's Democratic presidential caucuses in Iowa. Also featured: growing privacy concerns about facial recognition and business continuity tips for dealing with the coronavirus.
Facebook scientists have proposed using "radioactive data" watermarks to identify when online images get used to train neural networks. The proposal appears to be aimed at the rise of big data startups, such as Clearview AI, that are scraping publicly available photographs to create facial recognition tools.
British leaders' failure to more quickly choose and pursue a specific path for the nation's 5G rollout meant that ultimately, the decision got made for them, despite many security concerns persisting over the use of Chinese-built telecommunications gear.
Twitter says it has fixed an API problem that would have allowed someone to match phone numbers en masse to corresponding accounts, which could potentially unmask anonymous users. The flaw could have been found and exploited by state-sponsored actors, the social media firm warns.
Scammers are blackmailing users of infidelity-focused dating site Ashley Madison using leaked data from 2015, warns security firm Vade Secure. The sextortion shakedown is a reminder that while data breaches may be a blip for corporate entities, for individual breach victims, the impact may last forever.
The latest edition of the ISMG Security Report discusses the ramifications of the U.K's decision to allow limited use of Huawei's equipment in 5G networks. Plus: Updates on Wawa's stolen card data offered for sale and nascent security threats from social networks and drones.
A long-running marketplace for selling stolen payment card data claims it has 30 million stolen payment cards that experts believe are linked to the breach at Wawa convenience stores late last year. The breach is one of the largest ever involving card-related data.
Bad news on the ransomware front: Victims that choose to pay attackers' ransom demands - in return for the promise of a decryption tool - last quarter paid an average of $84,116, according to Coveware. But gangs wielding Ryuk and Sodinokibi - aka REvil - often demanded much more.
It's a seductive story line: A chat app belonging to Saudi Arabia's crown prince is used to deliver malware to an American billionaire's phone. But a forensic investigation of Amazon CEO Jeff Bezos' phone raises more questions than it answers.
A point-of-sale system vendor that serves U.S. medical and recreational cannabis dispensaries left an unprotected database containing sensitive information about three clients and 30,000 of their customers exposed to the internet, researchers say.