Category Archives: Hospitality Industry

FIN8 cybercrime group resurges with improved hacking tool

Posted on by

A financially-motivated hacking group that appeared to drop off the map a year-and-a-half ago is back with a new and improved backdoor, according to BitDefender research published Wednesday. Over the last year the criminal hacking group, known as FIN8, has primarily targeted companies in retail, technology, chemical and insurance industries with its updated point-of-sale malware, and has compromised organizations in the U.S., Canada, South Africa, Puerto Rico, Panama and Italy, according to the research. FIN8, which FireEye researchers first observed in operation in 2016, has historically targeted organizations in the retail, restaurant and hospitality industries with emails containing malicious Microsoft Word documents. The updated backdoor, known as BADHATCH, has incorporated screen capturing, proxy tunneling and fileless execution, the researchers write. The backdoor has also likely added in credential-stealing capabilities, according to the research. BitDefender does not identify which organizations have been compromised. An earlier version of BADHATCH, which researchers at […]

The post FIN8 cybercrime group resurges with improved hacking tool appeared first on CyberScoop.

Continue reading FIN8 cybercrime group resurges with improved hacking tool

Food-delivery fraudsters deploy hacked accounts, stolen credit card info to skim from orders

Posted on by

Food delivery apps have taken off during the pandemic, and it looks like fraudsters have taken notice. Fraud detection company Sift said Thursday it has seen a rash of scams within the chat app Telegram that target restaurants and delivery apps for theft. It’s a low-level grift that goes like this: The fraudsters advertise in Telegram forums that they can illicitly buy food orders at steep discounts, around 60%-75% off. Diners send a direct message with a screen shot of their food app shopping cart and delivery address. The diner then pays the fraudster for the discounted meal in cryptocurrency, and the fraudster in turn covers the full cost through a new account, stolen credit card information or a hacked account. Diners get their food at a discount, restaurants are stuck with bogus payments, and the crooks get away with a profit. And all of it happens in a chat […]

The post Food-delivery fraudsters deploy hacked accounts, stolen credit card info to skim from orders appeared first on CyberScoop.

Continue reading Food-delivery fraudsters deploy hacked accounts, stolen credit card info to skim from orders

Retail and hospitality sector fixing software flaws at a faster rate than others

Posted on by

The retail and hospitality sector is fixing software flaws at a faster rate than five other sectors, a Veracode analysis of more than 130,000 applications reveals. The ability to find and fix potential security defects quickly is a necessity, particula… Continue reading Retail and hospitality sector fixing software flaws at a faster rate than others

Travel-booking company Sabre Corp. settles with 27 states over breach of credit card data

Posted on by

Sabre Corp. will make a $2.4 million payout and shore up its cybersecurity policies under an agreement with 27 state attorneys general who investigated a breach of its hotel-booking technology. The settlement, announced Wednesday, involves a 2016 intrusion into the SynXis Central Reservation, run by the Texas-based corporation’s Sabre Hospitality Solutions subsidiary. The breach exposed the details of about 1.3 million credit cards. The attorneys general held that Sabre responded poorly to the incident, particularly in notifying people that their information might be compromised. “Sabre first failed its customers with a susceptible security system, then failed them when it came to provide proper notifications,” said New York Attorney General Letitia James. “Today’s agreement not only imposes a hefty fine on Sabre but will ensure that the company has the appropriate security and incident response plan in place so that its failure does not take place again.” In announcing the breach […]

The post Travel-booking company Sabre Corp. settles with 27 states over breach of credit card data appeared first on CyberScoop.

Continue reading Travel-booking company Sabre Corp. settles with 27 states over breach of credit card data

Well-developed backdoor can harvest information from restaurants, bars and hotels, researchers say

Posted on by

Restaurants, bars and hotels are taking a big hit from the coronavirus pandemic, but they still can be inviting targets for cybercriminals. A point-of-sale-system widely used in the hospitality industry to process credit card payments and other transactions — ORACLE MICROS Restaurant Enterprise Series (RES) 3700 — is vulnerable to a backdoor that allows attackers to see some of the information in the system’s databases, according to researchers at Slovakia-based cybersecurity company ESET. The researchers stress that highly sensitive pieces of information — such as credit card numbers and expiration dates – do not appear to be vulnerable to the malware, which they’re calling ModPipe. The malicious software, for now, harvests only “data stored in the clear,” ESET says, including cardholder names. But ModPipe potentially could be the conduit for more harmful malware, given that it is modular — meaning that it’s designed for attackers to swap features in and out. […]

The post Well-developed backdoor can harvest information from restaurants, bars and hotels, researchers say appeared first on CyberScoop.

Continue reading Well-developed backdoor can harvest information from restaurants, bars and hotels, researchers say

Mews grabs $33M Series B to modernize hotel administration

Posted on by

If you think about the traditional hotel business, there hasn’t been a ton of innovation. You mostly still stand in a line to check in, and sometimes even to check out. You let the staff know about your desire for privacy with a sign on the door. Mews believes it’s time to rethink how hotels […] Continue reading Mews grabs $33M Series B to modernize hotel administration

More_eggs, Anyone? Threat Actor ITG08 Strikes Again

Posted on by

Reading Time: 14 minutes X-Force IRIS observed ITG08, which has historically targeted POS machines in the retail and hospitality sectors, injecting malicious code into online checkout pages to steal payment card data.

The post More_eggs, Anyone? Threat Actor ITG08 Strikes Again appeared first on Security Intelligence.

Continue reading More_eggs, Anyone? Threat Actor ITG08 Strikes Again

Marriott CEO reveals more details about the massive data breach

Posted on by

Last Thursday, Equifax CEO Mark Begor and Arne Sorenson, the CEO of Marriott International, appeared before a US Senate subcommittee to testify about the massive data breaches their companies have suffered. While Begor’s statement was more about … Continue reading Marriott CEO reveals more details about the massive data breach

How Alex Rombak Uses His Hospitality Background to Provide Top Tier Technical Support

Posted on by

Alex Rombak has heard your jokes about tech support, and he doesn’t mind. He knows the important role he plays in supply chain security, supporting financial institutions when things go wrong.

The post How Alex Rombak Uses His Hospitality Background to Provide Top Tier Technical Support appeared first on Security Intelligence.

Continue reading How Alex Rombak Uses His Hospitality Background to Provide Top Tier Technical Support

How cybercriminals abuse the travel and hospitality industry

Posted on by

The travel and hospitality industry suffers billions of losses each year due to fraud. “With the right combination of other underground services (compromised accounts, credit cards, etc.) it is possible to cover almost every aspect of the holiday… Continue reading How cybercriminals abuse the travel and hospitality industry