Attacks/Breaches

9/10/2018
03:30 PM
50%
50%

GAO Says Equifax Missed Flaws, Intrusion in Massive Breach

A report from the Government Accountability Office details the issues found and opportunities missed in the huge 2017 Equifax data breach.

The 2017 Equifax breach involved at least 9,000 queries to 51 databases over a period of 76 days, according to a report on the attack issued by the Government Accountability Office (GAO). The report details the mechanisms used by the attackers to gain access and exfiltrate personal information of approximately 145 million individuals in the US, Canada, and the UK.

Attackers began scanning Equifax's systems for a vulnerability in Apache Struts within two days of the vulnerability's public disclosure. While they quickly found the flaw, Equifax's own systems not only failed to find the vulnerability, they failed to spot the intrusion for weeks following its initial success.

The attackers were careful to take data out of the databases in small chunks to avoid detection, using an outdated certificate in a dispute-resolution server to encrypt the exfiltrated data and avoid tripping packet-inspecting security components.

According to the report, there were a number of different issues at Equifax, each contributing to the possibility and severity of the breach. The security issues ranged from bad network architecture to a failure to establish limits on the number of database queries possible from a single address.

The report notes that Equifax has publicly reported that it has remediated all the issues associated with the breach. The company has not detailed those remediation steps, and the GAO has not independently verified or assessed the remediation.

For more, read here.

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jimmy04
50%
50%
jimmy04,
User Rank: Apprentice
9/13/2018 | 4:13:38 AM
Good one
You are doing an amazing job. 
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: When they asked me to do a pen test, I wasn't thinking of this!
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17182
PUBLISHED: 2018-09-19
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations...
CVE-2018-17144
PUBLISHED: 2018-09-19
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
CVE-2017-3912
PUBLISHED: 2018-09-18
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
CVE-2018-6690
PUBLISHED: 2018-09-18
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...