Kate Fazzini reports: Moody’s has just slashed its rating outlook on Equifax, the first time cybersecurity issues have been cited as the reason for a downgrade. Moody’s lowered Equifax’s outlook from stable to negative on Wednesday, as the credit monitoring company continues to suffer from the massive 2017 breach of consumer data. “We are treating…
Category: Commentaries and Analyses
WannaCry? Hundreds of US schools still haven’t patched servers
Sean Gallagher reports: … cities aren’t the only highly vulnerable targets to be found by would-be attackers. There are hundreds of thousands of Internet-connected Windows systems in the United States that still appear to be vulnerable to an exploit of Microsoft Windows’ Server Message Block version 1 (SMB v. 1) file sharing protocol, despite repeated…
Google says it stored some G Suite passwords in unhashed form for 14 years
Catalin Cimpanu reports: Google today revealed that a bug in an old G Suite tool has resulted in the company storing customer passwords in an unhashed — but encrypted — form for nearly 14 years, between 2005 and 2019. The company said that only G Suite enterprise customers were impacted, but not regular Gmail accounts….
Companies send confusing alerts about data breaches
Isn’t this what I’ve been saying for more than a decade now? Now there’s a study that agrees with me. Laurel Thomas-Michigan reports on a study called, “You `Might’ Be Affected: An Empirical Analysis of Readability and Usability Issues in Data Breach Notifications” by Yixin Zou, Shawn Danino, Kaiwen Sun, Florian Schau. She reports: Building…
MuddyWater Hacking Group Upgrades Arsenal to Avoid Detection
Sergiu Gatlan reports: The MuddyWater threat group has been updating its tactics, techniques, and procedures (TTPs) to include a number of new anti-detection techniques designed to provide remote access to compromised systems while evading detection as part of a new campaign dubbed BlackWater. MuddyWater (also known as SeedWorm and TEMP.Zagros) is an advanced persistent threat (APT) group — or a…
Use of EternalBlue in attacks on the increase despite patch
Bradley Barth reports: Cyber-attacks leveraging the Windows Server Message Block exploit known as EternalBlue have reportedly reached historically high levels over the last few months, even though the vulnerability it affects was patched by Microsoft more than two years ago. In a 17 May blog post, ESET security evangelist Ondrej Kubovic said his company’s telemetry data…