Select Restaurants Inc. Victim Of A Large Credit Card Breach Through POS Vendor

Select Restaurants Inc., which owns a number of other brands, appears to have suffered a POS malware related breach. POS vendor 24×7 Hospitality Technology notified customers that its system was compromised after being hit with PoSeidon malware, which grabs data of swiped cards.

It will be interesting to see where the liability comes to rest here. A couple of things are in play as Select Restaurants obviously outsources CC processing, however if EMV processing was not enforced or available from the vendor and that would have rendered PoSeidon malware ineffective, the banks may go after the vendor for the cost of card reissuance.

Could be interesting to watch

Brands under Select

 

 

 

San Marcos, Texas Scammed Out Of City Employee W2s

And again with the W2s. This time it was the city of San Marcos that got scammed out of W2s. This impacts every city employee, about 800 of them and was only discovered after city employees found that their taxes had already been filed. As usual this was due to a phishing scam similar to the CEO Fraud emails (a.k.a. Business Email Compromise) which targets money transfers. Unfortunately, when a W2 is lost, it impacts the employee for a long time afterword.

To counter this, you need to train folks that have access to, or work with this sort of data to be very cautious what they send and to whom. When dealing with large amounts of money or sensitive data, it’s a good idea to implement a policy that requires a phone conversation (not recorded call) before sending anything.

 

Star Trek Getting Dragged In To The Ransomware Game

Image from Bleepingcomputer.com

Now this is a just a low blow. A new strain of ransomware called “Kirk” is in the wild. Unlike most strains, this one uses Monero instead of Bitcoin for payment. Once you do pay, it provides a decryptor called “Spock”. The bad news, it doesn’t look like the ransomware can actually do the decryption at this point, so they are effectively dragging poor Spock’s name through the mud. That’s just wrong! It does have a cool ASCI art ransom screen though

The good news? It looks like it’s being spread by passing itself along as a copy of LOIC (Low Orbit Ion Cannon), so if you aren’t dorking around with tools like that, you should be ok.

So help me, if they do something like this based on a Firefly theme, I’m going to hunt them down and smack them up side the melon by myself.

800K vBulletin accounts compromised with SQL injection attack

A hacker claims to have hacked some outdated vBulletin sites, resulting in about 800k accounts being collected. This was done by exploiting a SQL injection flaw in out-of-date vBulletin installs. While the data includes hashed passwords, and probably aren’t for super important stuff, the concern here is password reuse and the ability to use this data to get in to other accounts, or use it to socially engineer the folks on the list.

Imagine getting a phishing email from one of the domains, linking to the hack and asking for a password reset, but sending you to a credential phishing site. This is one scenario where the info could be used to collect reused passwords.

I strongly recommend using a password vault, like Lastpass or something similar to generate and store random passwords for websites. Protect this with a strong passphrase and 2-factor authentication, and you can go far in securing your online accounts.

FWIW, the domains that are claimed to be hacked are:

2ndfloor.org
aippm.com
aosts.net
atheistfoundation.org.au
aussievapers.com
backcountrytalk.earnyourturns.com
barcaforum.com
bdsmfap.com
birdphotographers.net
blacklistedsociety.com
blaze-gaming.net
bleachmyasylum.com
bluepark.co.uk
bluepearl-skins.com
board.uscho.com
breezesysforum.co.uk
callofduty-community.com
calltermination.com
campgroundmaster.com
canwatchco.ca
clan-gameover.com
clubdbsa.org
community.freebord.com
community.playkot.com
darkmills.cc
darkstar-gaming.com
devil-group.com
divxup.com
doublefinish.com
downloadpolitics.com
edmlife.com
eirtakon.com
elluel.net
ewebdiscussion.com
filmleaf.net
fishingboard.net
foilforum.com
forum.atlasti.com
forum.diversitynursing.com
forum.epygi.com
forum.jdmstyletuning.com
forum.pitofwar.com
forum.rompvp.com
forum.zenstudios.com
forums.augi.com
forums.bandainamcogames.com
forums.cashisonline.com
forums.kingsoftherealm.com
forums.mra-racing.org
forums.prowrestling.com
forums.superbetter.com
forums.supertrapp.com
forums.zarafa.com
fpvlab.com
free-dc.org
ftxgames.com
gaijingamers.com
gonegambling.com
gossamerblue.com
greenstandardsltd.com
gtsportstalk.com
hawkeshealth.net
hindudharmaforums.com
italianhax.com
joyheat.com
kirupa.com
koboxingforum.com
leakninja.com
ludoria.net
maiestas.org
marijuanagrowing.com
mernetwork.com
mixbizz.com
mtsboard.com
narc.net
new-smoke.com
nflfans.com
nifgaming.eu
nsxprime.com
ozzmodz.com
pascalgamedevelopment.com
pashnit.com
pathfinder-airsoft.com
pixelentity.com
pixelgoose.com
progressiveears.org
psychonaut.com
rangevideo.com
reasonforums.com
ridetherock.com
righttorebel.net
riseofchampions.com
roaddevils.com
safeskyhacks.com
scenesat.com
sectionseven.net
sedona.com
sledderforums.com
smallblockposse.com
smallworlds.com
spurstalk.com
supermensa.org
swgreckoning.com
systemtools.com
techimo.com
tequila.net
tetongravity.com
texasguntalk.com
the420room.com
thefobl.com
thehousebreakingbible.com
thewalkingdeadgaming.co.uk
torrent-invites.com
tropicalflowersforums.com
tupacfanbase.com
ulfencing.net
va-outdoors.com
vapersforum.com
vigilantgaming.net
vill.ee
vrtalk.com
wildraiderz.com
xboxforum.com
xsyon.com
yojoe.com
zonehacks.com

