A roundup of the top news stories in information security this week, including how Sonic Corp. announces a data breach impacting millions, Whole Foods suffers the latest cybersecurtity attack, Oracle patches a critical Apache Struts bug, and how Apple released a highly anticipated OS with a major flaw.
Whole Foods Suffers Data Breach Shortly After Amazon Acquisition
Whole Foods announced on Thursday that it suffered a data breach of credit card information used in taprooms and full-table service restaurants located in some of the grocery chain’s locations. An investigation has been launched into the incident, and the company is taking the “appropriate measures” to address the breach. More information will be provided once it is available.
Artificial Intelligence May Be The Closest Silver Bullet for Businesses
As traditional firewall technology isn’t up to snuff given the evolving threat landscape, more businesses are flocking to artificial intelligence to combat malicious hackers. In a recent Q&A featured in Wired online, Darktrace CEO Nicole Eagan discusses the emergence of this technology that aims to sense bad behavior within an enterprise’s network.
Oracle Security Update Addresses Vulnerabilities in Apache Struts
Flaws found in Apache Struts 2 have been addressed by the latest Oracle security update. One of the flaws, CVE-2017-9805, is deemed critical as it allows an attacker to execute malicious code remotely. The RCE vulnerability affects servers running apps built using the Struts framework and its REST communicating plugin.
SWATter Sentenced After Targeting Brian Krebs Twice
A Canadian teenager was sentenced this week after making fraudulent calls to emergency services in the U.S. and Canada that sends SWAT teams to the targets’ homes. Curtis Gervais, 19, of Ottawa, Canada indulged in the thrill of “SWATting” three times, targeting investigative cybersecurity journalist Brian Krebs twice.
Sonic Drive-In Chain Experiences Data Breach Exposing Customer Data
Popular fast food and drive-in chain Sonic Corp. acknowledged a data breach on Wednesday that resulted in the theft of “millions” of customer credit and debit cards. A credit card processor informed the company of “unusual activity” on payment cards used at Sonic. An investigation into the incident is currently underway.
Deloitte Experiences Cyber Attack Resulting in Compromised Client Credentials
Deloitte, one of the “big four” accountancy firms, experienced a targeted cyber attacks that compromised the confidential emails and plans of some of its top clients. The clients have been told that their information was “impacted” by the hack, and the company has launched an interview review into the incident. According to The Guardian, the hack was discovered in March this year, but attackers may have had access to systems as early as October or November 2016.
21 States Report Russian State-Sponsored Hackers Targeted Their Systems
The Department of Homeland Security contacted election officials in all 50 states on Friday, indicating that 21 were targeted by Russian state-sponsored cybercriminals during the 2016 presidential election campaign. Of the 21 states targeted by attackers were swing states Florida, Ohio, and Pennsylvania. Sen. Mark Warner (D-Va.) said that “it’s unacceptable that it took almost a year after the election to notify states.”
Top 21 Financial Trading Apps Feature Serious Vulnerabilities
After one security expert analyzed the top 21 financial trading apps, he discovered some serious issues that could impact users’ data. IOActive Senior Security Consultant Alejandro Hernández tested the popular apps and found that half of the applications use insecure data storage, use unchecked SSL certificates, and even send site data to logs, among other issues.
Apple’s High Sierra OS Release Comes With Critical Flaw
The highly-anticipated release of Apple’s High Sierra was successful, but it was quickly overshadowed by a critical vulnerability discovered in the new operating system. The critical bug allows an attacker to dump plaintext passwords from the macOS Keychain, according to a report by Threatpost. Synack Chief Security Researcher Patrick Wardle discovered the flaw in early September and disclosed it to Apple privately.