Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.
Big items to consider: VTech confirms their Learning Lodge app store was breached leaving 4.8 million records compromised. Paysafe Group confirms user accounts were compromised, information for 3.6 million Neteller accounts and 4.2 million Skrill users were leaked. InfoArmor warns the current version of “Pro PoS Solution,” a point of sale malware, is actively being used in attacks in US and Canada specifically. Finally, the most hackable devices are connected devices including tablets, smart phones, and drones.
Hong Kong-based toy maker VTech confirmed that their Learning Lodge app store database had been compromised. VTech wasn’t aware the records were compromised until a reporter for Motherboard contacted them about the data on November 24. Shortly after contact was made, the company confirmed the breach, which occurred on November 14. The person responsible for the act, who shared the information with Motherboard, said they didn’t plan on doing anything with the data. The compromised database did contain 4.8 million records including names, email addresses, passwords, and home addresses. This information belongs to the parents of children who bought VTech products and needed to provide it as part of a registration process for the Learning Lodge app store.
Earlier this month, Forbes revealed two databases had been leaked from major gambling payment providers Neteller and Moneybookers (now called Skrill), affecting 4.5 million and 3.6 million customers respectively. Personal information – including answers to secret password recovery questions, addresses, telephone numbers and birth dates – were found in the databases. Unaware that hackers had made off with so much data, the owner of both Neteller and Moneybookers, Optimal Payments (now called Paysafe Group), kicked off a fresh investigation. Today, the newly-branded Paysafe Group confirmed in a London Stock Exchange announcement those figures were a little higher than the reality, saying information related to 3.6 million Neteller accounts and 4.2 million Skrill users were leaked. Both related to 2009 and 2010 attacks previously detailed by Forbes.
Cybercrooks are selling a new strain of potent Point of Sale malware through underground forums. “Pro PoS” weights in at just 76KB and packs mechanisms to frustrate antivirus analysis, as well as root-kit functionality, according to threat intelligence firm InfoArmor. Developers of the malware also integrated a polymorphic engine, so that each build has different signatures, for added stealth and as a measure designed to foil security defences. InfoArmor warns that the current version of “Pro PoS Solution” is in active use in attacks against retailers and SMBs in the US and Canada specifically. The malware was put together by eastern European coders.
There are now more than 3 billion connected devices in use by consumers, according to Gartner, and this number will increase to 4 billion next year. A big chunk of that increase will come as a result of the holiday season, when 65 percent of Americans say they plan to buy consumer electronics gifts, according to an October report by the Consumer Electronics Association. Many of these gifts are likely to be connected devices, including smart TVs, tablets, smartphones, notebooks and laptops, and video game consoles. In addition, a third of all consumers — 33 percent — plan to buy an emerging technology product this year such as as smart home devices, wearable fitness trackers, smart watches, and drones. Unfortunately, many of these devices will make homes more vulnerable to hackers.