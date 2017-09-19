Security: Deloitte, AWS, CCleaner, Equifax, Optionsbleed
-
Source: Deloitte Breach Affected All Company Email, Admin Accounts
Deloitte, one of the world’s “big four” accounting firms, has acknowledged a breach of its internal email systems, British news outlet The Guardian revealed today. Deloitte has sought to downplay the incident, saying it impacted “very few” clients. But according to a source close to the investigation, the breach dates back to at least the fall of 2016, and involves the compromise of all administrator accounts at the company as well as Deloitte’s entire internal email system.
-
Security breach exposes data from half a million vehicle tracking devices
The exposed data, which includes customer credentials, was unearthed through a misconfigured Amazon AWS S3 bucket that was left publically available, and because it wasn't protected by a password, could allow anyone to pinpoint locations visited by customers of the vehicle tracking firm.
-
CCleaner backdoor infecting millions delivered mystery payload to 40 PCs
At least 40 PCs infected by a backdoored version of the CCleaner disk-maintenance utility received an advanced second-stage payload that researchers are still scrambling to understand, officials from CCleaner's parent company said.
-
Will the Equifax Data Breach Finally Spur the Courts (and Lawmakers) to Recognize Data Harms?
This summer 143 million Americans had their most sensitive information breached, including their name, addresses, social security numbers (SSNs), and date of birth. The breach occurred at Equifax, one of the three major credit reporting agencies that conducts the credit checks relied on by many industries, including landlords, car lenders, phone and cable service providers, and banks that offer credits cards, checking accounts and mortgages. Misuse of this information can be financially devastating. Worse still, if a criminal uses stolen information to commit fraud, it can lead to the arrest and even prosecution of an innocent data breach victim.
Given the scope and seriousness of the risk that the Equifax breach poses to innocent people, and the anxiety that these breaches cause, you might assume that legal remedies would be readily available to compensate those affected. You’d be wrong.
While there are already several lawsuits filed against Equifax, the pathway for those cases to provide real help to victims is far from clear. That’s because even as the number and severity of data breaches increases, the law remains too narrowly focused on people who have suffered financial losses directly traceable to a breach.
-
New breach, same lessons
The story of recent breaches at the credit-rating agency Equifax, which may have involved the personal details of nearly 150 million people, has probably just begun, given the confusion that still surrounds events. But it’s brought the security of open source software to the fore yet again, and highlighted the ongoing struggle organizations still have with cybersecurity.
-
Apache "Optionsbleed" vulnerability – what you need to know
-
6 steps to perfecting an open source product strategy
Suppose you have an open source software idea that you want to spread quickly. To gain users, you must make sure your product is both well-made and has all of the right features. You also need to make sure people understand why your project exists and why they should be interested. Although recent trends in "DevOps" highlight the need for operations and development experience to blend together, seeing development, product management, and marketing ideas merge is perhaps even more powerful. This is the way I crafted Ansible in the early days—and I believe it grew quickly because of that focus.
