Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Point of Sale Breach
Breaking News Data Breach Hacking News Point of Sale Breach

Jimmy Johns hit by Point of Sale(POS) Malware

Jimmy John's is the latest company hit with Point-Of-Sale(POS) information breach. 

The Illinois based sandwich shop said it learned of the hack on July 30 and immediately hired security experts to help with the investigation.

In July, Brian Krebs reported that multiple financial institutions were seeing fraud on cards that had all recently been used at Jimmy John's locations.  He also reported that the stores are using pos systems made by a third party vendor Signature Systems Inc.  At the time,  the breach was not confirmed.  After nearly two months, the company confirmed it.

According to the company's statement, hackers stole log-in credentials from its POS vendor and used them to gain access to Jimmy John's POS systems.

The Signature Systems also confirmed the breach that attackers gained access to user name and password that they used to remotely access the POS systems.

The attackers then installed a malware which is designed to capture payment card data from cards that were swiped through terminals.

The information including card number, verification code, expiration date and card holder's name are at risk. The company says the information entered online such as email ids,passwords are not affected.

The incident affected approximately 216 Jimmy John's stores.
Read more »
Hacking News
Featured Hacking News

Data Breach at TripAdvisor's Viator affects 1.4 million customers, card information stolen

The travel site Viator, a subsidiary of TripAdvisor, has suffered a data breach that has compromised customer's information which includes payment card information.

The company is in the process of notifying nearly 1.4 million customers about the breach.  Of that number, approximately 880,000 people had their payment card data compromised(credit/debit card number, expiration date, name, billing address, email address).

A further 560,000 customers had their account information including email IDs, hashed passwords and nickname accessed by the attackers.

The company said that at this time they have no reason to believe customer's card security codes had been compromised.  They company also said that they don't collect debit PIN numbers, so it could not be compromised.

Viator became aware of the breach after receiving a notification from its payment card service provider that unauthorized charges occurred on a number of our customers' credit cards.

The company said it hired forensic experts to investigate the incident and to identify how their systems may have been impacted.

It is also offering a free identity protection services and credit card monitoring services for those affected individuals.



Read more »
Hacking News
Breaking News Exploit Kits Hacking News

jQuery.com reportedly hacked to serve malware


JQuery.com, the official website of the popular javascript library JQuery(used by nearly 70% of top 10,000 websites), had reportedly been compromised and had served credential stealing malware. 

RiskIQ announced that they had detected a malicious script in jquery.com that redirects visitors to a website hosting the RIG Exploit kit.

The redirector domain(jquery-cdn[dot]com) used in this attack has been registered on September 18, the same day on which the attack was detected by RiskIQ.  RiskIQ believes that this domain was intended specifically to blend into the website.

The good news is that RiskIQ found no indication suggesting that the JQuery library itself has been affected.  Otherwise, many additional websites using the JQuery CDN to load the JQuery library would also have been affected.

The people at JQuery.com says they found no logs or evidence that their server was compromised.

"So far the investigation has been unable to reproduce or confirm that our servers were compromised. We have not been notified by any other security firm or users of jquery.com confirming a compromise." JQuery.com blog post reads.
Read more »
Spam Report
Hoax Spam Report

Don't cook your iPhone with Microwave oven


There is an Internet hoax circulating around claiming users of Apple's IOS 8 can charge their iPhone by putting it in the microwave oven.

The hoax ad was posted in 4chan and stated "Wave is our latest and greatest addition to iOS8. Wave allows your device to be charged wirelessly through microwave frequencies.  Wave can be used to quickly charge your device's battery using any standard household microwave"

I don't think anyone fall for this hoax. But it is funny to read the ad and tweets about it.

Last year, when iOS7 was first launched, some pranksters made a similar fake ad claiming updating to the iOS7 made phones waterproof.  Many people reportedly fell for that hoax.

Read more »
Vulnerability
Android Vulnerability Featured Hacking News Vulnerability

Vulnerability in Android default browser allows attackers to hijack Sessions


A Serious vulnerability has been discovered in the Android default browser(AOSP) that allows a malicious website to bypass "Same Origin Policy(SOP)" and steal user's data from other websites opened in other tabs. AOSP browser is the default browser in Android versions older than 4.4. 

What is Same Origin Policy?
SOP plays an important role in the Web Security, restricts a website from accessing scripts and data stored by other websites.  For example, the policy restricts a site 'Y' from accessing the cookies stored by site 'X' in user's browser.

Same Origin Policy Bypass:
Rafay Baloch, a security researcher, found a security flaw in the "Same Origin Policy" system used by the AOSP browser.  The bug allows the website 'Y' to access the scripts and user's data stored by website 'Y'.

Imagine You are visiting attacker's website while your webmail is opened in another tab, the attacker is now able to steal your email data or he can steal your cookies and could use it to compromise your mail account.

Proof of Concept:
<iframe name="test" src="http://www.example.com"></iframe>
<input type=button value="test"
onclick="window.open('\u0000javascript:alert(document.domain)','test')" >


"Its because when the parser encounters the null bytes, it thinks that the string has been terminated, however it hasn't been, which in my opinion leads the rest of the statement being executed." Rafay said in his blog.

Metasploit Module:
Rafay published the poc on his blog in August.  However, it remained largely unnoticed until rapid7 released a metasploit module that exploits the vulnerability.
http://www.rapid7.com/db/modules/auxiliary/gather/android_stock_browser_uxss

This browser also known for the remote code execution vulnerability, has been discontinued by Google. But older versions of Android do come with this browser.

