3 Million Customer Credit, Debit Cards Stolen in Michaels, Aaron Brothers Breaches

April 17, 2014 – 5:48 PM

Nationwide arts and crafts chain Michaels Stores Inc. said today that two separate eight-month-long security breaches at its stores last year may have exposed as many as 3 million customer credit and debit cards.

The disclosure, made jointly in a press release posted online and in a statement on the company’s Web site, offers the first real details about the breach since the incident was first disclosed by KrebsOnSecurity on January 25, 2014.

The statements by Irving, Texas-based Michaels suggest that the two independent security firms it hired to investigate the break-ins initially found nothing.

“After weeks of analysis, the Company discovered evidence confirming that systems of Michaels stores in the United States and its subsidiary, Aaron Brothers, were attacked by criminals using highly sophisticated malware that had not been encountered previously by either of the security firms,” the statement reads.


LaCie admits to year-long credit card breach

April 15, 2014 – 6:14 PM

LaCie is the latest major retailer and tech company finding itself to be the target of a major security breach by unknown assailants.

The French hardware company confirmed in a statement on Tuesday that malware successfully made its way through to access sensitive customer information stemming from transactions on its website.

Here’s where things get really bad: Virtually everyone who shopped on LaCie’s website in the last year is at risk.

LaCie, which is set to merge with American hard drive maker Seagate, said it was informed about the breach on March 19, 2014 by the FBI.

But the hardware company speculated that all transactions between March 27, 2013 and March 10, 2014 were possibly affected.

Brian Krebs, the former Washington Post reporter who first broke the Target security breach story last winter, reiterated on his security blog on Tuesday that he previously published evidence about the LaCie attack last month.

Krebs said that had the digital storefront had “been compromised by a group of hackers that broke into dozens of online stores using security vulnerabilities in Adobe’s ColdFusion software.”


The Heartbleed Bug

April 7, 2014 – 8:23 PM

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.



(Patch OpenSSL now!)

Zeus malware found with valid digital certificate

April 4, 2014 – 5:46 AM

A recently discovered variant of the Zeus banking Trojan was found to use a legitimate digital signature to avoid detection from Web browsers and anti-virus systems.

Security vendor Comodo reported Thursday finding the variant 200 times while monitoring and analyzing data from users of its Internet security system. The variant includes the digital signature, a rootkit and a data-stealing malware component.

“Malware with a valid digital signature is an extremely dangerous situation,” the company said in a blog post.

Zeus is typically distributed through a compromised Web page or through a phishing attack in which cybercriminals send email that appear to come from a major bank.

A sample of the latest Zeus variant tried to trick the recipient into executing it by posing as an Internet Explorer document that included an icon similar to the Windows browser.

Because the file is digitally signed with a valid certificate, it appears trustworthy at first glance, Comodo said. The certificate is issued to “isonet ag.”


More than 24M home routers enabling DNS amplification DDoS attacks

April 3, 2014 – 4:58 PM

Tens of millions of the home routers we rely on everyday for internet access are enabling Domain Name System (DNS) based distributed denial-of-service (DDoS) attacks, and owners may never even know it, according to research by DNS software provider Nominum.

Working collaboratively with the Open Resolver Project, Nominum learned that open DNS proxies in more than 24 million home routers are allowing for DNS-based DDoS attacks, according to a Wednesday post, which adds that 5.3 million of the routers were used to generate attack traffic in February.

The DDoS attack in question is known as a DNS amplification attack, which essentially involves an attacker spoofing an IP address, sending small DNS queries to the internet service provider (ISP) that return large answers, and then sending those amplified answers to the target.

“It’s a really low bar in terms of sophistication and the capabilities that attackers need,” Bruce Van Nice, Nominum director of product marketing who headed up the research, told SCMagazine.com on Wednesday. “They just need to send DNS queries. They need to sit somewhere on the internet where they can spoof an IP address. It’s pretty easy to do.”

The issue with this particularly sneaky and effective attack is that most home routers are not provided by the ISPs, meaning the internet provider cannot access the device for preventive upgrades, Van Nice said, adding that the set it and forget it mentality of the consumer, and the lack of owner awareness of even an ongoing attack, compounds the problem.