Dickey’s Barbecue chain hacked, Barnes and Noble notifies customers and beware of this Windows Update scam.
Welcome to Cyber Security Today. It’s Friday October 16th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
A cybersecurity consultancy called Gemini Advisory says stolen payment card data from customers of Dickey’s Barbecue Pit in the United States is being offered for sale on a criminal marketplace. An analysis of the data indicates those victimized swiped their payment cards to pay for meals. I’ve warned about this before: Swiping your credit or debit card is a risky habit. Payment machines can be compromised and read those black stripes with personal information on the back. If you have a card with a special chip, insert it in the bottom of the reader. Don’t swipe. If your card doesn’t have a chip, consider changing your payment card company. The gang selling the Dickey’s data says it has a database of 3 million compromised cards. Gemini Advisory has looked at the data and says it comes from Dickey’s restaurants in 30 U. S. states, particularly California and Arizona.
American bookseller Barnes and Noble is advising customers it suffered a cyberattack last weekend. Several news outlets said customers are being sent an email that their names, email addresses, billing addresses and shipping addresses may have been copied by crooks. No payment card information was accessed. It isn’t known how many victims there were.
Police in 16 countries have arrested 20 people suspected of belonging to the QQAAZZ criminal network. This particular gang’s job was to launder millions of dollars stolen by cybercriminals from bank accounts of victims and ATMs. This was done by registering bank accounts in the names of dozens of shell companies and running the stolen money through them. For their services the gang charged a fee. The Europol police co-operative said Thursday that 40 house searches were carried out in Latvia, Bulgaria, the United Kingdom, Spain and Italy. Charges were laid against people in the U.S., Portugal, the United Kingdom and Spain.
As I’ve reported before, some email scams ask you to enable editing or macros in a word processor or spreadsheet after clicking on an attachment. Victims think that’s so the document can be read. Actually, it’s so the document can install malware. You should always have this capability turned off in your productivity suites so malware doesn’t install automatically. Scammers create messages with all sorts of excuses why you should enable editing or macros: The document was created in a different version Microsoft Office, it or it was created in Protected View or the information is sensitive. According to the ZDNet news service, there’s a new scam: The email pretends to be from Windows Update saying the Office app needs to be updated. And the way to do that is by clicking the Enable Editing button. Please don’t fall for this scam.
Finally, I’m adding a new podcast this afternoon. Called the Week in Review, a guest expert and I discuss the week’s headlines. My guest this week is Dinah Davis of Arctic Wolf Networks. Listen in after 3 pm Eastern, or over the weekend.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.