The credit company catastrophe - This week in cybersecurity
The SEC revealed that hackers accessed its corporate disclosure database and may have illegally profited by trading on the insider information stolen, reports Reuters. The hackers exploited a software glitch in the test filing component of the system to gain access to non-public information. Although the SEC “promptly” patched the vulnerability after detecting it in 2016, the regulator only became aware last month that the glitch “may have provided the basis for illicit gain through trading”, it said. Read more.
Despite its rival, Equifax, being the news for a horrible data breach, Experian has now exposed its own poor security practices. KrebsOnSecurity reports that Experian allows anyone to request the PIN number needed to unlock a consumer credit file that was previously frozen at Experian. Read more.
According to The New York Times, Nick Sweeting, a software engineer, created an imitation of equifaxsecurity2017 (dot) com, Equifax’s page about its massive security breach. Several posts from the company’s Twitter account directed consumers to Sweeting’s version, securityequifax2017 (dot) com. They were deleted after the mistake was publicized. Read more.
FedEx acquired Dutch shipper TNT Express last year for $4.8 billion, well before the NotPetya ransomware ran wild on TNT's systems, disrupting much of its shipping operation. According to FedEx, even though its services and critical systems have been restored, "TNT Express volume, revenue and profit still remain below previous levels." Read more.
Iran is building up its cyber capabilities and the emergence of a group of hackers, dubbed APT33, has given rise to concerns the nation's cyberwarfare units are looking to launch destructive attacks on critical infrastructure, energy and military bodies, reports Forbes. Read more.
Malware that piggybacked on CCleaner, a popular free software tool for optimizing system performance on PCs, appears to have specifically targeted high-profile technology companies and may have been an attempt to harvest IP — perhaps for commercial or state-level espionage, reports TechCrunch. Read more.
There's a bug in the widely used Apache Web Server that causes servers to leak pieces of arbitrary memory in a way that could expose passwords or other secrets, reports Ars Technica. Read more.