A weekly rollup of everything in the news relating to cyber security. Check in every week for breaking news in the cyber security spectrum.
Equifax Blames Apache Struts
First on this week's cybersecurity update from ZDNet.
This is a follow up to last week's Equifax breach, where 143 million people's social security numbers, credit card numbers and driver's license numbers were compromised.
Equifax has come out and said that the breach was caused by an exploit in Apache Struts, which is an open source software use to develop Java web applications. Apache has countered and said that this exploit was actually patched back in March of 2017.
We're not too sure from all the back and forth, but cyber security experts are saying that this is not a zero-day exploit, only because chances are based on the track record of Equifax that they just didn't patch their systems in time.
Just a friendly reminder to always patch your systems and if there is an exploit or zero-day that you haven't gotten a patch for yet or there's no update for, you can always use virtual patching.
Kaspersky Removed From Best Buy
Next on the list is from Reuters.com.
Best Buy stops sales of Kaspersky. Concerns over links between the anti-virus vendor's ties to the Russian government were cited as reasons for Best Buy to discontinue sales of Kaspersky software.
So basically, Congress and the FBI are probing the Russian government's hacks of US security systems and they have influence over one of the most popular anti-virus vendors in the U.S.
I don't know if that's right or wrong. I'll let you decide.
Phishing Scams In Wake of Irma and Harvey
Last on this week's list is from Atlanta Daily Word.
In the wake of Hurricane Irma and Harvey, there has been no shortage of goodwill coming from across the country and the world to help those affected by these huge storms in Houston, Texas and Florida.
A quote from Atlanta Daily News says, "The scam email uses the emblems of both the IRS and the FBI. It tries to entice users to select a "here" link to download a fake FBI questionnaire. Instead, the link downloads is ransomware which prevents users from accessing data stored on their device unless they pay money to the scammers."
So, stay clear of that or anything that does not look reputable; or if it does look reputable, always make sure to hover over the links, make sure it's not linking to something. Even better, if you're not expecting an email from the FBI or the IRS, chances are, it's probably not the FBI or IRS.
That's it for this week's cyber security update. Until next time, stay safe out there.