It’s another day and another hacked company! Whole Foods announced recently that hackers obtained access to their network and were able to steal credit card information of its customers. While they claimed that their primary systems for taking credit card payments were not impacted, they report systems pertaining to the taprooms, restaurants, and other service systems that are in store use a different credit card processing system. These were the ones that were infiltrated.

Whole Foods who were recently purchased by Amazon did not release the range of the impact nor which facilities were at-risk. They have hired a leading cyber security firm and are investigating.

#hacking #security #WholeFoods

http://abc7.com/2468228/

 

Apple’s keychain is used to store passwords and secure information in an encrypted format making it a little easier for “us the users” to access all the many sites and systems we use daily.  Well an ex-NSA analyst has found a chink in that armor provided by the keychain.  With an app he dubbed “keychainStealer” he was able to retrieve all the contents of the keychain without the need for that master password.  This disclosed Facebook, Twitter, and Bank of America passwords on the machine “attacked”.

Hilarously he made a point of asking for his bug bounty to donate to charity in the opening of the keychainStealer app.  See even programmers have a sense of humor!

So far Apple has had no answer to this zero day vulerability but we expect a patch to come pretty fast as High Sierra is the latest and greatest from the tech giant.

#security #hacking #bug

https://www.forbes.com/sites/thomasbrewster/2017/09/25/apple-mac-os-x-high-sierra-vulnerabilit-hacker-steals-passwords/amp/

A quick alert to all our awesome readers. The mass calling of robocallers are starting. A new fake call is coming from a scammer system claiming to be from CreditFix and are standing by to help you now!

Also if you don’t answer be ready for the text messages the time will come immediately following the robocall. Ignore them as well. Verifying your phone number and info is real is just as important to the scammers as stealing from you.

DON’T BELIEVE IT! Just hang up and ignore the texts. Never say the word “yes”, and put the number on your block list.

We @xsimplr_IT will be monitoring this new scam as closely as we and and will share what we learn with you as soon as possible.

Be safe out there friends and never divulge info to a unsolicited caller. It’s fake 99.999% of the time.

#Equifax #scams

In another in a long list of slip ups Equifax has again got itself into another security hole. By not using their main domain and setting up new domain name for their breach response they have opened themselves up to one of the oldest tricks on the internet. Tricky domain names.

To prove the point a developer simply set up another domain by inverting the first 2 words of the url and even Equifax tweeted the wrong domain out to people. Not once, not twice, but three times!

Equifax’s already weak response to protecting its clients is continuing to slide down the slope of ridiculous.

#Equifax #security #privacy #internet

http://www.kgw.com/mobile/article/news/nation-world/equifax-accidentally-sent-data-breach-victims-to-a-fake-website/477541196

With confidence in our reporting agencies at a all time low another completely avoidable hole in their security has surfaced. Experian, one of the big 3 reporting agencies, let’s you remove your credit freeze with a simple tick box and a 4 digit code. How does one get that code you may ask? Well all you have to do is ask nice enough and they’ll just give to you.

With the procedures being used to validate you identity being so weak it is most definitely important for everybody to stay vigilant. Watch out for yourself out there friends.

#experian #weaksecurity #hacking

https://boingboing.net/2017/09/21/cross-my-heart.html

iTerm2 which is a popular replacement terminal app for OSX leaks everything you hover your mouse over via DNS requests. Why you may ask? Well in an attempt to be a “better app” iTerm2 will take any string you place your mouse cursor over and will do a DNS lookup on the text string. While sounding like a great idea this passes ANYTHING you Hover over to DNS. This includes anything that a user may have on screen such as usernames, passwords, and other sensitive information. All going to DNS servers as a request and typically unencrypted.

This behavior is a huge privacy issue as many users have no idea that they are opening themselves to yet another vulnerability that is super simple to intercept.

So for users of iTerm2 it is advised you upgrade asap to the latest version that just released today that turns this feature off which was set to on by default.

#vulnerability #hacking #apple #osx #iTerm2

https://www.bleepingcomputer.com/news/security/iterm2-leaks-everything-you-hover-in-your-terminal-via-dns-requests/

Avast Security owned software CCleaner was recently found to have been hijacked with a backdoor installed into it by unknown “bad actors”. An wildly popular Windows maintenance application that has been downloaded over 2 billion times, CCleaner has been a favorite of techies and corporate types alike. Avast has acknowledged the issue and a new upgrade was released but to many out there who knows how much was hijacked or stolen during the months this hack has been in play. TR;DL below.

#security #hacking #avast #ccleaner

https://www.forbes.com/sites/thomasbrewster/2017/09/18/ccleaner-cybersecurity-app-infected-with-backdoor/amp/

http://www.piriform.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users

https://www.wired.com/story/ccleaner-malware-supply-chain-software-security/

 

Security firm Armis has found a new vulnerability that takes advantage of our proclivity for leaving Bluetooth on always for the many devices we use on a daily basis.  By constantly scanning for devices with Bluetooth on the hack simply finds a device, connects to it, and in as little as 10 seconds takes control of your device and can even steal data from it.  Even if it wasn’t connected to anything, to begin with.  Vulnerable devices range from a host of Android devices to iOS 10 iPads and iPhones.  So it’s time to patch that device!

#security #hacking

http://lifehacker.com/stop-leaving-your-smartphones-bluetooth-on-1817176967

On the heels of Apple’s big “Look at our new stuff” show comes the news that a flaw in iOS dubbed Leaky reported in February remains unpatched by both Microsoft and Apple.

Sad part is that Microsoft doesn’t consider this flaw to be a serious issue and Apple only said that this issue should be addressed in iOS 11, to the dismay of everyone that can not upgrade to latest version.

Technical explanation and TL;DR below.

#security #hacking #Microsoft #apple

http://www.techrepublic.com/article/ios-security-alert-your-device-is-transmitting-exchange-credentials-without-any-encryption/?ftag=COS-05-10aaa0g