Undetected Credit Card Stealing Malware on Florist Website

They say "Bad news comes in threes". 1-800-FLOWERS have become the third company this week to have had their data breached. The Canadian branch of 1-800-FLOWERS revealed in a filing with the California attorney general’s office that malware on its website had siphoned off customers’ credit cards over a four-year period. The company said it believes the malware was scraping credit cards between August 15, 2014 to September 15, 2018, but that the company’s main 1-800-FLOWERS.com website was unaffected. “Findings from the investigation suggest that the information collected included your first and last name, payment card number, expiration date, and card security code,” the filing said.

Here are some precautionary measures you can take to reduce the risks:

  • Set up two-factor authentication where possible on all of your accounts.
  • Always use strong and unique passwords.
  • Change passwords on any account that has been hacked, and on any other account using the same password.
  • Be alert to any phishing emails. Offenders use creative methods to trick you into handing over personal information.


Quora.com discloses Mega Breach Impacting 100 Million Users

Quora.com, a website where people ask and answer questions on a range of topics, said hackers breached its computer network and accessed a variety of potentially sensitive personal data for about 100 million users. Protected passwords, full names, email addresses and data imported from linked networks have been compromised. The breached data also included public content and actions, such as questions, answers and comments. In a post published late Monday afternoon, Quora officials said they discovered the unauthorised access on Friday. Since then, they have hired a digital forensics and security firm to investigate and have also reported the breach to law enforcement officials.

Marriott Hacking Exposes Data of Up to 500 Million Guests

Starwood hotels has had up to 500 million guests' data compromised and Marriott says it's uncovered unauthorized access that's been taking place within its Starwood network since 2014. The company said Friday that credit card numbers and expiration dates of some guests may have been taken. For about 327 million people, the information exposed includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences. For some guests, the information was limited to name and sometimes other data such as mailing address, email address or other information.

Serious vulnerability in the Kubernetes could enable an attacker to gain admin rights

A vulnerability in the Kubernetes could allow attackers to gain full administrator privileges over the open source container system's compute nodes which could eventually lead to stealing data, inputting corrupt code or even deleting applications and workloads. The bug is a privilege escalation flaw in RedHat's OpenShift open source Kubernetes platform and was spotted by Darren Shephard, founder of Rancher Labs. The flaw can be exploited in two ways: one through a 'normal' user gaining elevated privileges over a Kubernetes pod, which is a group of one or more containers that share network and storage resources and run in a shared context, and from there they could wreak havoc. The second involves the exploitation of API extensions that connect a Kubernetes application server to a backend server. While a hacker will need to create a new network request to harness the vulnerability within this context, once done attackers could send requests over the network connection to the back-end of the OpenShift deployment.

Hackers Could Spy on Children using Security Flaw

A major security flaw in a popular tablet used by children could allow criminals to remotely groom young people, researchers have found. The flaw affects the InnoTab Max tablets, also known as the Storio Max tablets, created by Hong Kong toymaker VTech. The tablets are targeted to children aged between three and nine and allow them to access music, e-books and websites. However, experts found that attackers could easily set up a malicious link on the parent-approved web page, which would allow them take over the device if a child clicked on it. Security consultant at SureCloud who discovered the flaw, said: "If successfully orchestrated, this could enable an attacker to watch the child via the webcam, listen to them via the microphone or speak to them." He added that an attack could take place without alarms being raised, leaving parents completely unaware of malicious actors accessing the device.

New Campaign Delivering FlawedAmmyy RMS RATs operated by TA505

A campaign called Pied Piper is targeting users in multiple countries and is likely operated by TA505, a threat group known to have orchestrated large Dridex and Locky attacks in the past. Observed starting last week, the phishing attempts use documents with malicious macros for malware delivery. The campaign is multi-staged and still ongoing, with a version delivering the FlawedAmmyy RAT, while another variant dropping the Remote Manipulator (RMS) RAT. Earlier this year, TA505 was observed exploiting an Office zero-day to deliver the FlawedAmmyy RAT. The FlawedAmmyy malware provides users with full access to the victim’s PC and can also be leveraged for lateral movement on the network, thus serving as a potential entry point for a larger attack.


Visit cyber.qa.com for more information on how QA can help solve the Cyber Security skills gap and subscribe to Cyber Pulse.


Useful links

Cyber Pulse: Edition 43

Cyber Pulse: Edition 42

Cyber Pulse: Edition 41

Cyber Pulse: Edition 40

Cyber Pulse: Edition 39

Cyber Pulse: Edition 38

Cyber Pulse: Edition 37

Cyber Pulse: Edition 36

Cyber Pulse: Edition 35

Cyber Pulse: Edition 34