Thread: Barnes & Noble databases hacked
View Single Post
Old 10-15-2020, 06:17 AM   #3
fjtorres
Grand Sorcerer
fjtorres ought to be getting tired of karma fortunes by now.fjtorres ought to be getting tired of karma fortunes by now.fjtorres ought to be getting tired of karma fortunes by now.fjtorres ought to be getting tired of karma fortunes by now.fjtorres ought to be getting tired of karma fortunes by now.fjtorres ought to be getting tired of karma fortunes by now.fjtorres ought to be getting tired of karma fortunes by now.fjtorres ought to be getting tired of karma fortunes by now.fjtorres ought to be getting tired of karma fortunes by now.fjtorres ought to be getting tired of karma fortunes by now.fjtorres ought to be getting tired of karma fortunes by now.
 
Posts: 11,732
Karma: 128354696
Join Date: May 2009
Location: 26 kly from Sgr A*
Device: T100TA,PW2,PRS-T1,KT,FireHD 8.9,K2, PB360,BeBook One,Axim51v,TC1000
Most hacks just take data quietly.
This one crashed the entire system.
At last report (wed Oct 14) the stores were up, Nook wasn't.
Five days and counting.

The drama went unreported by everybody but Reddit until the fourth day, make of it what you will.

Check the comments here, where a couple of people have reported suspicious activity on their B&N-linked credit cards:

https://the-digital-reader.com/2020/...n-all-of-them/

https://the-digital-reader.com/2020/...aturdays-hack/

Not something any company wants to experience, much less one as troubled as B&N, but their user side response has been...less than desirable?

Edit:

With the tech media finally noticing, details are emerging and they're not good.


ZDNET is reporting:

Quote:
“As noted by The Register, the outage also spread to physical outlets, where it appeared that some cash registers were also “briefly” unable to function.

This prompted speculation that the disruption could be due to a malware infection, as when Point-of-Sale (PoS) systems become involved, the issue may not merely be due to a backend or server glitch. ”

“While the details of the cyberattack are yet to be made public, it is possible that ransomware could be at the heart of the incident. Bad Packets told BleepingComputer that the bookseller’s VPN servers were previously vulnerable to CVE-2019-11510, an arbitrary read vulnerability.

Security flaws like this can be used to compromise corporate networks and deploy payloads, including ransomware. In recent months, AG and the Duesseldorf University Hospital have experienced severe ransomware attacks. ”
https://www.zdnet.com/article/barnes...r-data-breach/

The Bleeping News report is more of the same except it adds this ominous bit:
Quote:
“Unfortunately, if they did suffer a ransomware attack, it is likely that much more data was exposed than Barnes & Noble is disclosing.

When ransomware operators attack a network, they first steal unencrypted files to use as leverage to get a victim to pay the ransom. If the victim refuses to pay, the ransomware gang leaks the unencrypted data on data leak sites.

These leaked files can have personal employee information, including passports, drivers licenses, medical information, and salary. ”
Quote:

Finally, cybersecurity intelligence firm Bad Packets told BleepingComputer that Barnes & Noble perviously had multiple Pulse VPN servers that were vulnerable to the CVE-2019-11510 vulnerability.

This vulnerability is popular among ransomware threat actors as it allows them to gain access to user credentials stored on the VPN device.
https://www.bleepingcomputer.com/new...customer-data/

For a retailer, ransomware attacks typically target consumer data rather than doxing employers.

BTW, the cited vulnerability was reported back in April 2019, when a patch was issued.

18 months later, their systems remained unpatched.

Last edited by fjtorres; 10-15-2020 at 07:29 AM.
fjtorres is offline   Reply With Quote