CYBR650

Week-7

Possible Payment Card Breach – Chipotle

The popular restaurant Chipotle Mexican Grill with over 2000 locations has announced its payment processing system was breached. A Chipotle spokesperson said the company discovered unauthorized activity on its network. They are aggressively investigating the breach and have only provided limited information for now. Initial news shows the intruders may have accessed information from cards used at their restaurants between March 24 and April 18, 2017.

Law enforcement and cybersecurity firms have been notified along with its payment processing firm. Security enhancements have been implemented and they believe the vulnerability has been contained. Chipotle spokesperson stated “Consistent with good practices, consumers should closely monitor their payment card statements … If anyone sees an unauthorized charge, they should immediately notify the bank that issued the card. Payment card network rules generally state that cardholders are not responsible for such charges.” (Kovacs, 2017) There have been several other chain restaurants reporting data breaches in just the past few months to include; Shoney’s, CiCi’s, Arby’s, Wendy’s and Noodles & Company.

References

Kovacs, E. (2017, April 26). Chipotle Investigating Payment Card Breach. Retrieved from Security Week: http://www.securityweek.com/chipotle-investigating-payment-card-breach

CYBR650-T302
Week-6

Threat of Unicode Domain Spoofing Fix Addressed For Chrome

On Wednesday April 19, 2017 Google released Chrome 58 to help address 29 known vulnerabilities. One of these vulnerabilities was known as “Unicode Domain Phishing”. The issue resides in Unicode characters in hostnames through what is called Punycode. Punycode can take characters and change them in a way to allow a hacker to spoof legitimate websites for the purpose of phishing attacks.  According to the Security week article by Ionut Arghire “The issue was also demonstrated by Avanan researchers in December 2016, when they stumbled upon live phishing attacks targeting Office 365 business email users. Using Unicode characters, attackers could create a site looking like http://www.pаypal.com/, but which actually resolved to http://www.xn--pypal-4ve.com/, thus bypassing Office 365’ anti-phishing defenses, the researchers explained.” (Arghire, 2017) 

References

Arghire, I. (2017, April 20). Chrome Addresses Threat of Unicode Domain Spoofing. Retrieved from Security Week: http://www.securityweek.com/chrome-addresses-threat-unicode-domain-spoofing

CYBR650-T302
Week 5

Magento Flaw Exposes Vulnerability for Online Stores

Magento is an e-commerce platform that is vulnerable to hackers. It is used by more than 250,000 vendors worldwide to include Burger King and Coca-Cola. The vulnerability was found in November by the company DefenseCode. When DefenseCode notified Magento, they were told they were aware but it had not been addressed. After several attempts to get status on the potentially serious issue from Magento failed, DefenseCode went public with their findings.

          A new feature which allows users to add Vimeo video content to existing products can leave the system open to an attack. According to the article by Eduard Kovacs “This request method can be changed from POST to GET, allowing an attacker to launch a cross-site request forgery (CSRF) attack and upload an arbitrary file. While invalid image files are not allowed, the file is still saved on the server before it is validated.” (Kovacs, 2017)    Researchers have determined if the attacker is successful, they can gain complete control of the targeted system.  

References

Kovacs, E. (2017, April 14). Unpatched Magento Flaw Exposes Online Stores to Attacks. Retrieved from Securityweek.com: http://www.securityweek.com/unpatched-magento-flaw-exposes-online-stores-attacks

 

CYBR650-T302
Week 4

Wi-Fi flaws discovered, IPhone, Nexus, and Other Smartphones

Google Project Zero researcher Gal Beniamini has discovered vulnerabilities in Broadcom’s system-on-chip (SoC) allowing a hacker the ability the hijack cell phone’s without any interaction from the user. Broadcom Wi-Fi chips are used in many cell phone brands to include Google’s Nexus 5, 6 & 6P, IPhone 4’s and above, and most Samsung Android smartphones.

According to Gal Beniamini “An attacker who is in Wi-Fi range can exploit the security holes found by the Google researcher to take complete control of a vulnerable device without any user interaction.” (Kovacs, 2017) Broadcom was very responsive in fixing the issues and supplying the patches the affected companies.

Apple has scheduled an emergency security update for the remote code execution vulnerability. Samsung has also released a maintenance update with a Google patch and security fix for the Wi-Fi vulnerability.

References

Kovacs, E. (2017, April 5). Wi-Fi Flaws Expose iPhone, Nexus Phones to Attacks. Retrieved from Security Week: http://www.securityweek.com/wi-fi-flaws-expose-iphone-nexus-phones-attacks