Thousands of Burgerville customers have been informed that critical credit and debit card information may have been compromised during a cyberattack in late August. The Vancouver-based fast-food chain says anyone who used plastic at its restaurants between September 2017 through last week should carefully watch their card statements for unauthorized charges. In addition, the chain recommends customers obtain a copy of their credit report to look for unauthorized information and consider freezing their credit. Commenting on the news are the following security experts: Javvad Malik, security advocate at AlienVault: Compromising point of sale payment systems is something we’ve seen quite a bit of…
ISBuzz Team
It has been reported that Instagram has been spotted prototyping a new privacy setting that would allow it to share your location history with Facebook. That means your exact GPS coordinates collected by Instagram, even when you’re not using the app, would help Facebook to target you with ads and recommend you relevant content. The geo-tagged data would appear to users in their Facebook Profile’s Activity Log, which include daily maps of the places you been. Sam Curry, Chief Security Officer at Cybereason: “It’s generally not a good idea to reveal more information about movements, behaviours and the like; and turning location reporting off…
Five out of six name brand routers, such as Linksys, NETGEAR and D-Link, contain known open-source vulnerabilities according to a report by the American Consumer Institute on router safety. Justin Jett, Director of Audit and Compliance at Plixer: “The recent report showing that 83% of home routers have vulnerabilities should be a concern for IT professionals. While protecting the network will always be a challenge, it becomes even more so with remote employees joining the organization’s ranks. According to a survey by Zogby Analytics, “IDC expects mobile workers will account for nearly three-quarters of the U.S. workforce by 2020.” Because these employees…
Yesterday the UK and several other nations released statements regarding the recent cyber-attacks and linking them to a foreign military unit, saying they are operating under different names including Sednit. Please find a comment from ESET Researcher Alexis Dorais-Joncas, who has been tracking and researching the Sednit group. Alexis Dorais-Joncas, Researcher at ESET: “Today, several countries, including UK, Netherlands and Canada, issued statements related to several high profile cyberattacks that happened in their respective countries in the past few years. Most of the cyberattacks mentioned in the statements have been already made public and linked to the Sednit group, also…
Threat intelligence and penetration testing team finds local privilege escalation issue in network monitoring software CRITICALSTART, aleading provider of cybersecurity solutions, today announced its Section 8 threat intelligence and security research team identified a local privilege escalation vulnerability in Paessler’s PRTG Network Monitor software. The Section 8 team followed standard vulnerability reporting procedures and alerted Paessler back in July and is presenting the findings today as part of its “Linking to Pwnage! Using Symlinks and Hardlinks to Own All the Things”session at the 11thannual Information Warfare Summit in Oklahoma. PRTG is an all-in-one unified monitoring solution that makes it easy for system administrators to know what is…
It has been discovered that Fortnite gamers are suffering from a new malware attack that is concealed within the game. Malwarebytes issues the report which found scammers had found a way to release the malware within “cheat tools” that offered “season passes”, which were deemed “free” for Android users. Commenting on the news and offering insight is Tyler Reguly, Manager of Software Development at Tripwire. Tyler Reguly, Manager of Software Development at Tripwire: “Based on the Malwarebytes Labs’ blog post, this malware targeting Fortnite gamers looks for personal information including browser sessions and cookies. This could potentially spell trouble for enterprises that have end users gaming and…
It’s being reported that the National Cyber Security Centre has exposed a campaign by the GRU (Russian Military Service) of ‘reckless and indiscriminate’ cyberattacks on the UK targeting business, media, politics and sport. IT security experts commented below. Ross Rustici, Senior Director, Intelligence Services at Cybereason: “This coordinated rehashing of hacks that have previously been attributed to Russia is nothing more than a political stunt to make it appear to certain domestic constituencies that governments are taking the Russian cyber threat seriously. The NCSC report is akin to a sports team’s game tape. Here are all the plays Russia has run in the last two…
In response to the news that an updated version of the Smoke Loader malware downloader has been sampled in the wild and contains one of the first successful uses of the PROPagate injection technique, Jake Moore, Security Specialist at ESET commented below. Jake Moore, Security Specialist at ESET: “Password stealing malware is nothing new. Clicking on malicious links or requesting you to enable macros is a classic technique using by cyber criminals. The best way to better protect yourself is to simply be aware of these types of attacks. However, you should also ensure that any accounts associated with your…
Bloomberg broke a story today about how Chinese spies reportedly inserted microchips into servers used by Apple, Amazon, and others. According to the article, Chinese spies have infiltrated the supply chain for servers used by nearly 30 US companies. The chips were “not much bigger than a grain of rice,” reports Bloomberg, but able to subvert the hardware they’re installed on, siphoning off data and letting in new code like a Trojan Horse. According to Bloomberg, Amazon and Apple discovered the hack through internal investigations and reported it to US authorities. The publication says there’s no direct evidence that the companies’ data — or that of…
No doubt you have seen the news today about the UK government accusing Russia’s military intelligence service (GRU) of being behind four high-profile cyber attacks. IT security experts commented below. Malcolm Taylor, Director Cyber Advisory at ITC Secure: “It is unprecedented that the government should so overtly point the finger directly at the GRU. They must be very confident of their facts, either due to some sort of technical ‘fingerprint’ in the attack vectors themselves, or perhaps through corroboration from various other intelligence sources. But I think it’s also important to consider who benefits from attacks against these specific targets – WADA,…