breach – Tech Today w/ Ken May

Forever 21 breach exposed customer credit card info for months

If you shopped at a Forever 21 store this year, there’s a chance your credit card information may have been stolen, CNET reports. The retail store confirmed this week that between April 3rd and November 18th of this year, a number of point of sale terminals at stores across the US were breached. While it hasn’t provided any numbers on how many customers were affected, Forever 21 did say that in most cases, card numbers, expiration dates and verification codes, but not cardholder names, were obtained by hackers. However, in some cases names were also obtained. Encryption is usually used by the store to protect its payment processing system, but in some stores, the encryption was sometimes off, opening up their point of sale terminals to malware. Not every terminal in every affected store was infected with the malware and not every store was impacted during the full time period of the breach. In some cases, credit card data stored in certain system logs prior to April 3rd were also exposed. Forever 21 said payment processing systems outside of the US work differently but that it was investigating whether non-US stores were affected as well. Purchases made through its website weren’t impacted by the breach. Chipotle and GameStop suffered similar breaches this year while hotel giant HEI announced it was hit with the same type of data breach last year . In a statement , Forever 21 said, “In addition to addressing encryption, Forever 21 is continuing to work with security firms to enhance its security measures. We also continue to work with the payment card networks so that the banks that issue payment cards can be made aware of this incident. Lastly, we will continue to support law enforcement’s investigation of this incident.” Via: CNET Source: Forever 21

Australian defense firm was hacked and F-35 data stolen, DOD confirms

Enlarge (credit: Royal Australian Air Force) The Australian Cyber Security Centre noted in its just-issued 2017 Threat Report that a small Australian defense company “with contracting links to national security projects” had been the victim of a cyber-espionage attack detected last November. “ACSC analysis confirmed that the adversary had sustained access to the network for an extended period of time and had stolen a significant amount of data,” the ACSC report stated. “The adversary remained active on the network at the time.” More details of the breach were revealed on Wednesday at an IT conference in Sydney. ASD Incident Response Manager Mitchell Clarke said, “The compromise was extensive and extreme.” The attacker behind the breach has been internally referred to at the Australian Signals Directorate as ” APT Alf ” (named for a character in Australia’s long-running television show Home and Away , not the US television furry alien). Alf stole approximately 30 gigabytes of data, including data related to Australia’s involvement in the F-35 Joint Strike Fighter program, as well as data on the P-8 Poseidon patrol plane, planned future Australian Navy ships, the C-130 Hercules cargo plane, and the Joint Direct Attack Munition (JDAM) bomb. The breach began in July of 2016. A spokesperson for the US Department of Defense’s F-35 Joint Program Office confirmed the breach to Defense News , stating that the Office “is aware” of the breach. The spokesperson reiterated that no classified data was exposed. Read 7 remaining paragraphs | Comments

See the original article here:
Australian defense firm was hacked and F-35 data stolen, DOD confirms

Yahoo’s 2013 hack impacted all 3 billion accounts

Last year Yahoo (now part of Oath along with AOL after its acquisition by Verizon) announced that back in 2013, hackers had stolen info covering over one billion of its accounts . Today, the combined company announced that further investigation reveals the 2013 hack affected all of its accounts that existed at the time — about three billion. The information taken “may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers.” For users being notified of the hack now, the notification is that their information is included. At the time the breach was first announced, Yahoo required everyone who had not reset their passwords since the breach to do so. According to the FAQ posted, it doesn’t appear there’s any new action being taken. The announcement isn’t very specific about why or how it determined the breach was so much larger — or how it was missed in the original forensic analysis, or how this happened in the first place — likely due to pending lawsuits over the issue. Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft. While this is not a new security issue, Yahoo is sending email notifications to the additional affected user accounts. The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information. The company is continuing to work closely with law enforcement. Source: Oath , Yahoo FAQ

