There are reports that fast-food chain Wendy’s has been hacked. Wendy’s spokesman Bob Bertini has stated that they are investigating reports of unusual payment card activities used at some of their locations. “We have been working with our payment industry contacts since recently learning of these reports and we have launched a comprehensive investigation with the help of cybersecurity experts to gather facts, while working to protect our customers,” he said in an email.
The real story here is with Wendy’s swiping terminals. Mastercard, Visa and American Express along with other card providers have been pushing US merchants to change their swipe terminals to the new EMV chip terminals by October 31 of last year. Merchants that are not compliant face much higher liability risk if they suffer a data breach. If it turns out Wendy’s was indeed breached, this will be the first time the new liability processes will be tested in a large scale.
Fortinet has acknowledged that an SSH backdoor detected in some of its products exists in some of the company’s new products as well. The accounts with a hardcoded password are “remote management” features, according to Fortinet.
This vulnerability has been heavily probed and it needs to be addressed as soon as possible. An exploit is trivial if the attacker is able to connect to a vulnerable firewall.
As some of you know, web browser vendors are slowly moving away from supporting web browser plugins, eliminating the ability to embed Flash, Silverlight, Java and other plugin based technologies. This is a very good thing for all of us. Plugins such as Flash Player and Java account for the vast majority of drive by infections because of all the programming errors that exist within the code base.
Oracle has stated that it is finally migrating away from browser plugins for Java and moving developers to their new Java Web Start technology. Unless you need Java for specific applications, it should be removed from all machines.
Oracle plans to deprecate the Java browser plugin in JDK 9. This technology will be removed from the Oracle JDK and JRE in a future Java SE release.
Early Access releases of JDK 9 are available for download and testing at https://jdk9.java.net/. More background and information about different migration options can be found in this short whitepaper from Oracle.
https://blogs.oracle.com/java-platform-group/entry/moving_to_a_plugin_free
Organizations heavily invested in the Microsoft ecosystem face an interesting decision when selecting endpoint protection.…
Choosing the right endpoint security solution can make the difference between stopping a breach early…
Cyber threats have become so sophisticated that detecting them requires more than just installing antivirus…
Modern organizations face relentless cyber threats from multiple directions—ransomware gangs, nation-state actors, insider threats, and…
You've invested significantly in security tools over the years. Firewalls, endpoint protection, email security, network…
Cybersecurity teams face an overwhelming challenge: how do you spot a genuine threat when your…