UPDATE: Home Depot Confirms Breach; BlackPOS Implicated

  /     /     /  
Publicated : 22/11/2024   Category : security


UPDATE: Home Depot Confirms Breach; BlackPOS Implicated


Home Depot confirms there was indeed a breach. Presence of BlackPOS hints that the perpetrators could be the same ones who breached Target.



UPDATED 5:15 p.m. ET:
Home Depot has confirmed that it did experience a data breach that affects customers who made credit card purchases at its stores in the United States and Canada; there is no evidence that customers who made purchases in Mexico or on HomeDepot.com were impacted.
The company says that there is no evidence that debit card PINs were compromised. No further details about the nature of the attack or the scope of the damage have been revealed. The investigation is ongoing, with a focus on suspicious activity beginning in April 2014.
Home Depot is offering free identity protection services, including credit monitoring, to any customer who used a payment card at a Home Depot store in 2014, from April on.
We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue, said Frank Blake, Home Depot chairman and CEO, in a statement. We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. Its important to emphasize that no customers will be responsible for fraudulent charges to their accounts.
Home Depot reiterated its previously announced intentions to roll out EMV Chip-and-PIN technology to its stores by the end of the year, well in advance of the October 2015 deadline established by the payments industry.
Original Text:
A new variant of the BlackPOS card-slurping point-of-sale malware was used in the
still-unconfirmed data breach at Home Depot
, sources close to the investigation
told Brian Krebs of KrebsOnSecurity
.
The presence of BlackPOS is one indicator that the culprits behind the suspected Home Depot attack might be the same people who used BlackPOS to lift 40 million payment card accounts from Target in December. Another indicator, according to Krebs, is that cards apparently stolen from Home Depot shoppers first turned up for sale on Rescator.cc, the same underground cybercrime shop that sold millions of cards stolen in the Target attack.
Trend Micro first spotted the new BlackPOS variant, TSPY_MEMLOG.A, in the wild on Aug. 22.
According to Trend Micro
, Whats interesting about TSPY_MEMLOG.A is it disguises itself as an installed service of known [anti-virus] vendor software to avoid being detected and consequently, deleted in the infected PoS systems.
The new variant also uses similar tactics to offload pilfered data. As Trend Micro reports, in the Target breach, the attackers offloaded the gathered data to a compromised server first while a different malware running on the compromised server uploaded it to the FTP. We surmise that this new BlackPOS malware uses the same exfiltration tactic.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
UPDATE: Home Depot Confirms Breach; BlackPOS Implicated