MKACyber Intelligence Brief: More on Equifax and Spectre; Certificate Revocations

01 Mar 2018 - Around the Web

Equifax Confirms Breach Was Bigger than Initially Thought

Confirming claims put forth in an earlier Wall Street Journal report, Equifax admitted in a press release today that the blockbuster breach of its networks, which was said to spill the Social Security numbers (SSNs) and other sensitive information of 143 million Americans earlier this year, affected an additional 2.4 million consumers. The additionally breached data is said to include the victims’ names and drivers licenses—but not SSNs.

 

23k SSL Certs to Expire in Certificate Authority Tiff

A long and convoluted disagreement between the certificate authority DigiCert and its reseller Trustico has led to the revocation of more than 23,000 digital certificates. BleepingComputer has a great rundown of the complicated timeline of events, but ZDNet’s version of events is worth reading as well.

Windows to Patch Second Spectre Attack Variant

Windows is offering security updates that will mitigate the affects of a second variant of the now-infamous Spectre attack, according to Ars Technica, whose Peter Bright has written some of the best Spectre and Meltdown analyses on the Internet. However, as of right now, Microsoft is only making these patches available to users who want to download them—as opposed to pushing them out and effectively forcing them on users through their monthly update apparatus. The updates are being posted to Windows Catalog, and Microsoft will continue to offer up new updates for the different varieties of microprocessors as the various vendors’ microcode becomes available.

MKACyber publishes this intelligence brief regularly in an effort to keep cybersecurity professionals up-to-date on the news and research that matters.

Transform Your Siloed Security Operations into a Holistic Security Operations Program

Get in Touch Group