FYI...'ChewBacca' hacks targeted retailers in 11 countries: RSA
Jan 31, 2014 - "A cyber criminal ring targeting small retailers in 11 countries stole data on 49,000 payment cards using a malicious software
known as "ChewBacca" before the operation was shut down... RSA FirstWatch disclosed the attacks on Thursday on its website. It said the firm's researchers uncovered the ring, whose victims included small companies in the United States, Russia, Canada and Australia. They managed to steal details from some 24 million payment card transactions
over about two months, according to RSA... The findings from RSA show that the recent spate of attacks extend outside the United States. "The end game is to gain credit card information, so the hackers are going to go wherever it is easiest to get that information," said Will Gragido, senior manager with RSA FirstWatch, the threat research arm of RSA Security. He said his firm provided the FBI with data on the "ChewBacca" operation, including the location of a command-and-control server used by the hackers on Wednesday. That server was shut down on Thursday, according to Gragido... RSA said the hackers used a relatively new piece of malicious software known as -ChewBacca-
designed to infect computers such as the point-of-sales systems that process credit card transactions."
Jan 30, 2014
___Yahoo reports breach of some user accounts
30 Jan 2014 | 5:33 PM ET - "Yahoo reported on Thursday that some of its users' e-mail accounts may have been targeted in a security breach of a third-party database... The company notified users that may have been affected
to reset their passwords. It has also implemented a second sign-in verification to allow users to re-secure their accounts..."
Jan 30, 2014
Last Updated: 2014-01-31 00:43:22 UTC
- https://help.yahoo.com/kb/SLN2080.htmlPassword Re-Use is the Problem
Jan 31, 2014
___Hotel Franchise Firm White Lodging Investigates Breach
Jan 31, 2014 - "White Lodging, a company that maintains hotel franchises under nationwide brands including Hilton, Marriott, Sheraton and Westin appears to have suffered a data breach that exposed credit and debit card information on thousands of guests throughout much of 2013... Earlier this month, multiple sources in the banking industry began sharing data indicating that they were seeing a pattern of fraud on hundreds of cards that were all previously used at Marriott hotels from roughly March 23, 2013 on through the end of last year. But those sames sources said they were puzzled by the pattern of fraud, because it was seen only at specific Marriott hotels, including locations in Austin, Chicago Denver, Los Angeles, Louisville and Tampa. Turns out, the common thread among all of those Marriott locations is that they are managed by Merrillville, Indiana-based White Lodging Services Corporation, which bills itself as “a fully-integrated owner, developer and manager of premium brand hotels.” According to the company’s Web site, White Lodging’s property portfolio includes 168 full service hotels in 21 states, with more than 30 restaurants. White Lodging declined to offer many details, saying in an emailed statement that “an investigation is in progress, and we will provide meaningful information as soon as it becomes available.” Marriott also issued a statement, noting that “one of its franchisees has experienced unusual fraud patterns in connection with it systems that process credit card transactions at a number of hotels across a range of brands, including some Marriott-branded hotels... Sources say the breach appears to have affected mainly restaurants, gift shops and other establishments within hotels managed by White Lodging — not the property management systems that run the hotel front desk computers which handle guests checking in and out. In the case of Marriott, for example, all Marriott establishments operated as a franchise must use Marriott’s property management system. As a result, the breach impacted only those Marriott guests who used their cards at White Lodging-managed gift shops and restaurants
Feb 3, 2014 - "Officials of White Lodging Services Corporation, an independent hotel management company, announce the suspected breach of point of sales systems from the period March 20 - December 16, 2013 at food and beverage outlets
, such as restaurants and lounges, at 14 properties..."