Tag : breach

Hundreds of Thousands of Cash Registers HACKED

OracleOracle2

According to security experts, Russian hackers have breached more than 330,000 cash registers in fast food chains, retail stores, and hotels around the world. The target of the hacking was a network point-of-sale-systems manufactured by Micros, says security researcher Brian Krebs. ¬†Oracle, which acquired the Micros network point-of-sale-system in 2014, confirmed the attack with a statement saying the company ” had detected and addressed malicious code in certain legacy Micros systems.” The vulnerability occurred in the system Oracles uses to help customers remotely troubleshoot problems with point-of-sale devices, a Micros infrastructure. The company is unsure of the scale of the breach, but is working to determine the size of the problem that lies ahead. The time of the initial attack is also¬†undetermined, as well as the scope of financial data that may have been stolen. An investigation into the breach did lead to a link between the micros support portal and a server known to be used by a Russian cybercrime group called the Carbanak group.

“This breach could be little more than a nasty malware outbreak at Oracle,” Krebs wrote. “However, the Carbanak Gang’s apparent involvement makes it unlikely the attackers somehow failed to grasp the enormity of access and power that control over the Micros support portal would grant them.” – Brian Krebs, Security Researcher

This is not the first time the company has been the hot seat for how they handle security incidents, in fall of 2015 Oracle settled out of court with the Federal Trade Commission over charges that Oracle had deceived customers about Java (owned by Oracle) platform security updates.

 

 

 

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.zdnet.com

Lets agree to not use Yahoo anymore

Yahoo Breach

A hacker responsible for breaches of both LinkedIn and MySpace, has reportedly stolen 200 million login credentials for Yahoo accounts.  The hacker goes by the name peace_of_mind and claims to have also stolen credentials for Tumblr as well.  He is selling the Yahoo information on the darknet in a marketplace called TheRealDeal, where for 3 bitcoins, or US $1,824 anyone can buy them. Motherboard reported that a Yahoo spokesperson told them that the company was aware of the credentials being stolen online, but did not confirm whether Yahoo itself had been hacked in order to obtain the login credentials.

In a statement to Motherboard Yahoo states,

“We are committed to protecting the security of our users’ information and we take any such claim very seriously,” a Yahoo spokesperson said. “Our security team is working to determine the facts.”

The biggest oddity of the news appears to be the credibility of the login credentials. Many of the accounts appear to be disabled or otherwise inactive when Motherboard attempted to test 100 of the posted email addresses, most came back “undeliverable”. When Motherboard contacted peace_of_mind ¬†posting on TheRealDeal, he explained most of the stolen credentials were from 2012.¬†Peace_of_mind has posted a sample of the stolen Yahoo database, including passwords and email addresses that have been hacked using the MD5 algorithm.

As many may remember, this is not the first time Yahoo has been put in a bad spot due to a security breach. In 2012 a breach exposed 453,000 passwords while in 2014 a breach involved what the company called a “coordinated effort” to gain access to Yahoo email accounts. In May of this year the United States House of Representative ¬†blocked Yahoo access on it’s network due to concern that the company was a target for hackers. Rightfully so apparently.

The company told PCmag in a statement,

“[Yahoo] works hard to keep our users safe, and we always encourage our users to create strong passwords, or give up passwords altogether by using Yahoo Account Key, and use different passwords for different platforms.”

Regardless of whether or not Yahoo confirms the breach, users should most certainly change there credentials, and in my own opinion, jump ship to Gmail.

 

 

 


 

If you would like to educate yourself in more detail about the information presented in this blog post please visit : www.pcmag.com  www.pcworld.com