Hotel malware has been stealing guests’ payment card details… again, should businesses relay delay rolling out vulnerability patches, and Burger King’s Whopper TV ad campaign tries to take advantage of viewers’ Google Home devices with predictable results.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Paul Ducklin.
Show notes:
- InterContinental Hotels Group (IHG) Notifies Guests of Payment Card Incident at IHG-Branded Franchise Hotel Locations in the Americas Region – IHG.
- Affected hotel look-up tool – IHG.
- Been to one of these 1170 IHG hotels? Your credit card details may have been stolen by malware – Bitdefender.
- Microsoft patches Word zero-day booby-trap exploit – Naked Security.
- Microsoft zero-day vulnerability was being exploited for cyber-espionage – Graham Cluley.
- The Shadow Brokers – Wikipedia.
- Burger King’s ‘OK Google’ sad ad saga somehow gets worse – The Register.
- Burger King Connected Whopper ad – YouTube.
Smashing Security #017: 'Data breaches, zero day exploits, and toenail clippings'
Listen on Apple Podcasts | Spotify | Google Podcasts | Pocket Casts | Other... | RSS
More episodes...
This episode of Smashing Security is made possible by the generous support of Recorded Future – the real-time threat intelligence company whose patented machine learning technology continuously analyzes technical, open, and dark web sources to give organizations unmatched insight into emerging threats.
Sign up for free daily threat intelligence updates at recordedfuture.com/intel.
Thanks to Recorded Future for their support.
Hope you enjoy the show, and tell us what you think. You can follow the Smashing Security team at @SmashinSecurity on Twitter.
Remember: Subscribe on iTunes to catch all of the episodes as they go live. Thanks for listening!
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
More on this story:
http://www.usatoday.com/story/tech/news/2017/04/19/intercontinental-hotels-group-breach-holiday-inn-crowne-plaza-front-desk-malware/100652570/
One thing you didn't mention Graham was that if you use Apple Pay it generates a unique card number per transaction so even if a retailer's system is compromised then you're safe. Obviously this can't be used for deposits but it can be used for everything else.
Another option is to get a pre-paid card such as:
https://uk.virginmoney.com/virgin/prepaid-card/
Of course the "nth-complexity infinite binary loop" is a "meaningless term"
https://en.wikipedia.org/wiki/Goodtimes_virus
https://www.sophos.com/ko-kr/press-office/press-releases/1999/11/va_hoaxes.aspx
Also:
http://www.theverge.com/circuitbreaker/2017/4/20/15364960/google-home-speaker-multi-user-new-feature