Equifax has a new problem on its hands: Argentina. Investigators with security consultancy Hold Security discovered that Equifax's Argentina website exposed national identity numbers for at least 14,000 citizens. But the information exposure may be far more extensive.
Equifax has yet to describe how its site was breached, except to blame a vague "U.S. website application vulnerability." But some security experts suspect that an unpatched flaw in Apache Struts, fixed by Apache in March, might have been exploited.
The Singapore arm of AXA Insurance Group says a web application flaw exposed the personal data of thousands of insurance customers to hackers. Experts weigh in on what can be done to prevent such incidents.
A major operation to cleanse websites of digital certificates created under questionable circumstances is underway. Google has issued the orders: Purge digital certificates that were issued by Symantec before June 1, 2016.
It isn't a specific product to be purchased and deployed, but RSA's concept of business-driven security is a new strategy to help improve communication between the operations and risk managers within security organizations. RSA's Ben Smith describes how to start.
Only 38 percent of banking/security leaders have high confidence in their organization's ability to detect and prevent fraud, according to the latest ISMG Faces of Fraud Survey. John Gunn of VASCO Data Security weighs in on how to improve that confidence.
The notion of patching the most critical vulnerabilities is outdated and ineffective thanks to today's black market for exploit kits, says Kevin Flynn of Skybox. Evaluating the exposure and context of holes in your organization is crucial to shoring up defenses, he says.
The Russian cyber espionage group known as Pawn Storm, which has been around since 2004, has shifted gears to focus on cyber propaganda efforts, and security professionals need to be aware of the changing threat, says Ed Cabrera of Trend Micro.
Many organizations are uncertain about the overall effectiveness of their security strategy because they are still in the dark about aspects of their risk posture, says Brian Soldato of NSS Labs. Conducting a few pen tests a year is not enough, he stresses.
The massive Equifax data breach has already led to the filing of more than 30 lawsuits against the data broker - one demanding up to $70 billion in damages. At least five state attorneys general have launched formal investigations, while several Congressional committees have promised hearings.
In the wake of increasing cybersecurity concerns, the government of India wants to leverage indigenously developed security solutions to protect telecom networks. But some security experts say that could prove difficult.
In the wake Equifax saying hackers may have stolen 143 million consumers' personal details, the company is already facing sharp questions over the robustness of its security defenses as well as reports that three executives sold stock after the breach was discovered, but before the news became public.