said on Thursday that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver’s license numbers. The attack on the company represents one of the largest risks to personally sensitive information in recent years, and is the third major cybersecurity threat for the agency since 2015. Equifax, based in Atlanta, is a particularly tempting target for hackers. If identity thieves wanted to hit one place to grab all the data needed to do the most damage, they would go straight to one of the three major credit reporting agencies. “This is about as bad as it gets,” said Pamela Dixon, executive director of the World Privacy Forum, a nonprofit research group. “If you have a credit report, chances are you may be in this breach. The chances are much better than 50 percent. Criminals gained access to certain files in the company’s system from mid-May to July by exploiting a weak point in website software, according to an investigation by Equifax and security consultants. The company said that it discovered the intrusion on July 29 and has since found no evidence of unauthorized activity on its main consumer or commercial credit reporting databases. Yahoo originally claimed that one billion accounts were accessed by hackers. Now it's admitted it was actually three billion. Last year, Yahoo admitted it had been hacked three years previously, leaking account details of one billion of its three billion users, making it one of the biggest breaches of all time. Now, Yahoo has admitted that all three billion accounts were actually accessed. The revelation follows Yahoo's acquisition by Verizon, with an investigation by forensic security experts during the company's integration revealing that all Yahoo user accounts were affected by the hack. One of the world’s “big four” accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients, the Guardian can reveal. Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months. One of the largest private firms in the US, which reported a record $37bn (£27.3bn) revenue last year, Deloitte provides auditing, tax consultancy and high- end cybersecurity advice to some of the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies. The Guardian understands Deloitte clients across all of these sectors had material in the company email system that was breached. The companies include household names as well as US government departments. So far, six of Deloitte’s clients have been told their information was “impacted” by the hack. Deloitte’s internal review into the incident is ongoing. The Guardian understands Deloitte discovered the hack in March this year, but it is believed the attackers may have had access to its systems since October or November 2016. The hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”. The account required only a single password and did not have “two-step“ verification, sources said. Verizon confirmed on Wednesday the personal data of 6 million customers has leaked online. The security issue, uncovered by research from cybersecurity firm UpGuard, was caused by a misconfigured security setting on a cloud server due to "human error." The error made customer phone numbers, names, and some PIN codes publicly available online. PIN codes are used to confirm the identity of people who call for customer service. No loss or theft of customer information occurred, Verizon told CNN Tech. UpGuard -- the same company that discovered leaked voter data in June -- initially said the error could impact up to 14 million accounts. Chris Vickery, a researcher at UpGuard, discovered the Verizon data was exposed by NICE Systems, an Israel-based company Verizon was working with to facilitate customer service calls. The data was collected over the last six months. Vickery alerted Verizon to the leak on June 13. The security hole was closed on June 22. The incident stemmed from NICE security measures that were not set up properly. The company made a security setting public, instead of private, on an Amazon S3 storage server -- a common technology used by businesses to keep data in the cloud. This means Verizon data stored in the cloud was temporarily visible to anyone who had the public link. The creators of media transcoding program HandBrake have issued a statement warning that certain downloads of the installer for the Mac version of the app may contain a Trojan virus. Downloading the app between May 2 (14:30 UTC) and May 6 (11:00 UTC) from the “download.handbrake.fr” mirror means you have a 50- percent chance of being infected with the Trojan. Automatically updated apps (using updater version 1.0 and above), and files downloaded from the primary mirror are unaffected. The attackers replaced the usual HandBrake installer file, titled ‘HandBrake-1.0.7.dmg’, with a version that also contained the Trojan virus, so checking if you have this file on your system and seeing when it was downloaded is the first step to identifying the threat. If you have downloaded the installer during the specified time window, you can check if you’ve inadvertently installed the malware by opening your Mac’s Activity Monitor application and seeing if you have a process called “Activity_agent”. If so, you are infected. UTRECHT - WEDNESDAY APRIL 25, 2018 Equifax Says Cyberattack May Have A�ected 143 Million in the U.S. by NEW YORK TIMES THAT YAHOO DATA BREACH ACTUALLY HIT THREE BILLION ACCOUNTS by WIRED DELOITTE HIT BY CYBER-ATTACK REVEALING CLIENTS’ SECRET EMAILS by THE GUARDIAN Verizon data of 6 million users leaked online by CNNTECH POPULAR VIDEO- ENCODING MAC APP HANDBRAKE COMPROMISED WITH MALWARE by TECHRADAR
agelderblom
tomokusaba
tomu28
zsmb
kuroppe1819
riofujimon
quramy
ivargrimstad
fsubal
seike460
tatamiya
estie
moore
mclloyd
addyosmani
dotmariusz
kastner
ammeep
lara
afnizarnur
sonatard
smashingmag
davidbonilla
matthewcrist
![EXAMPLE EXAMPLE agelderblom@asterix ~/repo/work/first8/presentations/hello-world ±master⚡ » mmvn org.owasp:dependency-check-maven:check [INFO] Scanning](https://files.speakerdeck.com/presentations/a2c70435103b4defab3073c1e8f19ae8/slide_16.jpg){kind=link}
![EXAMPLE EXAMPLE agelderblom@asterix ~/repo/work/first8/presentations/hello-world ±master⚡ » mvn net.nicoulaj.maven.plugins:checksum-maven-plugin:1.6:depend [INFO] Scanning](https://files.speakerdeck.com/presentations/a2c70435103b4defab3073c1e8f19ae8/slide_22.jpg){kind=link}
