Convenience store chain Wawa has disclosed a data breach that occurred from March 2019 to December 2019. Malware was detected and then removed from its payment processing servers by their information security team. Payment information, including credit and debit card numbers, expiration dates, and cardholder names were included in this breach. Wawa is offering one year of identity theft protection for affected cardholders.
Category: Security
Ring states that its services have not been compromised by hackers
Video camera maker Ring released a statement specifying that its customer accounts have not been compromised by hackers. A small number of Ring customers had Ring home video cameras accessed by third parties using login credentials that were previously made available in data breaches from other companies and websites. Ring recommended setting up two-factor authentication, not reusing passwords for multiple websites, and other security measures to its customers.
Microsoft releases security updates for Remote Desktop Services
Microsoft has released updates to fix a security issue for Remote Desktop Services on Windows 10, 7, and 8.1, as well as Windows Server 2008 and 2012. Windows 10 Home and Windows 10 Pro computers will be updated automatically as part of the standard Windows Update process.
Microarchitectural Data Sampling (MDS) security vulnerability in CPUs
Intel released information regarding a new set of CPU vulnerabilities called Microarchitectural Data Sampling (MDS). A list of affected Intel products may be found here.
Updates are available from major technology companies for this issue, including:
AMD states that their CPUS are not affected by this vulnerability.
Docker security incident
Docker became aware that a single Docker Hub database was unsecured on April 25th 2019. The security issue was resolved and Docker is continuing to investigate this matter. An estimated 190,000 accounts may have been affected and those passwords were reset and user tokens and access keys were revoked.
Google offers free replacement BLE Titan Security Keys for security issue
Google issued a security notice on its Bluetooth Low Energy (BLE) Titan Security Keys and is offering a free replacement for affected keys. A new key may be requested at google.com/replacemykey.
Microsoft releases Remote Desktop Services update for older Windows versions
Microsoft found a security vulnerability in Remote Desktop Services or Terminal Services for older versions of Windows and has released updates. This does not affect the Remote Desktop Protocol (RDP). The issue was logged as CVE-2019-0708.
Data breach lists and identity theft victim resources
Some of the more comprehensive lists of known data breaches include:
- USA Today list of largest data breaches and hacks
- CNN.com – biggest data breaches in history
- Bloomberg.com – worst corporate hacks list
- Wikipedia data breach list
- State of California data breaches list
Identity theft victims can receive advice from these websites:
Facebook stored millions of unencrypted user passwords on internal servers
Facebook released a notice in March 2019 stating several million user passwords were kept in a readable unencrypted format on their own internal servers. However, Facebook maintains that this data was never publicly available or misused and will notify individual users affected by this issue.
Apple disables FaceTime until security bug is fixed
Update: Apple released iOS 12.1.4 on February 7, 2019 to fix the FaceTime issue. FaceTime is now available at the Apple System Status page.
USA Today and the Washington Post have reported that some iPhone FaceTime users have been able to listen to people they are calling before the call is answered. FaceTime runs on iPhones and iPads running iOS 12.1 as well as Macs running macOS Mojave.
Apple is currently working on a fix for this security issue. FaceTime has been temporarily taken down as noted on the Apple System Status page.