This week both Starwood Hotels and Resorts and Wilderness Resorts reported breaches on their credit card payment systems. Pearson VUE claims a third party is responsible in illegally obtaining data from the Pearson Credential Manager (PCM) system which is used by networking and security giants. Dell is reported to be shipping new laptops and PCs with a vulnerability.

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

 

PoS Malware

Starwood Hotels and Resorts announced that 54 of their locations were attacked by a PoS malware that compromised payment systems in sales registers including those of the gift shops and restaurants.

Why is this signficant?

  1. The attack occurred from November 2014 to June 2015.  The stolen data seems to be customer names, including credit card details. 
  2. PoS campaigns are increasingly tagging hospitality as their new target. In the past few months, also the Trump Hotel Collection and the Hilton have been included in the “been-breached” club.
  3. The cost of a breach? Stay tuned but in the meanwhile Starwood Hotels and Resorts are offering 1-year free credit monitoring service for any customers that were affected from the breach.

Read the full story on The Register

 

Wilderness Resort located in Wisconsin Dells, has also been included in the “been-breached” club. The resort reported a breach that occurred from March 9 to June 8 2015 that had stolen credit card information.  The number of guests affected has not been published.

Why is this signficant?

  1. Although the breach occurred in the Spring, the malware was discovered only on October 8.
  2. The malware has been removed, but not before affecting the resort’s reservation information, food and beverage outlets, attractions and shops on the property.
  3. Also Wilderness Resort is offering guests whom used their credit cards during the time of the breach, a free credit monitoring service for 1-year.  This 1-year credit monitoring service continues to be offered by companies to ease customers’ minds during the investigation of these PoS breaches.

Read the full story on Journal Sentinel

Breaches

Pearson VUE claims a third party has illegally accessed its Pearson Credential Manager (PCM) system.  The PCM supports certification tracking for companies such as Synantec, Cisco, F5 and many others. 

Why is this signficant?

  1. The information compromised is stated to be name, mailing address, email address, phone number and employee information. Pearson VUE is stating that social security numbers were not involved.
  2. Symantec is easing concerns stating that “This incident was isolated to Pearson VUE’s Credential Management System and at no point were any of Symantec’s systems or databases accessed or affected.” 
  3. Pearson VUE PCM System have been taken offline while they work with a forensics team and law enforcement to verify the extent of the malicious activity. As these types of breaches occur, it’s time that we cope with the malware and learning how to work securely even during the investigation and remediation of a threat.

Read the full story on The Register

Vulnerabilities

A vulnerability has been identified that affects new Dell laptops and PCs that leave the manufacturing plant with an open internet security window for perpetrators to access the Dell owner’s credentials.

Why is this signficant?

  1. Dell’s vulnerability is being termed Superfish 2.0, which stems from a similar vulnerability appearing in a Lenovo’s 3rd party component, which was exposed earlier this year.
  2. Vulnerabilities such as this and Superfish give a threat actor the ability to infect a device early on in the supply chain. 
  3. As consumers shop around for new laptops and PC’s this holiday season, it will be interesting to see whether this will impact Dell sales this holiday season.

Read the full story on The Register