Most Chipotle restaurants hacked with credit card stealing malware

The company first acknowledged the breach on April 25. But a blog post on Friday revealed the kind of malware used in the attack and the restaurants that were affected.

The list of attacked locations is extensive and includes many major U.S. cities. When CNNMoney asked the company Sunday about the scale of the attack, spokesman Chris Arnold said that “most, but not all restaurants may have been involved.”

Chipotle (CMG) said in its blog post that it worked with law enforcement officials and cybersecurity firms on an investigation.

The breaches happened between March 24 and April 18. The malware worked by infecting cash registers and capturing information stored on the magnetic strip on credit cards, called “track data.” Chipotle said track data sometimes includes the cardholder’s name, card number, expiration date and internal verification code.

The company said there is “no indication” that other personal information was stolen.

“During the investigation we removed the malware, and we continue to work with cyber security firms to evaluate ways to enhance our security measures,” the blog post reads.

A list of the restaurants and times they were affected can be found on Chipotle’s website.

The company recommended that customers scan their credit card statements for potentially fraudulent purchases. It also said victims should contact the Federal Trade Commission, the attorney general in their home states or their local police department.

Microsoft’s Tough Friday: Software giant battles hackers, malware, and a cloud outage

While workers at many companies were ending their work week Friday, Microsoft techs were scrambling to put out operational fires.

Late on Friday afternoon, Microsoft discovered that its worldwide Azure cloud service had gone offline when an expired security certificate prevented users from accessing the network.

Meanwhile, the company also discovered that a malware infection already discovered on internal computers at Facebook, Apple, and Twitter had crept into its in-house systems, too.

Azure fails

All encrypted traffic on Azure was disrupted when an SSL certificate expired, Microsoftexplained at a company website. Unencrypted traffic was unaffected by the certificate snafu, the company added.

Service was almost totally restored by Saturday morning.

While the outage caused lots of grumbling on Microsoft’s online forums, contributor Brian Reischl accepted the mishap with a wry sense of humor.

“Might want to fix that, ASAP,” he wrote after a “certificate expired” message appeared on his computer screen. “It also wouldn’t hurt to put a sticky note on someone’s monitor so they remember to update that before it expires next time.

Outages aren’t new to Azure users. A year ago, the system went down. A certificate was the root cause of that outage, too. In addition, Western European users lost service due to a configuration issues in July 2012.  Read More

World’s largest oil producer: 30K workstations fell victim to cyber attack

It’s nearly a plot line from the movies: World’s largest oil producer gets hit by a cyber-attack that threatens to wipe away all data from its internal computers. But largely, this is the situation Saudi Aramco described today.

The Saudi Arabia-based, industry leader released a statement confirming  roughly 30,000 workstations were affected via cyber attack in mid-August. Details beyond that were scarce—Saudi Aramco said the virus “originated from external sources” and that their investigation into it was ongoing. There was no mention of whether this was related to this month’s Shamoon attacks.

The company said it cleansed its workstations and resumed operations for its internal network today. They also added that oil exploration and production were unaffected because those networks were separate systems. Reuters attempted to reach out to the company further but saw its e-mails bounced back. The news outlet also noticed one of the company’s sites taken down by attacks remained non-operational (aramaco.com).

The mid-August attack on Saudi Aramco came during the same week when security researchers identified the Shamoon attacks mentioned above. Researchers saw those as a copycat to a malware known as Wiper, which reportedly attacked Iran’s oil ministry in April. Researchers were reluctant name targets of the Shamoon attacks at that time however.  Read More

Massive ‘Flame’ Malware Stealing Data Across Middle East

By Chloe Albanesiu

Researchers at Kaspersky Lab have uncovered a massive cyber threat, dubbed Flame, that is targeting “sensitive” information across the Middle East.

The malware, Kaspersky said, “might be the most sophisticated cyber weapon yet unleashed.”

Once deployed, Flame can sniff network traffic, take screenshots, record audio conversations, intercept a keyboard, and more, Kaspersky said. All of this data is then available via Flame’s command-and-control servers.

Iran has thus far been hardest hit by Flame, with at least 189 infections. Israel/Palestine came in second with 98, followed by Sudan (32), Syria (30), Lebanon (18), Saudi Arabia (10), and Egypt (5).

Kaspersky has not identified any specific organization that Flame is targeting. “From the initial analysis, it looks like the creators of Flame are simply looking for any kind of intelligence – emails, documents, messages, discussions inside sensitive locations, pretty much everything,” Kaspersky’s Alexander Gostev wrote in a blog post. “We have not seen any specific signs indicating a particular target such as the energy industry – making us believe it’s a complete attack toolkit designed for general cyber-espionage purposes.”  Read More

Facebook Enlists InfoSec Mavens for Big Malware Vaccination

Constant hammering by hackers and mutilation by malware have motivated Facebook to enact new security measures.

It’s now incorporating the malicious URL databases from Microsoft (Nasdaq: MSFT), McAfee, Trend Micro (Nasdaq: TMIC), Sophos and Symantec (Nasdaq: SYMC) into its URL blacklist system, which scans trillions of clicks a day.

The social networking giant has also launched an antivirus marketplace from which users can download full versions of these companies’ AV offerings at no charge.

“The vendors mentioned represent a substantial portion of the installed antimalware base,” Aryeh Goretsky, a Distinguished Researcher at ESET, told TechNewsWorld.

“We are actively looking for new partners and are continually looking to expand our URL database,” Facebook spokesperson Johanna Peace told TechNewsWorld.  Read More

Infected Computers to Lose Web Access When FBI Band-Aid Falls Off

Come July 9, about 350,000 computers in the United States alone may lose access to the Internet because they had previously been infected with DNSChanger malware.

The malware stealthily redirected victims accessing various websites to rogue servers controlled by a cybercriminal ring.

Six of the seven alleged cybercrooks were arrested in November as part of a two-year operation by the United States FBI and foreign law enforcement agencies. They have been charged in a New York court.

The FBI then obtained a court order authorizing the Internet Systems Consortium to deploy and maintain clean DNS servers until July 9.

It also took other actions, including setting up a page you can use to see whether your DNS address is among those affected.

Owners of computers at risk are mainly responsible for fixing the problem because “if a business or consumer doesn’t know there’s a problem, it’s a symptom of ignorance, and fixing the problem for them this time does nothing to address the long-term problem of failing to learn to use a computer securely,” Randy Abrams, an independent security consultant, told TechNewsWorld.  Read More