Security Alerts & News
by Tymoteusz A. Góral

History
#737 Checking in with spear phishing, criminals check out with hotel credit card data
Hotel chains focus on hospitality, but their security practices have made them entirely too hospitable a target for data theft. Hotels have been brutalized over the past year by a wave of point-of-sale system breaches that have exposed hundreds of thousands of guests' credit card accounts. And those attacks, as a recent episode described by Panda Security's Luis Corrons demonstrates, have become increasingly targeted—in some cases using "spear-phishing" e-mails and malware crafted specifically for the target to gain access to hotels' networks.

In one incident that was uncovered recently, the target "was a small luxury hotel chain," Corrons told Ars. "We discovered the attack, and it was really customized for the specific hotel. This was 100 percent tailored to the specific target."

The attackers used a Word document from the hotel itself—one frequently used by the hotel to allow customers to authorize credit card charges in advance of a stay. The document was actually enclosed as part of a self-extracting file, which also installed two other files on the target machine—one of them an installer for backdoor malware named "adobeUpd.dll" to disguise it and the other a Windows .cmd batch script that both opens the Word document and launches the backdoor.
Read more
#749 Attackers targeting critical SAP flaw since 2013
#748 Viking horde malware co-ops Android devices for ad fraud
#747 Microsoft zero-day exposes 100 companies to PoS attack
#746 Malware parasites feed on PerezHilton.com gossip fans
#745 Wendy’s: Credit cards breach affected 5% of restaurants
#744 Mozilla launches Test Pilot, a Firefox add-on for trying experimental new features
#743 Backdoor as a software suite: How TinyLoader distributes and upgrades PoS threats (PDF)
#742 Microsoft Patch Tuesday 2016-05-10
#741 Software security suffers as startups lose access to Google’s virus data
#740 Adobe warns of Flash zero-day, patches Acrobat
#739 Microsoft patches JScript, VBScript flaw under attack
#738 Internet Explorer zero-day exploit used in targeted attacks in South Korea
#737 Checking in with spear phishing, criminals check out with hotel credit card data
#736 IBM’s Watson supercomputer takes on security
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12