See the original article here:
Yahoo’s 2013 hack impacted all 3 billion accounts

Equifax tries to explain its response to a massive security breach

A day after announcing that hackers stole personal information tied to 143 million people in the US , Equifax’s response to the breach has come under scrutiny. Language on the website where people could find out if they were affected seemed to say that by signing up they would waive any right to join a class action suit against the company — something New York Attorney General Eric Schneiderman said is “unacceptable and unenforceable.” The company has since explained it does not apply to the data breach at all, but that hasn’t stopped misinformation from spreading. After conversations w my office, @Equifax has clarified its policy re: arbitration. We are continuing to closely review. pic.twitter.com/WcPZ9OqMcL — Eric Schneiderman (@AGSchneiderman) September 8, 2017 Equifax: In response to consumer inquiries, we have made it clear that the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident, Of course, considering the extent of what has leaked and the number of people affected, a hyperbolic reaction to anything surrounding this incident is understandable. Still, there are a few steps that people can and should take, now that we know someone has stolen more than enough information to perpetrate identity theft on a massive scale. Now that the language has been clarified, it appears legally clear to use Equifax’s website to check things out. Among Engadget staff, a few of us received notices that we aren’t among those impacted, but most weren’t so lucky. Still, there are questions about how secure the site itself is, since it requests the last six digits of each person’ social security number (and guessing first three isn’t as hard as you might think). Also, it doesn’t appear to work particularly well , responding to test and “gibberish” input with a claim that it’s part of the breach also. The best information on how to respond is available from the FTC . The government agency lays out solid next steps, like checking your credit report for any suspicious entries, as well as placing a freeze (there’s more advice on that here ) and/or fraud alert on your account with the major credit bureaus. This will make it harder for a thief to create a fake account for you and should force creditors to verify your identity. Finally, it’s important to file your taxes early, before a scammer potentially can. Source: Equifax , FTC

View article:
Equifax tries to explain its response to a massive security breach

Tesco Bank breached: Money stolen from 20,000 accounts

The UK’s Tesco Bank has confirmed that tens of thousands of its customers’ current accounts were compromised over the weekend, leading to fraudulent withdrawals to the tune of several hundreds of pounds, in some instances. Suspicious activity was seen across some 40, 000 accounts, with money taken from around 20, 000 of those, the bank’s chief exec told the BBC . In reaction, Tesco Bank has temporarily frozen all online payment facilities for current accounts, and guaranteed affected customers will receive full refunds as soon as possible. Tesco Bank has said in its latest update that cards can still be used to withdraw cash, as well as make chip and pin transactions. All scheduled direct debits and bill payments are unaffected, too, though customers should’ve been contacted and told all this already. In the immediate aftermath, overwhelmed support phone lines, cancelled cards and the online payments freeze will be a serious inconvenience, not to mention the missing money. But how did this happen in the first place? As yet, we have no real details on the nature of the breach, but of all online services, you expect banking to be unfalteringly secure. Local telco TalkTalk lost 100, 000 customers after last year’s hack exposed personal details — as well as being fined £400, 000 (around $500, 000) just last month. Rebuilding trust after losing customers’ money will be a much taller order, even if only 40, 000 of more than 7 million current accounts were compromised. It could, of course, have been a very sophisticated attack — or lax security, or facilitated by someone on the inside. For now, Tesco Bank will be scrambling to fix the situation, and is working “with the authorities and regulators to address the fraud.” But hopefully it won’t be too long before we understand more about the breach’s origins. Source: Tesco (1) , (2)

ColdFusion hack used to steal hosting provider’s customer data

A vulnerability in the ColdFusion Web server platform, reported by Adobe less than a week ago, has apparently been in the wild for almost a month and has allowed the hacking of at least one company website, exposing customer data. Yesterday, it was revealed that the virtual server hosting company Linode had been the victim of a multi-day breach that allowed hackers to gain access to customer records. The breach was made possible by a vulnerability in Adobe’s ColdFusion server platform that could, according to Adobe, “be exploited to impersonate an authenticated user.” A patch had been issued for the vulnerability on April 9 and was rated as priority “2” and “important.” Those ratings placed it at a step down from the most critical, indicating that there were no known exploits at the time the patch was issued but that data was at risk. Adobe credited “an anonymous security researcher,” with discovering the vulnerability. But according to IRC conversation including one of the alleged hackers of the site, Linode’s site had been compromised for weeks before its discovery. That revelation leaves open the possibility that other ColdFusion sites have been compromised as hackers sought out targets to use the exploit on. Read 5 remaining paragraphs | Comments

Read the original post:
ColdFusion hack used to steal hosting provider’s customer data