How much did that sandwich really cost you?
On July 4, payment kiosk vendor Avanti Markets which installs self-service payment devices into corporate break rooms across America, suffered an embarrassing security breach.
According to investigator Brian Krebs who first reported the news, the systems of the company were infected by a malware that stole customer data including names, e-mail addresses, credit card accounts as well as biometric data.
Robert Brown, Director of Services said, “Attacks like this are evidence of the diversity used by attackers to collect both company and personal data. Any device with an operating system and software needs to be updated for compliance. Devices with outdated software or missing operating system updates are much easier to exploit, and in this case has the potential to expose millions of personal details including credit card information.”
The company admitted the breach and it is informing people that their data were exposed:
“On July 4, 2017, we discovered a sophisticated malware attack which affected kiosks at some Avanti Markets. Based on our investigation thus far, it appears the attackers utilized the malware to gain unauthorized access to customer personal information from some kiosks. Because not all of our kiosks are configured or used the same way, personal information on some kiosks may have been adversely affected, while other kiosks may not have been affected.”
Mind the Gap!
Since the outbreak of WannaCry, NotPetya and other threats this year, have you wondered where the gaps in your security are? It may surprise you to learn this, but most IT professionals have an outdated view of their own security.
Many believe they will never be targeted, and that is a big problem. This leads to a lack of planning when they are exposed, and most likely leads to an extended loss of data or worse – paying the ransom, and possibly paying it with their jobs.
Uninformed or careless employees are one of the most likely causes of a cybersecurity incident — second only to malware. While malware is becoming more sophisticated, the reality is that the human factor can pose an even greater danger. In particular, employee carelessness is one of the biggest chinks in corporate cybersecurity armor when it comes to targeted attacks, the IT security product firm says.
While advanced hackers might always use custom-made malware and hi-tech techniques to plan a heist, they will likely start with exploiting the easiest entry point – human nature.
We have chosen a few updates to prioritize this month, this recommendation has been made using evidence from industry experts (including our own), anticipated business impact and the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.
|CVE ID||Vulnerability Alert||CVSS Base Score||Recommended|
|CVE-2017-8584||Microsoft Windows Hololens Arbitrary Code Execution Vulnerability||10||YES|
|CVE-2017-8589||Microsoft Windows Search Arbitrary Code Execution Vulnerability||10||YES|
|CVE-2017-8588||Microsoft Windows WordPad Arbitrary Code Execution Vulnerability||9.6||YES|
|CVE-2017-8590||Microsoft Windows Common Log File System Privilege Escalation Vulnerability||9.3||YES|
|CVE-2017-0243||Microsoft Office Remote Code Execution Vulnerability||7.8||YES|
|CVE-2017-8501||Microsoft Office Memory Corruption Vulnerability||7.8||YES|
|CVE-2017-8502||Microsoft Office Memory Corruption Vulnerability||7.8||YES|
|CVE-2017-8570||Microsoft Office Arbitrary Code Execution Vulnerability||7.8||YES|
Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.