Cyber-Security in 120 Secs: Data Breaches & Stealthy Patches


This week, the extent of Chipotle's data breach was brought to light;  Kmart's payment systems was affected by another data breach of credit/debit cards;  Microsoft patched a critical vulnerability without reporting the patch, as it automatically is patched with the latest  Microsoft update.



Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

Data Breach

Nearly a month after Chipotle disclosed a data breach, the details of the point-of-sale malware attack are posted.

Why is this significant?

  • To re-cap:  April 25, 2017 Chipotle confirmed a data breach that reportedly lasted from March 24 to April 18, 2017.
  • According to reports, the data breach affected 47 states and Chipotle looks to be located in 47 states.  It is still unconfirmed if this malware hit all Chipotle locations.
  • This type of widespread data breach directly affecting customers, may have a negative influence on Chipotle’s brand; not to mention the negative monetary impact that Target can relate to totaling $202 million for cost of Target’s data breach which has continued to accumulate 4 years later.

Read the full story in SC Magazine


2.  Sears Holdings, Kmart’s parent company reports yet another data breach hit Kmart stores’ payment card systems.


Why is this significant?

  • In 2014, Kmart was hit that affected their payment card systems.  It was never confirmed how many were affected in 2014.
  • Once a point-of-sale system has been hit, the chances of re-occurring attacks are very high.  This is why exfiltration prevention is key. The true objective of cybersecurity is to protect data from leaking out.  It doesn’t matter how the attacker infiltrated or even when the malware initially hit; at end of day, what matters is to keep data safe, post infection.
  • Credit card companies sent out the alert that they were seeing stolen credit cards being used and all had the commonality of being used at Kmart. There are 735 Kmart stores worldwide and it is not apparent how many stores were hit or the duration of the attack that went undetected.
Read the full story in KrebsonSecurity



Microsoft patches a critical vulnerability without disclosing.


Why is this significant?

  • Tavis Ormandy from Google’s Project Zero, reported a vulnerability to Microsoft on May 12 and Microsoft silently patched it.
  • This vulnerability is being compared to the May 9th’s vulnerability that Google researches were calling “the worst vulnerability Windows vulnerability in recent memory”.  Although, this vulnerability looks to be a bit more difficult to exploit.
  • MsMpEng includes a full system x86 emulator that is used to execute any untrusted files that look like PE executables," Ormandy explained. "The emulator runs as NT AUTHORITY\SYSTEM and isn't sandboxed. 
  •  ““The emulator’s job is to emulate the client’s CPU. But, oddly Microsoft has given the emulator an extra instruction that allows API calls. It’s unclear why Microsoft creates special instructions for the emulator,” Udi Yavo

Read the full story in Threatpost

SANS review of ensilo



tag cloud