Exploit This

Security News, Exploits, and Vulnerabilities.

How to Opt Out of Equifax Revealing Your Salary History

A KrebsOnSecurity series on how easy big-three credit bureau Equifax makes it to get detailed salary history data on tens of millions of Americans apparently inspired a deeper dive on the subject by Fast Company, which examined how this Equifax division has been one of the company’s best investments. In this post, I’ll show you how to opt out of yet another Equifax service that makes money at the expense of your privacy.

Payments Giant Verifone Investigating Breach

Credit and debit card payments giant Verifone [NYSE: PAY] is investigating a breach of its corporate computer networks that could impact companies running its point-of-sale solutions, according to multiple sources. Verifone says the extent of the breach was “limited” and that its payment services network was not impacted.

San Jose, Calif.-based Verifone is the largest maker of credit card terminals used in the United States. It sells point-of-sale terminals and services to support the swiping and processing of credit and debit card payments at a variety of businesses, including retailers, taxis, and fuel stations.

On Jan. 23, 2017, Verifone sent an “urgent” email to all company staff and contractors, telling them that they had 24 hours to change all company passwords.

Visa Alert and Update on the Oracle Breach

Credit card industry giant Visa on Friday issued a security alert warning companies using point-of-sale devices made by Oracle’s MICROS retail unit to double-check the machines for malicious software or unusual network activity, and to change passwords on the devices. Visa also published a list of Internet addresses that may have been involved in the Oracle breach and are thought to be closely tied to an Eastern European organized cybercrime gang.

Critical Fixes Issued for Windows, Java, Flash

Microsoft Windows users and those with Adobe Flash Player or Java installed, it’s time to update again! Microsoft released 13 updates to address some three dozen unique security vulnerabilities. Adobe issued security updates for its Flash Player software that plugs at least 22 security holes in the widely-used browser plugin. Meanwhile, Oracle issued an unscheduled security fix for Java, its second security update for Java in as many weeks.

Good Riddance to Oracle’s Java Plugin

Good news: Oracle says the next major version of its Java software will no longer plug directly into the user’s Web browser. This long overdue step should cut down dramatically on the number of computers infected with malicious software via opportunistic, so-called “drive-by” download attacks that exploit outdated Java plugins across countless browsers and multiple operating systems.

Oracle Pushes Java Fix: Patch It or Pitch It

Oracle has shipped an update for its Java software that fixes at least eight critical security holes. If you have an affirmative use for Java, please update to the latest version; if you’re not sure why you have Java installed, it’s high time to remove the program once and for all.

Oracle, LifeLock Settle FTC Deception Charges

The U.S. Federal Trade Commission this past week announced it reached settlements with software giant Oracle and identity protection firm LifeLock over separate charges of allegedly deceiving users and customers. LifeLock agreed to pay $100 million for violating a 2010 promise to cease deceptive advertising practices. Oracle’s legal troubles with the FTC stem from its failure to fully remove older, less secure versions of Java when consumers installed the latest Java software.

Flash, Java Patches Fix Critical Holes

Adobe has issued a patch to fix a zero-day vulnerability in its Flash Player software. Separately, Oracle today released an update to plug more than two-dozen flaws in its Java software. Both programs plug directly into the browser and are highly targeted by malicious software and malefactors. Although Flash and Java are both widely installed, most users could probably ditch each program with little to no inconvenience or regret.

Adobe, MS Push Patches, Oracle Drops Drama

Adobe today pushed another update to seal nearly three dozen security holes in its Flash Player software. Microsoft also released 14 patch bundles, including a large number of fixes for computers running its new Windows 10 operating system. Not to be left out of Patch Tuesday, Oracle’s chief security officer lobbed something of a conversational hand grenade into the security research community, which responded in kind and prompted Oracle to back down.

Adobe, MS, Oracle Push Critical Security Fixes

This being the second Tuesday of the month, it’s officially Patch Tuesday. But it’s not just Windows users who need to update today: Adobe has released fixes for several products, including a Flash Player bundle that patches two vulnerabilities for which exploit code is available online. Separately, Oracle issued a critical patch update that plugs more than two dozen security holes in Java.

%d bloggers like this: