In 2016, the cybersecurity division of the U.S. Department of Homeland Security released a warning that a class of medical devices had a whopping 1,418 vulnerabilities. Admittedly, the devices in question were end-of-life versions of BD Pyxis SupplyStation health care inventory management system. But this extreme example points to the type of collision course that can occur when complex software and connectivity drive core medical device functionality. DHS reasoned that an adversary of low skill could successfully attack the aging Pyxis devices. And over the past decade, security researchers have proven dozens of medical devices, from pacemakers to infusion pumps, are at risk of a cyberattack. Austrian cybersecurity researcher Tobias Zillner, for instance, revealed that a St. Jude Medical pacemaker model produced until 2017 could be hacked using a 2000-era cell phone and the device could be incapacitated within three hours by draining the battery via a cyberattack. A firmware update was later made available to harden that device…
Attacks on Point-of-Sale (POS) systems continue to occur at staggering rates and retailers remain exposed as vulnerabilities in point-of-sale systems afford weak links for attackers to exploit. According to the 2018 Verizon Data Breach Investigation Report (DBIR), of the more than 53,000 incidents examined, 2,216 were confirmed data breaches. The Gemalto Breach Level Index, shows retail at 11% of all breaches in 2017, in 3rd place, only slightly behind Financial at 12%, and Healthcare at a staggering 27%. These findings underscore that cybercrime continues to have a far-reaching impact on businesses across all regions and industries and retail remains squarely in the attacker’s cross-hairs.
Millions of Panera Bread customers may have had their personal data exposed by the fast-casual restaurant chain, according to security experts.
Until Monday, scores of customer information — including names, email addresses, home addresses, birth dates and final four credit card digits — was accessible as plain text on the company’s website, according to a report from security writer Brian Krebs. It’s not clear whether anyone actually accessed any of the data, which was supplied by customers who had made accounts for food delivery and other services.
Hackers stole information for more than 5 million credit and debit cards used at Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores.
Hudson’s Bay Company, which owns the retail chains, confirmed the breach Sunday, and said it has “identified the issue, and has taken steps to contain it.”
“Once the Company has more clarity around the facts, it will notify customers quickly and will offer those impacted free identity protection services, including credit and web monitoring,” Hudson’s Bay said in a press release.
The company added that the cards were used for in-store purchases, and there is “no indication” online purchases were affected. Hudson’s Bay said it’s cooperating with law enforcement in an ongoing investigation.
A cybersecurity firm called Gemini Advisory identified the breach and posted a blog post detailing its scope. The “attack is amongst the biggest and most damaging to ever hit retail companies,” according to the firm.
Gemini Advisory said a hacking syndicate put credit and debit card information it obtained from the hack up for sale on the dark web last week.
A “preliminary analysis” found credit card data was obtained for sales dating back to May 2017, according to the post. The breach likely impacted more than 130 Saks and Lord & Taylor locations across the country, but the “majority of stolen credit cards were obtained from New York and New Jersey locations.”
The hackers were also behind notorious data breaches that affected companies including Whole Foods, Chipotle, Omni Hotels & Resorts and Trump Hotels, Gemini Advisory said.
RMH disclosed the incident on Friday afternoon, which often indicates an attempt to avoid the news cycle and fly under the radar. The company posted a link to the data breach notice on the homepage of its website, but it did not announce anything on social media.
According to the data breach notice, the incident affects more than 160 restaurants in Alabama, Arizona, Florida, Illinois, Indiana, Kansas, Kentucky, Missouri, Mississippi, Nebraska, Ohio, Pennsylvania, Texas and Wyoming. This represents nearly all the restaurants operated by RMH.
In a vast majority of cases, the malware was present on PoS systems between December 6, 2017 and January 2, 2018, but in a small number of restaurants the malware had been active since November 23 or December 5, 2017. The company said the breach does not impact payments made online or using self-pay tabletop devices.
The breach was discovered on February 13 and RMH launched an investigation in cooperation with cybersecurity experts and law enforcement.
The company said the malware was designed to collect names, credit or debit card numbers, expiration dates, and card verification codes.
RMH pointed out that its payment systems are isolated from the broader Applebee’s network, which is not affected by this incident.
By: Carolyn Crandall It is never a good time to have to report a Point of Sale (POS) breach, but having to do so as holiday spending season commences is especially miserable, as this is a sure way to lose consumers’ trust and confidence in your organization during a potentially lucrative time of year.
As we gear up for our eagerly-anticipated Black Friday and Holiday spending rituals, let us hone in on the pervasiveness of serious security threats at work in the nation’s largest POS systems.
This blog discusses how POS breaches continue to pose an overwhelming threat to retail, hospitality, and business organizations worldwide.
Attivo Networks® today announced Attivo ThreatDefend™ now integrates with the McAfee ePolicy Orchestrator® (McAfee ePO™) platform to provide a comprehensive solution for advanced threat management and response. This technology integration combines the Attivo ThreatDefend Platform with the McAfee ePO console for increased detection of in-network threats and detailed attack forensics and accelerated incident response. Additionally, the company has joined the McAfee Security Innovation Alliance™ (SIA) partner program. Under the SIA program, the companies will work together to integrate ThreatDefend technology with McAfee Advanced Threat Defense, providing customers an adaptive defense solution to combat modern day advanced threats.
Whether restaurant, hotel or resort, the hospitality industry is intensely focused on creating a pleasurable experience for guests. Unfortunately, hospitality has become an increasingly attractive industry for cybersecurity threats, according to the 2016 Trustwave Global Security Report. The report notes that the hospitality industry accounted for 14 percent of all breaches, second only to the retail industry. Among the more prominent breaches in the last two years are those at Hyatt (August 2014 – December 2015), Hilton (July – August 2015) and Hard Rock Café (September 2014 – April 2015).
There are escalating security vulnerabilities at work in the nation’s point-of-sale (POS) systems. This situation can be quite series and one that deserves immediate attention and accompanying remediation.
In the last ten years there have been over 1,350 breaches made public within retail and business organizations. In 2016 alone, high profile breaches from Wendy’s, Eddie Bauer, Vera Wang, and Omni Hotels have shaken these companies and left impacted customers angry and frustrated.
It’s the most wonderful time of the year… especially if you’re a hacker. As consumers race to catch the shopping deals and retailers battle it out for their attention and dollars, hackers lurk in the shadows, ready for a chance to strike. This year, they have their eyes on the point-of-sale (POS) system prize. Carolyn Crandall, CMO of Attivo Networks, joined this week’s Hacker Tracker to share the vulnerabilities impacting POS systems and discuss whether massive data breaches are on the horizon in the months ahead.