It’s been revealed that a data breach at US retail chain Kmart that compromised card details lasted over a month. The discount department store said that the malware was discovered last week but had been operating since early September. Based on its investigation so far, the company said that it believes credit and debit cards were exposed but that no personal information, PIN numbers, email addresses or social security numbers were accessed.
The incident is the latest in a string of cyber-attacks on American retailers. Last week, restaurant chain Dairy Queen revealed that hackers had stolen names, card numbers and expiration dates of around 600,000 cards across 395 of its restaurants. There have also been huge recent attacks on Home Depot, in which 56 million cards were affected, and on Target, when 40 million cards were compromised in the run-up to Christmas 213.
It’s not thought that the breached information is being used to create counterfeit cards or encumber customers with bills for items that they haven’t bought. Nevertheless, the attack is a reminder and a warning to retailers that the sheer size of their computer networks makes them an attractive target to hackers. By improving detection times, large chains will reduce the damage caused by such breaches and better protect both their customers and their reputation.
AT&T has become the latest multinational company to suffer a data breach after one of its own employees gained access to customer data. The US mobile telecoms giant has started informing around 1,600 customers in Vermont that their personal data was breached in August.
Although this is a smaller incident in comparison to recent cyber-attacks on JPMorgan Chase and iCloud, it is a reminder to IT managers about the dangers of insider data breaches. Whether intentional or not, internal breaches can be equally as damaging as external attacks and IT departments ignore this at their peril. Ensuring that your internal policies and controls are watertight and that employees are educated in data security is just as important as protecting your network from outside cyber-attacks.
Researchers have revealed a potentially serious flaw in WordPress software, that allows hackers to search for abandoned or inactive WordPress sites before mounting phishing attacks aimed at enticing users to install infected updates. Hackers can then quickly hijack the website and direct visitors to deliver malicious content.
WordPress is by far the most popular content management system. Having initially found success as a blogging platform, it is now hugely popular for business websites, operating as either a framework or a hosting service. However, the open-source nature of the system, as well as its popularity among web novices, does make it vulnerable when flaws are found. The report encountered several compromised WordPress websites.
WordPress offers a potentially easy entry point for hackers to introduce malware onto networks. Failing to maintain and update WordPress websites and plugins businesses are leaving themselves susceptible to attack. Businesses should be informing staff to only install updates and plugins from trusted sources and increasing awareness of this tactic. By properly educating staff and regularly updating WordPress businesses will be able to close off any potential weaknesses and reduce their susceptibility to attack.
By now, you may have heard about CVE-2014-6271, also known as the “bash bug“, or even “Shell Shock”, that may affect your organisation. It’s rated the maximum CVSS score of 10 for impact and ease of exploitability. The affected software, Bash (the Bourne Again SHell), is present on most Linux, BSD, and Unix-like systems, including Mac OS X. New packages were released today, but further investigation made it clear that the patched version may still be exploitable, and at the very least can be crashed due to a null pointer exception. The incomplete fix is being tracked as CVE-2014-7169.
How do you protect yourself?
The most straightforward answer is to deploy the patches that have been released as soon as possible. Even though CVE-2014-6271 is not a complete fix, the patched packages are more complicated to exploit. We expect to see new packages arrive to address CVE-2014-7169 in the near future. If you have systems that cannot be patched (for example systems that are End-of-Life), it’s critical that they are protected behind a firewall. And test whether that firewall is secure.
How can we help?
Pentura Threatsweeper service (Powered by Rapid7) has been updated with authenticated and remote checks for CVE-2014-6271. Checks for CVE-2014-7169 will follow as soon as they are verified.
If you have any questions, please contact the Pentura support team: firstname.lastname@example.org
The Pentura Team
Reports surfaced this week that Amazon’s Twitch.TV gaming site had been hit by a malware attack that targeted chat forums to access user’s machines. Hackers were found to be sending phishing messages across the site’s chat forums, which lured users with offers of raffle prizes, then drops a malicious Windows binary file on anyone who replies with their name and email address.
The news presents an interesting twist on traditional phishing scams and provides yet another platform for hackers to target sensitive information. The obvious attraction for criminals are the large numbers of users on chat forums and the fact that the platforms offer a haven for phishing scams.
With chat forums becoming increasingly popular in the corporate environment this is a trend that businesses should be monitoring closely and reacting quickly to adjust data loss prevention strategies to maintain security. With employees turning to chat forums to share best practice and problem shoot they need to be aware that they don’t know the identity, or credentials, of the people they are interacting with.
Hackers targeting chat forums will rely upon users trusting they are there to legitimately share information and assist one another to increase the chances of them opening links and files that contain malware. The attack on Twitch is a warning shot to organisations and has given them advanced warning of this latest tactic of the cyber-criminal.
Pentura are currently recruiting for CHECK Team Members (CTM) with Web Application Testing experience.
Please send CVs to:
Head of Penetration Testing Services
New Kaspersky research released this week reported that Children are a major threat to internet security with 20% of parents reporting losing money or information due to their children’s online activity. While parents are already feeling the repercussions of children using devices, businesses should also be taking note of the threat posed.
With professionals increasingly working from home and employees offering flexible working it is important that organisations and their employees are aware of the implications for both security and data loss prevention. While flexible, home based working provides many benefits it is critical that organisations pay careful consideration to the expanded IT, security and data protection implications that accompany these changing working patterns. This extends beyond children using devices with business critical information stored on but also the other challenges posed by the home environment.
Employees working from home need to consider setting up separate work accounts with robust access controls on personally owned devices to ensure that family members, including children, cannot inadvertently put business information at risk. Equally employers need to be setting out clear guidelines on the use of business issued devices for home use and providing relevant security and data loss prevention for home working.
Ultimately employers need to be treating data security in home ‘offices’ with the same level of importance as they would on any business owned property, providing employees with the training and solutions required to holistically secure business data. An out of sight, out of mind approach to data security towards home based employees could prove a costly mistake.