[ISN] Stealthy new malware snatching credit cards from retailers’ POS systems

http://arstechnica.com/security/2014/07/stealthy-new-malware-snatching-credit-cards-from-retailers-pos-systems/ By Sean Gallagher Ars Technica July 31, 2014 US Computer Emergency Response Team, in cooperation with the Secret Service and researchers at Trustwave’s Spiderlabs, have issued an alert about a newly identified variant of malware installed on point-of-sale (POS) systems that was used in a series of recent attacks by cyber criminals. Called “Backoff,” the malware shares characteristics with the one used to attack Target’s point of sale systems last year: it scrapes credit card data out of the infected computer’s memory. Until now, it was undetectable by antivirus software. POS machines are a big target for hackers, who use malware like Backoff to collect data from credit cards and other transaction information to either create fraudulent credit cards or sell the data. In many ways, the Backoff-based attacks were similar to the attack in 2011 on Subway franchises—hackers used remote desktop software left active on the machines to gain entry, either by brute-force password attacks or by taking advantage of a default password, and then installing the malware on the hacked system. According to US-CERT, Backoff runs in the background watching memory for the “track” data from credit card swipes, which can be used to both obtain the account number on the card and to create fraudulent cards that can be used in ATMs and other point-of-sale systems. Backoff also has a keylogger function that records the key-presses on the infected computer. The malware installs a malicious stub in Internet Explorer that can reload the in-memory component if it crashes and communicates with the criminals’ command and control network—sending home captured credit card data and checking for malware updates. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Sandwich Chain Jimmy John’s Investigating Breach Claims

http://krebsonsecurity.com/2014/07/sandwich-chain-jimmy-johns-investigating-breach-claims/ By Brian Krebs Krebs on Security July 31, 2014 Sources at a growing number of financial institutions in the United States say they are tracking a pattern of fraud that indicates nationwide sandwich chain Jimmy John’s may be the latest retailer dealing with a breach involving customer credit card data. The company says it is working with authorities on an investigation. Multiple financial institutions tell KrebsOnSecurity that they are seeing fraud on cards that have all recently been used at Jimmy John’s locations. Champaign, Ill.-based Jimmy John’s initially did not return calls seeking comment for two days. Today, however, a spokesperson for the company said in a short emailed statement that “Jimmy John’s is currently working with the proper authorities and investigating the situation. We will provide an update as soon as we have additional information.” The unauthorized card activity witnessed by various financial institutions contacted by this author is tied to so-called “card-present” fraud, where the fraudsters are able to create counterfeit copies of stolen credit cards. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hacker group targets video game companies to steal source code

http://news.techworld.com/security/3533895/hacker-group-targets-video-game-companies-to-steal-source-code/ By Lucian Constantin Techworld.com 31 July 2014 A group of attackers with links to the Chinese hacking underground has been targeting companies from the entertainment and video game industries for years with the goal of stealing source code. The stolen intellectual property is used to “crack” games so they can be used for free, to create game cheating tools or to develop competing products, security researchers from Dell SecureWorks said in an analysis of the group’s activities. Dell SecureWorks tracks the hacker group as Threat Group-3279 (TG-3279) and believes it has been active since at least 2009. Information gathered by the company’s researchers while investigating compromises at affected firms suggests that the attack group uses a variety of tools for reconnaissance and persistent access on systems, some of which were developed by members of the group. These tools include an extensible remote access Trojan (RAT) program called Conpee and a rootkit called Etso for hiding network and file activity. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Mitigating cyber risk as healthcare data sharing accelerates

http://healthitsecurity.com/2014/07/30/mitigating-cyber-risk-as-healthcare-data-sharing-accelerates/ By Greg Michaels HealthITSecurity.com July 30, 2014 When it comes to protecting their data, healthcare organizations are increasingly finding themselves caught between the proverbial rock and a hard place. On the one hand, healthcare reform has not only led to organizations generating vast amounts of electronic data, but has also driven the exchange and integration of this information among providers and payers on an unprecedented scale. All of this creation and sharing of electronic health information is aimed at improving patient care, realizing greater efficiencies and lowering overall costs. On the other hand, the million-dollar question—or make that the $5.6 billion question according to the Ponemon Institute’s fourth annual Patient Privacy & Data Security Study—is what happens when a healthcare organization discovers its data has been compromised, whether it be protected health information (PHI), payment card details or personal employee information? Protecting data within the organization and along the supply chain is a major challenge for healthcare entities. Most are already stretched by pressures unique to their industry—i.e., the move from paper to electronic records; the implementation for the ICD-10 code set; Meaningful Use requirements; and the HIPAA Omnibus Rule on privacy protections released last year. Add in issues commonly experienced by most businesses today—e.g., lean staffing, financial stresses—and it’s easy to see how healthcare organizations can find it difficult to dedicate the time to develop an effective information security program and proactively assess and mitigate risks. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hackers Can Control Your Phone Using a Tool That’s Already Built Into It

http://www.wired.com/2014/07/hackers-can-control-your-phone-using-a-tool-thats-already-built-into-it/ By Kim Zetter Threat Level Wired.com 07.31.14 A lot of concern about the NSA’s seemingly omnipresent surveillance over the last year has focused on the agency’s efforts to install back doors in software and hardware. Those efforts are greatly aided, however, if the agency can piggyback on embedded software already on a system that can be exploited. Two researchers have uncovered such built-in vulnerabilities in a large number of smartphones that would allow government spies and sophisticated hackers to install malicious code and take control of the device. The attacks would require proximity to the phones, using a rogue base station or femtocell, and a high level of skill to pull off. But it took Mathew Solnik and Marc Blanchou, two research consultants with Accuvant Labs, just a few months to discover the vulnerabilities and exploit them. The vulnerabilities lie within a device management tool carriers and manufacturers embed in handsets and tablets to remotely configure them. Though some design their own tool, most use a tool developed by a specific third-party vendor—which the researchers will not identify until they present their findings next week at the Black Hat security conference in Las Vegas. The tool is used in some form in more than 2 billion phones worldwide. The vulnerabilities, they say, were found so far in Android and BlackBerry devices and a small number of Apple iPhones used by Sprint customers. They haven’t looked at Windows Mobile devices yet. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail