Donald Hoxhaj

https://thehackernews.com/2017/09/amazon-whole-foods.html

Amazon’s Whole Foods Market Suffers Credit Card Breach In Some Stores

This article talks about the following: Whole Foods Market was acquired by Amazon for 13.7 billion in late August, Whole Foods Market was become a victim of credit card security breach, hacker were able to gain unauthorized access to credit card information for its customers who made purchases at certain venues like taproom and full table series restaurant located within some stores, company has not disclosed details about the total number of stores that were targeted and total number of customers affected by the breach, company did mention that the hacker targeted their point of sale terminals in attempt to steal customer data including credit details, Whole Foods market has hired cybersecurity firm to help with the investigation of the credit card breach and contacted law enforcement authorities of this incident, finally Whole Foods Market is the latest victim of the high-profile cyber-attacks earlier this month Global Tax and Deloitte suffered a cyber-attack.

It will be interesting to see how things unfold in the future. It seems like there is a cyber-attack almost every day but we do not see much action from the government or big organization. Is there a way to minimize or fully eliminate the risk of data breach?

https://thehackernews.com/2017/09/macos-high-sierra-keychain.html

Apple macOS High Sierra Exploit Lets Hackers Steal Keychain Passwords in Plaintext

This article talks about the following: Apple rolled out a new version of its macOS operation system and a few hours before a hack publicly disclosed the details of critical vulnerability that affects Sierra as well as all earlier versions of macOS, Patrick Wardle the hacker found a critical zero-day vulnerability in macOS that allows any installed application to steal usernames and plaintext password of online accounts stored in the macOS Keychain, macOS Keychain is a build-in password management system that allows users to securely store username and passwords for online application, servers, websites, and credit card information, there is a flaw where malicious non-privileged code in app could programmatically access the Keychain and dump all this data including your plain text passwords, finally Patrick Wardle has release a proof of concept video that demonstrated how the hack can be used to exhilarate every single plaintext password from Keychain.

If you interested on the video -> https://vimeo.com/235313957

https://www.technewsworld.com/story/84838.html

Behind-the-Scenes Cryptocurrency Mining Discovered on Showtime Sites

This article talks about the following: Showtime is a premium television network that operates under CBS, Showtime networks has mined the websites of online viewers using the same Coinhive technology that the pirate bay recently used in test run site, Coinhive JavaScript miner was being used to hijack the CPU of site visitors, Showtime was mining the emerging cryptocurrency Monero, it is unclear whether ShowTime was aware or involved in planting the Coinhive mining technology into its source code, in addition source code found on the site appeared to be lined to the web analytics firm New Relic, the JavaScript miner targets compromised websites and uses social engineering to lures and make users pay for illegitimate tech support, cryptocurrencies like Bitcoin, Monero, and LiteCoin are operating in a kind of wild west environment where the rules are still not quite settled, and finally companies like Showtime and Pirate Bay are seeing what they can get away with.

It will be interesting to see how things unfold in the future. Most importantly, what the future holds for cryptocurrencies, will they continue to go up? Also, once they do will they be regulated by the government? Finally, will cryptocurrencies start to compete with the big banks?