Just another week in ThreatWatch, our regularly updated index of noteworthy data breaches.
In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:
A Russian cybercrime group may have breached Oracle’s point-of-sale system, putting at risk a considerable amount of credit card numbers.
Initially, Oracle thought the breach was limited to a few computers and servers in its retail business but found that 700 systems were infected with malicious code, according to KrebsOnSecurity. The breach included Oracle’s MICROS division, which supports more than 330,000 cash registers globally.
The scope of the damage isn’t clear. The breach may have allowed the group to upload malware on to point-of-sales systems, according to Wired.
Oracle said it had “detected and addressed malicious code in certain legacy MICROS systems” and clarified its corporate networks and other cloud offering were not affected. All of Oracle's MICROS customers will have to change their passwords.
Keyless cars manufactured by the Volkswagen group since 1995 may be unlocked wirelessly, according to new research.
"We show that the security of the keyless entry systems of most VW Group vehicles manufactured between 1995 and today relies on a few, global master keys," wrote a research team of University of Birmingham and Kasper & Oswald computer scientists. The team presented its findings at the USENIX Security Symposium in Austin, Texas, last week.
Using $40 worth of easily available radio hardware, the team intercepted the signals the driver’s key fob sends to the vehicle. Every time a driver uses a fob, the signal includes a unique vehicle specific number. By combining that vehicle-specific number with one of the four “master” crytographic keys they identified, researchers were able to unlock various makes and models.
The researchers didn’t disclose their exact technique, but did inform the VW Group, which acknowledged the vulnerabilities, according to the paper.
Australians took to Twitter to let the Australian Bureau of Statistics know about its #CensusFail, however, the source of website woes was a series of distributed denial-of-service attacks.
ABS asked its citizens to fill out Census 2016 data on Aug. 9, but participants started complaining about not being able to reach the site, slow load times and form submission problems, according to CNET.
Though early media reports said the site had been hacked, ABS later posted that “Reviews by IBM, [Australian Signals Directorate] and ABS have confirmed that this was not a hack – no Census data was compromised.”
Instead, the Census site was hit with four separate DDoS attacks, which is when multiple systems flood a target to overwhelm its systems.