Catalin Cimpanu reports: For more than a week hackers have started scanning the Internet, searching for machines running Oracle WebLogic servers. Scans started after April 17, when Oracle published its quarterly Critical Patch Update (CPU) security advisory. The April 2018 CPU contained a patch for CVE-2018-2628, a vulnerability in the WLS core component of WebLogic,…
Category: Commentaries and Analyses
Equifax has spent $242.7 million on its data breach so far
Larry Dignan reports: Equifax’s first quarter earnings report highlighted expenses due to its September 2017 data breach and how the spending is shifting more toward IT and security. In its first quarter earnings report, Equifax outlined that it spent $45.7 million for the three months ended March 31 on IT and data security. The company…
1 Million US Children Affected by Identity Theft Last Year, Infuriating Study Finds
Dell Cameron reports: It’s never too early to have your identity stolen, unfortunately. More than 1 million children in the United States were affected by identity theft last year, according to a new study highlighting what’s easily the most overlooked demographic impacted by breaches of personally identifiable information. The study, released Tuesday by Javelin Strategy…
Hackers built a ‘master key’ for millions of hotel rooms
Zack Whittaker reports: Security researchers have built a master key that exploits a design flaw in a popular and widely used hotel electronic lock system, allowing unfettered access to every room in the building. The electronic lock system, known as Vision by VingCard and built by Swedish lock manufacturer Assa Abloy, is used in more…
Altaba, Formerly Known as Yahoo!, Charged With Failing to Disclose Massive Cybersecurity Breach; Agrees To Pay $35 Million
From the SEC: The Securities and Exchange Commission today announced that the entity formerly known as Yahoo! Inc. has agreed to pay a $35 million penalty to settle charges that it misled investors by failing to disclose one of the world’s largest data breaches in which hackers stole personal data relating to hundreds of millions…
Seventh Circuit Affirms Dismissal of Schnuck Markets Data Breach Lawsuit
Ashley Miller writes: The United States Court of Appeals for the Seventh Circuit recently affirmed the dismissal of a putative class action brought by financial institutions against Schnuck Markets, Inc., following a data breach impacting Schnuck beginning late 2012. The plaintiffs attempted to assert claims of negligence, negligence per se, various contract claims, and violation…