 

Eddie Bauer sued for failing to prevent data breach by enabling EMV chip readers

Just a reminder to businesses that there can be more cost to a data breach than your own recovery. In this case, Veridian Credit Union is suing Eddie Bauer for the cost of reissuing cards and other costs related to the breach. This is a class action suit, so others are likely to join in the party as well. The premise is that Eddie Bauer failed miserably in their security practices, took too long to notify those impacted and that they also failed to implement EMV chip technology.

It is entirely possible that due to the EMV chip liability shift, effective October of 2015, that they will have a good leg to stand on in the case of this lawsuit, especially if these were charges at POS systems in-store and the customers used an EMV-enabled card, but Eddie Bauer had not implemented EMV readers. That could get pretty expensive for them.

Keep this in mind if you operate a business and have not enable EMV chip processing. It could prove very costly in the long run.

 

Welsh NHS Contractor Loses Data For 1000+ NHS Staff

Data such as names, dates of birth, National Insurance numbers and radiation doses for over a thousand people working for the Welsh NHS was stolen from a private contractor. While the breach was discovered back in October, it was not reported until January. Frankly, long delays like this in reporting is unacceptable. People need to know if their data is exposed so they can protect themselves.

Let this also be a lesson about the importance of 3rd party security and the risk you take when allowing data to be stored/used/collected by contractors or other 3rd parties.

Pre-infected Android Phones Now Available

Don’t have time to go out and find some mobile malware for that new phone of yours? Now you don’t have to! As a bonus, it can be installed with “System” permissions so you can’t get rid of it even if you wanted to! How cool is that? It kind of takes the fun out of poking around seedy internet sites while trying to get infected, but thanks to the supply chain injecting malware in to your pristine ROM, you don’t have to waste any time.

Check Point found that phones by Samsung, Google, Xiaomi, ZTE, Oppo, Vivo, Asus, and Lenovo have been sold with malware such as Loki (advertising) or Slocker (ransomware) already installed. Note, this does not mean that all phones are infected, but rather that somewhere in the supply chain, this has happened. A good reason to only buy from reputable sources and go ahead and run a malware check on any new phone.

 

This is the list of infections spotted so far by Check Point

com.fone.player1 Galaxy Note 2
LG G4
com.lu.compass Galaxy S7
Galaxy S4
com.kandian.hdtogoapp Galaxy Note 4
Galaxy Note 8.0
com.sds.android.ttpod Galaxy Note 2
Xiaomi Mi 4i
com.baycode.mop Galaxy A5
com.kandian.hdtogoapp Galaxy S4
com.iflytek.ringdiyclient ZTE x500
com.android.deketv Galaxy A5
com.changba Galaxy S4
Galaxy Note 3
Galaxy S4
Galaxy Note Edge
Galaxy Note 4
com.example.loader Galaxy Tab S2
com.armorforandroid.security Galaxy Tab 2
com.android.ys.services Oppo N3
vivo X6 plus
com.mobogenie.daemon Galaxy S4
com.google.googlesearch 5 Asus Zenfone 2
LenovoS90
com.skymobi.mopoplay.appstore LenovoS90
com.example.loader OppoR7 plus
com.yongfu.wenjianjiaguanli Xiaomi Redmi
air.fyzb3 Galaxy Note 4
com.ddev.downloader.v2 Galaxy Note 5
com.mojang.minecraftpe Galaxy Note Edge
com.androidhelper.sdk Lenovo A850