This Week in Cybersecurity News
Credit Card Breach at Mandarin Orientalby Brian Krebs, Krebs on Security
Mandarin Oriental Hotel Group has confirmed its hotels have been affected by a credit card breach. According to a Mandarin Oriental statement, the “credit card systems in an isolated number” of hotels in the US and Europe were breached. Banking industry sources told Brian Krebs that most if not all Mandarin hotels in the US were impacted including locations in Boston, Florida, Las Vegas, Miami, New York and Washington, D.C. The breach reportedly began in December 2014.
Serious FREAK Flaw Renders Android, iOS Devices Vulnerable to HTTPS Snooping by Paul Mah, FierceCIO
A vulnerability known as FREAK, or “Factoring attack on RSA-EXPORT Keys” has been found to affect SSL and TLS technology. The flaw allows a man-in-the-middle attack to downgrade encryption to a weaker 512-bit key instead of today’s standard 2048-bit keys. Vulnerable devices include Android, iOS and OS X operating systems. Most Windows and Linux devices are not vulnerable.
'Domain Shadowing' Hijacks Registrar Accounts to Spawn Attack Sites by Darren Pauli, The Register
Domain Shadowing attacks are targeting Adobe Flash and Microsoft Silverlight. The attackers use phishing emails to steal domain registrar account credentials and set-up tens of thousands of short-lived sub-domains that redirect victims to sub-tier landing pages hosting the Angler exploit kit.
Uber Breach could affect the Data of 50K Drivers by Dara Kerr, CNET
Uber announced on February 27 that one of its databases was breached, putting up to 50,000 former and current Uber drivers’ personal information at risk. The database contained the names and driver’s license numbers of Uber drivers across multiple states. The breach was first discovered on September 17, 2014 but was believed to be a onetime incident that took place on May 13, 2014.
D-Link Issues Firmware Updates to Address Router Vulnerabilities by Adam Greenberg, SC Magazine
D-Link is releasing firmware updates for a numbers of its routers to identify vulnerabilities that can be exploited to load malicious code, permit command injection and disclose information about device configuration to attackers. The affected products are DIR-626L, DIR-636L, DIR808L, DIR810L, DIR-820L, DIR-826L, DIR-830L and DIR-836L.
ICYMI Threat Geek Post of the Week: Ahhh … FREAK - Out! by David Gilbert