Information Security News
by Sean Gallagher
In July, it was revealed that Goodwill Industries had suffered from a credit card data breach that affected the charitable retailer’s stores in at least 21 states. The Goodwill breach seemed by many to be just the latest case of criminals taking advantage of the weak underbelly of retailers—their point-of-sale systems. But now, as it turns out, the Goodwill breach was just part of a much larger attack on an outside managed service provider that affected at least two other companies. And many more may have been affected without their knowledge.
Security reporter Brian Krebs first broke the news on the Goodwill breach in July, and traced the breach back to C&K Systems, a reseller of retail software systems from NCR, Retail Pro, and other retail software and systems providers. Goodwill had outsourced much of the operation of its retail systems, including its point-of-sale (POS) systems, to C&K through a managed service contract.
In a statement published on Monday, C&K Systems admitted that they had suffered a breach of point-of-sale systems tied to their “Hosted Managed Services Environment.” The company determined with the assistance of outside forensic investigators that the breach began sometime in early 2013. “The unauthorized access affected our Hosted Management Services Platform intermittently between February 10, 2013 and August 14, 2014.”
An email titled "Your online background check is now public" might be half-scary if it was sent to a real person. But if it is a bunch of honeypot email addresses that have nobody associated to them in real life, and they get half a dozen of these emails per week, then it can only be spam, scam, or - most likely - both.
After tolerating and binning these noisy emails for a number of weeks, we finally decided to take a look-see on what is behind them. Turns out they all lead to "instantcheckmate-dot-com", who are peddling "background investigation services".
Sadly, the "background check" for our Honeypot actually wasn't all that extensive. I would have loved to read about the sleazy hidden life of our little Honeypot, especially its speeding tickets (highly unlikely, it is an old i486) and its convictions for possession (more likely, given that on past occasions, smoke has been seen coming from the enclosure), or its sex offenses (unlikely again, given that its ports are all serial, and its slots are all ISA :).
We didn't try the Instant Checkmate "service", so I can't tell if its any good. But given that its offerings apparently need to be spammed, and the spammed URLs change daily, and redirect across four hops to end up on tcgtrkr-dot-com, and finally on instantcheckmate, I'd say the odds are they ain't up to much good.
If you own this "service", you are welcome to comment, after all, your background check is now public :). If you prefer not to comment, you might want to consider removing email addresses that have the word "sans" in them from your spam list, maybe?(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The Citadel trojan, a popular program used by cybercriminals to gather banking credentials and steal money from accounts, has become the latest financial malware to be repurposed as a tool to steal industrial secrets—this time from petrochemical companies in the Middle East.
During mid-summer, unknown attackers used the program to gather data, including e-mail messages and credentials, from the firms, IBM Trusteer stated in an analysis published on Monday. The company's researchers identified Citadel as the malware used to infect and steal data from the companies, which included "one of the largest sellers of petrochemical products in the Middle East and a regional supplier of raw petrochemical materials," the analysis stated.
The attack shows that either cybercriminals are branching out into stealing valuable industrial secrets or that industrial and nation-state spies are using off-the-shelf malware and opportunistic infections to gather sensitive information, says Dana Tamir, director of enterprise security for IBM Trusteer.
Posted by InfoSec News on Sep 17http://www.finextra.com/news/fullstory.aspx?newsitemid=26446
Posted by InfoSec News on Sep 17http://arstechnica.com/security/2014/09/hacker-exploits-printer-web-interface-to-install-run-doom/
Posted by InfoSec News on Sep 17http://www.computerworld.com/article/2684180/hackers-had-access-to-goodwill-hosting-provider-for-18-months.html
Posted by InfoSec News on Sep 17http://www.computing.co.uk/ctg/news/2369726/jp-morgan-denies-that-system-blueprints-were-stolen-in-june-cyber-attack
Posted by InfoSec News on Sep 17http://www.itpro.co.uk/security/23124/amazon-fixes-security-flaw-in-kindle-ebooks
UK.gov lobs another fistful of change at SME infosec nightmares
This has not gone down well with the infosec world. Security experts have said a bigger slice of the UK's £860m cyber security budget ought to be allocated to tackling security problems at the SME level to have any realistic chance of making a difference.
Posted by InfoSec News on Sep 17http://www.businessweek.com/articles/2014-09-16/home-depot-breach-why-small-merchants-will-pay
How to talk infosec with kids
Help Net Security
As cybersecurity professionals, we know first-hand how the cyber world is filled with battles between good and evil. But do your kids know that? If you're a parent, like me, chances are you're concerned about your kids using the Internet. As they live ...
How to talk infosec with kids
Help Net Security
I say it's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals it's our duty to teach ALL the kids in our life about technology, whether they be our nieces, nephews, grandchildren, neighbors or ...