Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.
Big items to consider: New information released on the Hyatt data breach shows that 250 hotels worldwide and 100 US hotels were infected with the point of sale malware from July all the way to December 2015. Updates on the Mac vulnerability, gatekeeper, shows that it is still an ongoing threat to macs because of how easy the malware workaround is. EU court ruling declared that employees private messages can be accessed and read by the employer completely legally. Lastly, a blog written by Brian Krebs that illustrated the threat that ransomware has on cloud services and those who hold all their information in the cloud face.
Hyatt said Thursday that it found malicious software in about 250 of its hotels that may have exposed customers’ credit- and debit-card numbers and other information to hackers. It’s the first time the hotel operator has listed the hotels affected since it announced it found malware at its hotels in December. Hyatt said the malware was found at many of its brands, including the Park Hyatt, Hyatt Regency and Andaz. About 100 of the hotels affected were in the U.S. The rest were abroad in cities including London, Paris and Shanghai.
In September, Ars reported a drop-dead simple exploit that completely bypassed an OS X security feature known as Gatekeeper. Apple shipped a fix, but now the security researcher who discovered the original vulnerability said he found an equally obvious work-around. Patrick Wardle said the security fix consisted of blacklisting a small number of known files he privately reported to Apple that could be repackaged to install malicious software on Macs, even when Gatekeeper is set to its most restrictive setting. Wardle was able to revive his attack with little effort by finding a new Apple trusted file that hadn’t been blocked by the Apple update.
Employers in the European Union can read employees’ private messages sent via online chat and webmail accounts during working hours, EU judges have ruled. The European Court of Human Rights (ECHR) said that a Romanian employer firm that read a worker’s Yahoo Messenger chats sent while he was at work was within its rights. According to the BBC, the employee, an engineer, “had hoped the court would rule that his employer had breached his right to confidential correspondence when it accessed his messages and subsequently sacked him in 2007.”
Ransomware — malicious software that encrypts the victim’s files and holds them hostage unless and until the victim pays a ransom in Bitcoin — has emerged as a potent and increasingly common threat online. But many Internet users are unaware that ransomware also can just as easily seize control over files stored on cloud services. More importantly, the malware that scrambled their files — a strain of ransomware called TeslaCrypt, contained a coding weakness that has allowed security and antivirus firms to help victims decrypt the files without paying the ransom. Users over at the computer help forum BleepingComputer have created TeslaDecoder, which allows victims to decrypt files locked by TeslaCrypt.