Security Bytes: Phishers exploit MasterCard breach

Elsewhere, Trojans attack Britain and security holes are found in the Opera browser, SpamAssassin.

Phishers taking advantage of MasterCard hack If you see e-mails that look like they're coming from MasterCard,

think twice before clicking the link. Phishers are trying to take advantage of people preoccupied with the recent data breach that exposed 40 million credit cards to fraud.

San Jose, Calif.-based Secure Computing Corp. said it started seeing messages like this over the weekend:

Dear User,

During our regular update and verification of the accounts, we couldn't verify your current information. Either your information has changed or it is incomplete. If the account information is not updated to current information within 5 days then, your access will be restricted. Go to this link below or copy and paste it on your addresse tool bar.

http://www.mastercard-new-register.com

***Please Do Not Reply To This E-Mail As You Will Not Receive A Response***

Thank you

Accounts Managent

MasterCard International acknowledged Friday that a security breach had exposed about 40 million payment cards of various brands to potential fraud. It's the biggest such privacy violation ever reported, and MasterCard said some amount of fraud tied to the breach had been detected. According to the Reuters news agency, MasterCard, the second-biggest credit card group behind Visa, said about 13.9 million of the payment cards at risk are MasterCard-branded cards.

"We have spotted some fraud ... but it's proportionately very small," MasterCard spokeswoman Jessica Antle told Reuters. She declined to provide monetary estimates of the extent of the fraud. Antle said credit card information with names, account numbers and expiration dates of about 70,000 MasterCard credit card holders had so far been found to have been taken out of a database system run by CardSystems Solutions Inc., which processes transactions for MasterCard, Reuters reported.

CardSystems processes more than $15 billion a year in online transactions and with credit card issuers Visa, MasterCard, American Express and Discover, according to the company's Web site. Antle told Reuters the data compromised in CardSystems' database was names, account numbers and card expiration dates, but not Social Security numbers and home addresses. Social Security numbers, dates of birth and the like are not stored on MasterCard cards, the company said.

MasterCard learned of the breach in late May and said it immediately notified its financial members so they could take measures to protect their cardholders, Reuters reported. The FBI was also informed and launched an investigation that continues, Antle said. The roughly 40 million credit cards exposed exceeds the population of California, the most populous U.S. state. There are 1.1 billion credit cards in circulation in the United States, according to the Nilson report which tracks the credit card industry.

Trojans attack British systems
British cybersecurity officials warn that the UK is under a massive Trojan attack. Britain's National Infrastructure Security Coordination Centre [NISCC] issued an advisory Thursday saying attackers are targeting government and company systems with Trojan-laden e-mails.

"The attackers' aim appears to be covert gathering and transmitting of commercially or economically valuable information," the NISCC said. "Trojans are delivered either in e-mail attachments or through links to a Web site. The e-mails employ social engineering, including use of a spoofed sender address and information relevant to the recipient's job or interests to entice them into opening the documents."

Once installed on a machine, the Trojans may be used to steal passwords, scan networks, extract information and launch further attacks, NISCC said. "Antivirus software and firewalls do not give complete protection," the advisory said. "Trojans can communicate with the attackers using common ports (e.g HTTP, DNS, SSL) and can be modified to avoid antivirus detection." NISCC recommended users protect their systems by:

  • Updating antivirus definitions to provide a base level of protection against the attacks;
  • Implementing operating system and software updates to patch the vulnerabilities exploited by these Trojans; and
  • Educating users not to open attachments from any source unless they have been through antivirus scanning and the e-mail is consistent with previous communications with the sender.

Flaws in Opera browser
Security holes in Opera could be exploited to launch cross-site scripting attacks and read local files, Danish security firm Secunia said in an advisory.

"The vulnerability is caused due to Opera not properly restricting the privileges of 'javascript:' URLs when opened in new windows or frames," Secunia said. "The vulnerability has been confirmed in version 8.0. Other versions may also be affected."

The firm recommended users upgrade to version 8.01.

Security hole in SpamAssassin
Attackers could exploit a vulnerability in SpamAssassin to cause a denial of service, the French Security Incident Response Team [FrSIRT] said in an advisory.

"This flaw occurs when processing certain long message headers, which could be exploited via messages containing specially crafted headers that will cause spam checking to take a long time," the organization said. The flaw affects Apache SpamAssassin 3.0.1, Apache SpamAssassin 3.0.2 and Apache SpamAssassin 3.0.3.

FrSIRT recommends users upgrade to Apache SpamAssassin 3.0.4.

Note: This story originally appeared on our sister site, SearchSecurity.com

Dig deeper on Enterprise information security management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close