If you aren't yet a Premium subscriber, you missed yesterday's analysis about how the case against Taylor Huddleston and how hard it is to report on the intersection of the law and infosec. Go to our Premium page and sign up, subscription plans start at $10/month with multiple newsletters and corporate plans available. Premium subscribers get an additional Thursday newsletter, usually with a single analysis topic.
We have all been in the embarrassing situation of sending out an email by mistake, hitting “reply all.” Sadly, this was more serious earlier this week when an administrative staffer sent one such message containing more than the personal 20,000 records of US Marines, including truncated social security numbers, bank electronic funds transfer and bank routing numbers and truncated credit card information.
To add insult to injury, Equifax has found an additional 2.4 million U.S. consumers whose partial driver’s license information was stolen, but who were not in the previously identified affected population. The announcement was made on their website. Speaking of Equifax, researchers have discovered a critical remote code execution vulnerability that affects various projects in Pivotal Spring, a web app framework tool. The exploit is similar to what caused the Equifax breach, this time using another tool. Various components of Spring are at issue, and users are urged to upgrade them as soon as possible.
--David Strom, editor of Inside Security