Equifax data breach tied to unpatched Apache Struts vulnerability

Security Digest Information security news and advice from TechTarget's network | September 20, 2017 FEATURED STORY Apache Struts vulnerability blamed for Equifax data breach by Michael Helller, Senior Reporter Equifax has confirmed an unpatched critical Apache Struts vulnerability was exploited in the breach that compromised the personal data of 143 million U.S. citizens. (SearchSecurity.com) Advertisement NEWS   CCleaner malware spread via supply chain attack CCleaner malware was spread to users via an infected software update for close to one month, highlighting the dangers of supply chain attacks and the need for code signing. (SearchSecurity.com)   Equifax breach response deemed insufficient in multiple ways Experts criticized the Equifax breach response as insufficient, given the size and scope of the data loss, and they said the company was likely not prepared for such an incident. (SearchSecurity.com)   Fearmongering around Apple Face ID security announcement As fears grow over government surveillance, the phrase "facial recognition" often triggers a bit of panic in the public, as evidenced by the recent announcement of Apple's Face ID. (SearchSecurity.com)   BlueBorne Bluetooth vulnerabilities affect billions of devices A set of eight Bluetooth vulnerabilities, branded together as BlueBorne, affect billions of devices and could be one of the most dangerous issues, according to experts. (SearchSecurity.com)   DHS banned Kaspersky software from all government systems News roundup: DHS has banned Kaspersky software from use in government systems. Plus, the commonwealth of Virginia decided to do away with touchscreen voting machines, and more. (SearchSecurity.com)   Risk & Repeat: Equifax data breach response called into question In this week's Risk & Repeat podcast, SearchSecurity editors tackle the massive Equifax data breach and how the credit bureau's response to the security incident is creating more problems. (SearchSecurity.com) EXPERT ADVICE   How to balance organizational productivity and enterprise security It's no secret that enterprise security and organizational productivity can often conflict. Peter Sullivan looks at the root causes and how to address the friction. (SearchSecurity.com)   The HTML5 vulnerabilities enterprises need to know Adobe Flash's end of life is coming, but there are some HTML5 vulnerabilities enterprises should be aware of before making the switch. Expert Judith Myerson outlines the risks. (SearchSecurity.com)   How Microsoft SRD uses AI to help developers with security Microsoft SRD is a new cloud service that aims to detect vulnerabilities in software using artificial intelligence. Expert Dave Shackleford explains what that means. (SearchCloudSecurity.com)   Are long URLs better for security than short URLs? Shortened URLs are weak on security and easy for attackers to inject with malware. Expert Judith Myerson discusses how long URLs are more secure, despite the inconvenience. (SearchSecurity.com) About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Security Digest, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget Security Media Group, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2017 TechTarget. All rights reserved.