Kromtech Security says it's found more than 4000 ElastiSearch servers hosting files related to AlinaPOS and JackPOS, both strains of point-of-sale malware.
The BlueBorne vulnerability in Bluetooth (whose discovery Armis Lab announced Tuesday) may have been addressed by both Microsoft and Google in their most recent patches, but estimated rates of susceptibility to attack through this vector are astonishingly high. More than five billion devices worldwide are thought vulnerable.
Equifax has cleared up the confusion over which vulnerability attackers used in their massive theft of the credit bureau's data. It was the earlier Apache Struts vulnerability, CVE-2017-5638, which was patched in April, some two months before Equifax sustained its attack. There's some piling-on in progress. Rival credit bureau Experian complains that Equifax's clumsy disclosures have impeded Experian's ability to ensure the security of the data it holds. And there's been unseemly Schadenfreude over Equifax's choice of passwords for admin accounts (username "admin," password, "admin," too).
SAP, Adobe, and Google all joined Microsoft in patching this week.
In industry news, AppGuard announces that it's closed a $30 million round of Series B funding. Silent Circle is buying Kesala, and Thales announces its purchase of Guavus. Brocade's acquisition by Broadcom is proving rocky for employees, reports indicate.
And the US Department of Homeland Security has issued a binding order telling all US Government agencies to stop using Kaspersky software within the next ninety days. The DHS judgment is that Kaspersky is too close to the FSB to be worth the security risk.