A roundup of the top news stories in information security this week, including a massive data breach impacting up to 148 million Americans, a vulnerability affecting 465,000 pacemakers, and researchers uncovering a new cyber threat campaign targeting critical infrastructure.
DATA BREACH
Equifax Suffers Massive Security Breach Impacting 143 Million
One of the three nationwide credit-reporting agencies has experienced a data breach that has impacted up to 143 million Americans. Equifax says that the incident has resulted in 209,000 compromised credit card numbers, in addition to “personal identifying information” on about 182,000 U.S. customers. Attackers “exploited a U.S. website application vulnerability to gain access to certain files,” the company said.
VULNERABILITY
FDA Issues Alerts on Pacemaker Vulnerability Affecting 465,000
The FDA and Homeland Security have issued alerts regarding vulnerabilities in 465,000 Abbott pacemakers. There is a firmware update that addresses the bug and only takes roughly three minutes to complete, although a small percentage of users may experience a “complete loss of device functionality,” according to the FDA alert. The patch covers St. Jude Medical’s pacemakers.
CYBER THREAT
New Hacking Campaign Targets Critical Infrastructure
A new hacking campaign dubbed Dragonfly has been discovered by security researchers at Symantec. Active since 2014, the threat effort has been collecting information about its targets and systems for years, first focusing on pharmaceutical firms, but now targeting industrial control systems field devices. The latest version of Dragonfly bides its time, waiting eleven days before installing a backdoor on compromised machines.
EU Aims to Bolster Cybersecurity Efforts Through Increased Spending, Regulations
The European Commission is ready to increase spending, as well as diplomacy, to bolster their cybersecurity efforts. Later this month the Commission will be announcing its proposals in a report. A copy of the report was obtained by Reuters this week. Losses tied to cybercrime in the EU have increased fivefold between 2013 and 2017 and is expected to rise another four times by 2019.
ELECTION HACKING
Voting Software Flaw That Could Impact German Elections
The European hacker association known as the Chaos Computer Club (CCC) is claiming in a new report that the software used to calculate and transmit vote totals in Germany’s upcoming elections contain serious vulnerabilities. If leveraged, the Germany-based CCC believes that attackers could affect the outcomes and undermine voter confidence.
BREACH RESPONSE
Equifax’s Breach Response Goes Awry
After disclosing that it had suffered a data breach earlier this week, Equifax has faced challenges in responding to the incident that impacted more than 143 million Americans. The website produced by the company, aimed at providing concerned or affected individuals of the breach with more information may be a stalling tactic, according to cybersecurity journalist Brian Krebs.
CYBERSECURITY
DNC’s Tech Chief Upping Cybersecurity Posture
The Democratic National Committee’s Chief Technology Officer Raffi Krikorian has bolstered the group’s cybersecurity efforts significantly. In an interview with BuzzFeed, Krikorian said that he not only wanted to change the DNC’s culture of cybersecurity but also put “everyone’s guard up,” as it related to security issues and potential threats.