What you should do?
Stop using the default android browser, Use Google Chrome or Mozilla.
Read more »
Web Application Vulnerability
Joomla vulnerability Vulnerability Web Application Vulnerability

Bug in Joomla! Extension VirtueMart allows hacker to gain Super Admin access

Security researchers at Sucuri found a critical security vulnerability in  VirtueMart, a popular e-commerce extension for the Joomla which has been downloaded more than 3.5 million times.

The vulnerability allows a malicious user to easily gain super admin privilege. With the Super Admin access, the hacker has full control of the website.

Sucuri removed the technical details about the bug after receiving a request from the developer of VirtueMart.

"VirtueMart uses Joomla’s JUser class “bind” and “save” methods to handle user accounts information. That’s not a problem in it of itself, but this class is very tricky and easy to make mistakes with." Researcher wrote in Sucuri's blog post.

VirtueMart has claimed the bug is in Joomla. Researchers at Sucuri also believe the problem is on the Joomla class itself. However, few Joomla experts disagree with the VirtueMart and Sucuri.

"The vulnerability is in VirtueMart's amateurish use of JUser, not the JUser class itself. JUser is a low level API in Joomla! which expects filtered input." Nicholas Dionysopoulos, a contributer to Joomla Project, posted in a Facebook post.

"The modus operandi of programmatic user account creation in Joomla! is to first filter the input using JInput (typically through JFactory::getApplication()->input, not a new object instance), construct an array with only the keys you need and the pass this to JUser. "


The bug was discovered last week and have been fixed in the latest version of VirtueMart(v2.6.10).
Read more »
Security Breach
Breaking News Hacking News Security Breach

About 5 million Gmail IDs and passwords leaked

Around 5 million Gmail user names and related passwords have been leaked in Russian Bitcoin security forum.

Is Google got hacked?
No, the leak was not the result of a security breach of Google systems.  The dump is said to have been obtained from other websites.

So, if you have used the same password used anywhere else, your gmail account could be compromised.

 Google's response
"We found that less than 2% of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We’ve protected the affected accounts and have required those users to reset their passwords." Google wrote.

 What You should do?
  • There are few websites available online to check whether your gmail ID have been compromised or not.  My suggestion is don't use them.  I suggest everyone to change the password.(I believe most of the people keep the same password for years, so it's better to change now).
  • If you have not enabled 2-step-factor feature, it is good to enable it.
  • Never use the gmail password in any other websites.
Read more »
Malware Report
Featured Malvertising Malware Report

Malicious Ad Network "Kyle and Stan" serves Windows and Mac Malware


Cyber Criminals have been placing malicious ads on a number of popular websites including YouTube, Yahoo that serves malicious software.  The campaign also targets Mac users.

The malicious network, uncovered by Cisco Researchers comprise of over 700 domains.  They observed nearly 10,000 connections to the malicious domains.

The operation has been dubbed "Kyle and Stan" because most of the domains used in this campaign for distributing malicious software contain "kyle" and "stan" strings in the sub-domain name.

The users website who visit the websites containing malicious ad will be redirected to another website.  Users will then be redirected to another page that will serve mac or windows malware based on their user agent.

"The attackers are purely relying on social engineering techniques, in order to get the user to install the software package. No drive-by exploits are being used thus far" Armin Pelkmann, Cisco researcher, wrote in a blog post.
Read more »
Security Breach
Hacking News Security Breach

A Test server of HealthCare.gov infected with malware



Hackers managed to breach a server which is part of HealthCare.gov and managed to upload a malicious software.

The server in question is a test server that was not meant to be connected to the Internet, it reportedly doesn't contain consumer personal information. 

The incident was originally reported by the Wall Street Journal.  The attackers broke into the server in july but the security breach was only detected on August 25 during routine review of security logs.

Department of Health and Human Services said the website was not specifically targeted.  The malware used in this attack was likely to perform denial of service attacks on the other websites.

The malware has been removed from the server.

Read more »
Security Breach
Breaking News Security Breach

Security breach at Bartell Hotels affects over 40,000 individuals


Bartell Hotels announced that it had detected potential unauthorized access by a third-party attacker to its customer's financial data.

The payment card processing systems used at five Bartell Hotels were compromised.

The five impacted hotels are Best Western Plus Island Palms Hotel & Marina, The Dana on Mission Bay, Humphreys Half Moon Inn & Suites, Pacific Terrace Hotel and the Days Hotel–Hotel Circle

The official statement says the security breach occurred between February 16,2014 and May 13,2014.  The breach involves theft of certain credit card data including names of customers and credit card numbers.

According to SC Magazine, the data breach affects between 40,000 and 45,000 individuals.  About 16,000 individuals who provided their email ids to the Bartell are currently informed of the breach.

The company is offering free credit monitoring and identity protection to the affected individuals.
Read more »
Security Breach
Security Breach

Goodwill confirms Credit card breach

Goodwill Industries confirmed that a third party vendor's system hit with malware attack, resulting in its customers credit card data being compromised.

The data security issue was intially announced in July,  the organization said it is working with federal authorities to investigate the issue.

Following the investigation , the organization determined that malware had been installed on third party vendor's system used by 20 Goodwill customers(about 10% of all stores) to process credit card payments.

The affected systems contained names, payment card numbers, and expiration date.  The company says it has found no evidence that customer's personal information affected by this breach.
Read more »
Subscribe to: Comments (Atom)