Lord & Taylor, Saks Breached; Atlanta Still Coping with Ransomware

02 Apr 2018 - Around the Web

Lord & Taylor, Saks Fifth Avenue Spill Millions of Payment Cards

High-end retailers Saks Fifth Avenue and Lord & Taylor suffered a data breach that exposed some 5 million customer payment cards, Hudson’s Bay Company, which owns both retailers, confirmed yesterday. The cards are currently for sale on a prominent forum for stolen credit cards, called Joker’s Stash, according to research published yesterday by data breach specialists from Gemini Advisory. Gemini Advisory claims that the entire Lord & Taylor payment network was compromised, whereas 83 Saks Fifth Avenue stores, mostly in New York and New Jersey, were compromised. As of now, Joker’s Stash has reportedly posted just 135,000 cards for sale, with plans to sell the rest of the five million cards in waves over the next few months, which is the normal strategy for Joker’s Stash. Gemini Advisory says that the breach began in May 2017. The breach is being linked to the Fin7 cybercrime group, which has been tied to Joker’s Stash releases in the past. Gemini Advisory and a wide-variety of media outlets characterize Fin7 and Joker’s Stash as the same group, although it remains unclear if this reflects reality. It is entirely possible that Fin7 is a supplier of stolen payment cards for Joker’s Stash.

 

City of Atlanta Still Reeling Nine Days After Ransomware Attack

Nearly nine days after the first infection, the city of Atlanta is still struggling to recover from a sweeping ransomware attack that affected an unknown number of city systems, according to Reuters. The Atlanta police department is said to have reverted to pen and paper record keeping in some cases, due to an inability to access certain investigative databases. The ransomware, believed to be a variant of Samas (aka SamSam), demanded $51,000 to unlock the infected machines. It is not clear what it will cost the city to recover lost data and unlock machines if they decide not pay the ransom.

More Than 28k Django Apps Expose Private Keys

Developers are running misconfigured instances of Django, a popular python framework, and creating vulnerable web applications as a result. More specifically, Brazilian security researcher Fabio Castro told Bleeping Computer that developers are forgetting to disable debug mode, which is exposing sensitive information, including AWS token and database passwords, that an attacker could use to wrest control of affected applications. Castro says that Shodan searches revealed that there are 28,165 affected applications. Victor Grevers of the GDI Foundation, who is working on information the developers of the affected applications, told Bleeping Computer that some of these applications have already been compromised.

Transform Your Siloed Security Operations into a Holistic Security Operations Program

Get in Touch Group