Several US financial institutions have discovered a pattern of credit card fraud in accounts used at different Chick-fil-A locations across the US, according to KrebsOnSecurity.

Veteran security reporter Brian Krebs writes that Chick-fil-A received similar reports and is now working with authorities in an ongoing investigation to determine whether there was a data breach. The site first heard of the potential compromise in November, but a major credit association issued an alert late this month that confirmed the situation. "Just before Christmas, one of the major credit card associations issued an alert to several financial institutions about a breach at an unnamed retailer that lasted between Dec. 2, 2013 and Sept. 30, 2014," Krebs noted.

If the fraud is due to a data breach, Information Week reports that Chick-fil-A will absolve affected customers of fraudulent charges and offer them free credit monitoring services. "If the investigation reveals that a breach has occurred, customers will not be liable for any fraudulent charges to their accounts," the company said in a statement. "Any fraudulent charges will be the responsibility of either Chick-fil-A or the bank that issued the card. If our customers are impacted, we will arrange for free identity protection services, including credit monitoring."

Read 2 remaining paragraphs | Comments


Guardians of Peace, the hacker group that targeted Sony Pictures over its film, The Interview, has apparently also threatened to hack an unnamed "news media organization," according to a bulletin from the FBI and the Department of Homeland Security (DHS).

The document, dated December 24, 2014, was first published by The Intercept on Wednesday. The FBI did not immediately respond to Ars’ request for comment.

Referring to Sony Pictures as USPER1 (US Person 1), the bulletin reads:

Read 3 remaining paragraphs | Comments

LinuxSecurity.com: A vulnerability has been found in MIT Kerberos 5, possibly resulting in arbitrary code execution or a Denial of Service condition.
LinuxSecurity.com: Security Report Summary
RETIRED: Linux Kernel 'Polkit' Local Privilege Escalation Vulnerability
Multiple WordPress Themes Multiple Arbitrary File Download Vulnerabilities
Docker CVE-2014-9356 Multiple Directory Traversal Vulnerabilities
Docker CVE-2014-9357 Remote Privilege Escalation Vulnerability
Docker CVE-2014-9358 Multiple Directory Traversal Vulnerabilities
[The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central
Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook


2014 was the year hacking became the norm
Information security — or the lack thereof — was one of the biggest stories of 2014. From Heartbleed to Kmart to JPMorgan to Snapchat to iCloud to Sony Pictures to countless others, data breaches and software vulnerabilities made news nearly every ...

and more »
Internet Storm Center Infocon Status