Got some good stuff this week so let’s not delay!
- First story of the week brings news of another potential breach, this time that of the Hilton Hotel Chain. Seems like some of their PoS devices were compromised, dating as far back as November 2014. The extent of the breach and the details are unknown at this time, but I am sure more will surface in the coming weeks.
- Read More @ https://threatpost.com/hotel-chain-hilton-worldwide-investigating-potential-pos-breach/114830/
- Next, an interesting story by Krebs that looks at a particular method cybercriminals use for extracting cash from stolen credit cards referred to as “reshipping”. Very cool piece that provides a bit of insight into how these thieves operate.
- Read More @ http://krebsonsecurity.com/2015/09/with-stolen-cards-fraudsters-shop-to-drop/
- Two critical bugs have been found in the TrueCrypt software that allow for privilege escalation which could lead to installation of malware and compromise of the TrueCrypt credentials and access through parallel channels. Both of the flaws were found by researchers from Google’s Project Zero. Good news is that free alternatives like VeraCrypt are available.
- Read More @ http://thehackernews.com/2015/09/truecrypt-encryption-software.html
- Next, a good look at some of the recent activity of the Nuclear Exploit Kit. Sans Internet Storm Center takes a good look at some of the activity of this infamous exploit kit. Good analysis.
- Read More @ https://isc.sans.edu/diary/Recent+trends+in+Nuclear+Exploit+Kit+activity/20203
- Finally, news of another breach. This time it’s the “Patreon” service that has disclosed news of unauthorized access. Names, addresses, and e-mails were accessed. Social Security Numbers and Passwords were accessed as well but those were securely hashed according to Patreon.
- Read More @ http://thenextweb.com/insider/2015/10/01/patreon-was-hacked-personal-data-accessed/