10Fold – Security Never Sleeps – 39

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Twelve Chicago area restaurants have been comprised by a malicious program installed on their payment processing devices. The security firm responsible for finding the ‘cesspit’ vulnerability on eBay’s global sales platform has released a statement saying eBay has yet to fix this vulnerability and makes no plan to in the near future. Melbourn Health Center is still struggling with the QBot that infiltrated the pathology department and drown the system forcing staff to do all processes manually. Lastly, a Forbes insider interview takes a look a what is happening to cybersecurity firm Norse.

12 Chicago Area Restaurants Affected by Massive Credit Card Data Breach – Publication: NBC – Reporter name: Staff

Secure credit card information was compromised at a dozen Chicago area restaurant locations during a massive data breach at Landry’s restaurants and Golden Nugget Casinos nationwide. Findings showed that hackers were able to install a program on payment card processing devices at certain restaurants, food and beverage outlets, spas, entertainment destinations, and managed properties.


Update: eBay ‘cesspit’ has ‘no plans’ to fix severe vulnerability – Publication: SC Magazine – Reporter name: Max Metzger

eBay will apparently not be fixing a ‘severe vulnerability’ on the company’s global sales platform. Check Point Software’s research team apparently disclosed details of just such a vulnerability in mid-December last year.  This ‘severe vulnerability’ allows the bypass of the global bidding platform’s code validation, from which point, any wilful attacker can manipulate the vulnerable code remotely and release malicious javascript code on users. If the vulnerability is left unpatched, Check Point told press in a statement “eBay’s customers will continue to be exposed to potential phishing attacks and data theft.”


Melbourne Health still grappling with Qbot malware – Publication: IT News – Reporter name: Allie Coyne

Melbourne Health is still working to contain a dangerous strain of malware that attacked its systems more than two weeks ago due to the virus’ ability to mutate and hide itself from discovery. On January 18 the health network revealed malicious software had infected Windows XP computers through Royal Melbourne Hospital’s pathology department. The malware downed the hospital’s pathology systems and forced staff into manual workarounds.


Norse Founder Doesn’t Know Whether His Cybersecurity Business Is Still Alive – Publication: Forbes – Reporter name: Thomas Fox-Brewster

The company website is down and a report claiming the firm is imploding might well have hammered down the final nail in the coffin for an information security startup that appeared to be on the up with more than $40 million in VC investment to date. Such is the chaos at Norse, even co-founder and current CTO Tommy Stiansen is in the dark, telling FORBES today he didn’t know whether the firm he set up in 2011 would continue to operate. When asked if the company was still alive, Stiansen responded: “I currently don’t have any view over what’s going on… I haven’t heard anything.”