Noodles & Company Confirm Credit Card Hack

This week we hear about how Noodles & Company Confirm Credit Card Hack and how Facebook Malware Affects Thousands in Two Days.

Breach

Noodles & Company Confirm Credit Card Hack

The fast-casual restaurant chain, Noodles & Company, was affected by a security incident that affected customers who used debit or credit cards at some of their locations. It was confirmed that malicious software on retail point-of-sale systems to read account data off a credit or debit card’s magnetic stripe in real-time as customers were swiping them at the restaurant. Additional information believed to be stolen include the cardholder’s name, expiration date, and internal verification code.

References: Noodles & Company Probes Breach Claims | Noodles & Company Payment Data May Have Been Hacked | Hard Rock Las Vegas, Noodle and Co. Confirm Hacks

Mitigation Strategies:

Malware

Facebook Malware Affects Thousands in Two Days

Facebook users have been tricked into installing a malware that mimicked Facebook’s notification feature inside Facebook Messenger. It has been reported that in just two days, 10,000 users were affected. Victims received a message “from a friend,” that stated the friend mentioned them on Facebook along with a link. The link didn’t take you to a Facebook post, but it did install a trojan that allowed the victim’s Facebook account to get hijacked. A successful attack gave the hacker the ability to change privacy settings, mine data, and spread the infection through the victim’s Facebook friends.

Facebook has taken steps to slow the spreading on the malware.

References: Facebook comment tag malware scam targets Chrome users | First truly successful Facebook Messenger malware bot has been identified | Facebook malware infects 10,000 users in two days

Mitigation Strategies:

  • Anti-virus would detect file infection on the local host
  • Web filtration to prevent users from clicking on malicious websites
  • Mail filtration would scan incoming files and hyperlinks of any malicious links or code 

Top 20 IP Addresses

46.109.168.179 188.118.2.26
81.183.56.217 118.170.130.207
93.174.93.94 94.242.255.196
51.255.172.55 185.50.196.125
116.31.116.45 116.31.116.48
114.44.192.128 103.15.246.29
153.142.6.53 87.222.67.194
221.194.44.218 69.195.129.70
94.242.255.51 94.102.49.174
220.181.167.188 121.18.238.32

*IP addresses provided by Recorded Future.