Silobreaker Daily Cyber Digest – 3 March 2016
Wendy’s Breach: The Aftermath(?)
Krebs has reported that several credit unions are experiencing an unusually high volume of debit card fraud from the Wendy’s POS breach.
One of Krebs’ sources, the CEO of the National Association of Federal Credit Unions, claims that the number of compromised accounts stemming from Wendy’s has easily eclipsed those that resulted from the Target or Home Depot breaches.
The accounts targeted and the speed at which they were drained suggests that this breach is the work of an experienced group. Credit card issuers are apparently having difficulty issuing new cards to customers, who return to Wendy’s and have their card details stolen again.
Operation Fingerprint is a project by Malwarebytes and GeoEdge that looks at the role that fingerprinting plays in malvertising campaigns.
Fingerprinting is used by exploit kits like Angler to assess victims’ computers and make sure that they are valid targets, rather than honeypots or other research/security-based tools. This can be done via small amounts of code embedded in website ads.
The full whitepaper is available here.
RSA’s Flawed Android App
Apparently the Samsung Galaxy S4 smartphones given to exhibitors at this year’s RSA conference have a plaintext, default password embedded in their badge scanning app.
The phones are meant to run in ‘kiosk mode’, which means that only the customised badge scanning app is usable. After discovering the default password, researchers at Bluebox Security gained access the app’s settings and put the device into developer mode, giving them full access to the phones.
The badge scanning app was developed by an unnamed third party and the flaw, while amusing, is unlikely to cause problems.
Visa Credit Card Spam Campaign
Spam campaigns that use credit card reward schemes to entrap people are hardly unique in the world of cyber crime. There is, however, a particularly nasty spam operation currently circulating that tricks individuals into downloading the Teslacrypt Ransomware.
The Silobreaker Team