A roundup of the top news stories in information security this week, including how Sonic Corp. announces a data breach impacting millions, Whole Foods suffers the latest cybersecurtity attack, Oracle patches a critical Apache Struts bug, and how Apple released a highly anticipated OS with a major flaw.



Whole Foods

DATA BREACHES

Whole Foods Suffers Data Breach Shortly After Amazon Acquisition

Whole Foods announced on Thursday that it suffered a data breach of credit card information used in taprooms and full-table service restaurants located in some of the grocery chain’s locations. An investigation has been launched into the incident, and the company is taking the “appropriate measures” to address the breach. More information will be provided once it is available.

Click here for full article.




 

AI Wired

SOLUTIONS

Artificial Intelligence May Be The Closest Silver Bullet for Businesses

As traditional firewall technology isn’t up to snuff given the evolving threat landscape, more businesses are flocking to artificial intelligence to combat malicious hackers. In a recent Q&A featured in Wired online, Darktrace CEO Nicole Eagan discusses the emergence of this technology that aims to sense bad behavior within an enterprise’s network.

 

Click here for full article.

 


Oracle

PATCHES

Oracle Security Update Addresses Vulnerabilities in Apache Struts

Flaws found in Apache Struts 2 have been addressed by the latest Oracle security update. One of the flaws, CVE-2017-9805, is deemed critical as it allows an attacker to execute malicious code remotely. The RCE vulnerability affects servers running apps built using the Struts framework and its REST communicating plugin.



Click here for full article.



SWATTER

ARREST

SWATter Sentenced After Targeting Brian Krebs Twice

A Canadian teenager was sentenced this week after making fraudulent calls to emergency services in the U.S. and Canada that sends SWAT teams to the targets’ homes. Curtis Gervais, 19, of Ottawa, Canada indulged in the thrill of “SWATting” three times, targeting investigative cybersecurity journalist Brian Krebs twice.

Click here for full article.

 




Sonic
DATA BREACH

Sonic Drive-In Chain Experiences Data Breach Exposing Customer Data

Popular fast food and drive-in chain Sonic Corp. acknowledged a data breach on Wednesday that resulted in the theft of “millions” of customer credit and debit cards. A credit card processor informed the company of “unusual activity” on payment cards used at Sonic. An investigation into the incident is currently underway.


Click here for full article.




 

DeloitteDATA BREACH

Deloitte Experiences Cyber Attack Resulting in Compromised Client Credentials

Deloitte, one of the “big four” accountancy firms, experienced a targeted cyber attacks that compromised the confidential emails and plans of some of its top clients. The clients have been told that their information was “impacted” by the hack, and the company has launched an interview review into the incident. According to The Guardian, the hack was discovered in March this year, but attackers may have had access to systems as early as October or November 2016.


Click here for full article.





Voting Machine

ELECTION HACK

21 States Report Russian State-Sponsored Hackers Targeted Their Systems

The Department of Homeland Security contacted election officials in all 50 states on Friday, indicating that 21 were targeted by Russian state-sponsored cybercriminals during the 2016 presidential election campaign. Of the 21 states targeted by attackers were swing states Florida, Ohio, and Pennsylvania. Sen. Mark Warner (D-Va.) said that “it’s unacceptable that it took almost a year after the election to notify states.”

Click here for full article.

 



Financial Trading Apps

MOBILE SECURITY

Top 21 Financial Trading Apps Feature Serious Vulnerabilities

After one security expert analyzed the top 21 financial trading apps, he discovered some serious issues that could impact users’ data. IOActive Senior Security Consultant Alejandro Hernández tested the popular apps and found that half of the applications use insecure data storage, use unchecked SSL certificates, and even send site data to logs, among other issues.

Click here for full article.

 


 

High Sierra

VULNERABILITIES

Apple’s High Sierra OS Release Comes With Critical Flaw

The highly-anticipated release of Apple’s High Sierra was successful, but it was quickly overshadowed by a critical vulnerability discovered in the new operating system. The critical bug allows an attacker to dump plaintext passwords from the macOS Keychain, according to a report by Threatpost. Synack Chief Security Researcher Patrick Wardle discovered the flaw in early September and disclosed it to Apple privately.

Click here for full article.