Capping a week of incompetence, failures, and general shady behavior in responding to its massive data breach, Equifax has confirmed that attackers entered its system in mid-May through a web application vulnerability that had a patch available in March. In other words, the credit-reporting giant had more than two months to take precautions that would have defended the personal data of 143 million people from being exposed. It didn’t.
A user’s account on a website is like a house. The password is the key, and logging in is like walking through the front door. When a user can’t remember their password, it’s like losing their keys. When a user’s account is hacked, it’s like their house is getting broken into.
Let’s Encrypt has announced that its free security certificates are now trusted by all major browsers, bringing the organization’s mission to offer free HTTPS encryption to all sites one step closer to reality.
A Chinese state agency that threatened retaliation after the United States obtained indictments of five People’s Liberation Army officers on charges of cyberespionage announced plans on Thursday for tighter checks on Internet technology companies that do business in China.
CISPA, the controversial cybersecurity bill passed by the House last week, appears to be dead in the Senate. It’s deja vu all over again for the measure, which would authorize private companies to share your email, texts and other personal information with federal agencies without a warrant or other privacy protections. Last year, CISPA also cleared the House but foundered in the Senate.
Whether you were hacked, phished, had malware installed or just don’t know what the heck happened but there’s somebody all up in your e-mail, here are a few good first steps to take following an incident. This is by no means comprehensive, but it’s a good start.
On Saturday, Microsoft published a security advisory warning users of Internet Explorer 6, 7, and 8 that they could be vulnerable to remote code execution hacks. The company said that users of IE 9 and 10 were not susceptible to similar attacks and recommended that anyone using the older browsers upgrade. Still, customers who still run Windows XP can not upgrade to IE 9 and 10 without upgrading their OS.