A roundup of the top news stories in information security this week, including a massive data breach impacting up to 148 million Americans, a vulnerability affecting 465,000 pacemakers, and researchers uncovering a new cyber threat campaign targeting critical infrastructure.


Equifax

DATA BREACH

Equifax Suffers Massive Security Breach Impacting 143 Million

One of the three nationwide credit-reporting agencies has experienced a data breach that has impacted up to 143 million Americans. Equifax says that the incident has resulted in 209,000 compromised credit card numbers, in addition to “personal identifying information” on about 182,000 U.S. customers. Attackers “exploited a U.S. website application vulnerability to gain access to certain files,” the company said.

Click here for full article.

 


Pacemaker

VULNERABILITY

FDA Issues Alerts on Pacemaker Vulnerability Affecting 465,000

The FDA and Homeland Security have issued alerts regarding vulnerabilities in 465,000 Abbott pacemakers. There is a firmware update that addresses the bug and only takes roughly three minutes to complete, although a small percentage of users may experience a “complete loss of device functionality,” according to the FDA alert. The patch covers St. Jude Medical’s pacemakers.

 

Click here for full article.



Dragonfly

CYBER THREAT

New Hacking Campaign Targets Critical Infrastructure

A new hacking campaign dubbed Dragonfly has been discovered by security researchers at Symantec. Active since 2014, the threat effort has been collecting information about its targets and systems for years, first focusing on pharmaceutical firms, but now targeting industrial control systems field devices. The latest version of Dragonfly bides its time, waiting eleven days before installing a backdoor on compromised machines.

Click here for full article.

 



EU Flag
REGULATIONS

EU Aims to Bolster Cybersecurity Efforts Through Increased Spending, Regulations

The European Commission is ready to increase spending, as well as diplomacy, to bolster their cybersecurity efforts. Later this month the Commission will be announcing its proposals in a report. A copy of the report was obtained by Reuters this week. Losses tied to cybercrime in the EU have increased fivefold between 2013 and 2017 and is expected to rise another four times by 2019.

Click here for full article.




Voting Machine

ELECTION HACKING

Voting Software Flaw That Could Impact German Elections

The European hacker association known as the Chaos Computer Club (CCC) is claiming in a new report that the software used to calculate and transmit vote totals in Germany’s upcoming elections contain serious vulnerabilities. If leveraged, the Germany-based CCC believes that attackers could affect the outcomes and undermine voter confidence.

Click here for full article.

 



Equifax Response

BREACH RESPONSE

Equifax’s Breach Response Goes Awry

After disclosing that it had suffered a data breach earlier this week, Equifax has faced challenges in responding to the incident that impacted more than 143 million Americans. The website produced by the company, aimed at providing concerned or affected individuals of the breach with more information may be a stalling tactic, according to cybersecurity journalist Brian Krebs.

Click here for full article.

 


 

Turla

CYBERSECURITY

DNC’s Tech Chief Upping Cybersecurity Posture

The Democratic National Committee’s Chief Technology Officer Raffi Krikorian has bolstered the group’s cybersecurity efforts significantly. In an interview with BuzzFeed, Krikorian said that he not only wanted to change the DNC’s culture of cybersecurity but also put “everyone’s guard up,” as it related to security issues and potential threats.

Click here for full article.