This Week in Getting Hacked: Equifax Edition

Welcome back to ‘This Week in Getting Hacked’—the world’s greatest cybersecurity-related link dump! Each week, we bring you the best news stories from the cybersecurity field, letting you know who’s getting hacked, who’s hacking, what data is leaking, and about what you should take with caution. So strap in, change your password, and let’s find out who’s getting hacked this week!
On to the links…
Hey let’s get right into this Equifax stuff, because, y’know, it’s terrible. If you’re unaware, credit reporting/identity theft prevention company Equifax had a TON of data stolen, and not just regular ol’ data; we’re talking the IMPORTANT KIND OF DATA. 143 million users’ worth of data.

So how did this all happen? Somebody forgot to install a security patch. I mean, c’mon…stay up on your updates. That’s like the first thing, right? Anyways, there was a Web application vulnerability called Apache Struts that allowed hackers to gain access to user data.
This vulnerability was reported on back in March 2017, and a patch was released shortly thereafter, but unfortunately, Equifax didn’t update their Web applications until it was too late. Like, way too late. Like, 3 months later.

Granted, installing the patch, updating the systems, rebuilding the applications, and testing them is pretty intensive and time-consuming, but also, you’re a giant corporation with incredibly sensitive data, so maybe make it a priority.

In addition to the sensitive credit reporting data that hackers stole from Equifax, they also stole data for 200,000 credit cards from old transactions kept on file since before November 2016. Go big or go home, apparently.

So you’d think with all these mistakes, that Equifax would be on both knees asking for forgiveness and doing everything possible to assuage their customers’ fears. Well, you’d be wrong, as customer support has been sending victims of the breach to a fake phishing site.

If you’ve been using CCleaner to remove junk files from your computer, you should probably follow that up by using an antivirus scan, as CCleaner was hacked and replaced with malicious malware allowing hackers to take control of a users computer.

Piriform Ltd, the company behind CCleaner and Avast antivirus, quickly quarantined the threat before it spread and alerted potential victims to update their software.

The US Government has banned the use of Russian-based Kaspersky Software on government machines because of that whole “Russia might be actively hacking our government to unravel democracy” thing.

Apple has been giving the finger to government agencies over their security and privacy protocols for a little while now, and now they’re setting their sites on the commercial sector by not allowing user-tracking advertising cookies on the new iOS11 software. Take that, advertisers!
 

That’s it for this week! See you next time and definitely don’t click on any weird links.