Security researchers say they’ve discovered yet another strain of malware that was specifically built to infect Linux-based servers and smart Internet of Things (IoT) devices, and then abuse these systems to launch DDoS attacks. Named Kaiji, this new malware was spotted last week by a security researcher named MalwareMustDie and the team at Intezer Labs. […] More

Our team of security and risk analysts spent the past few months brainstorming and curating tactical and strategic advice designed to improve your security programs for 2020 and beyond… and then along came the COVID-19 global pandemic. In the midst of this, firms are undergoing a shuffle of priorities to accommodate a new normal, including […] More

Barnes & Noble has confirmed a cyberattack impacting Nook services and potentially exposing customer data. 

The US bookseller stocks over one million titles at any one time for distribution worldwide. As ebooks emerged as an alternative to traditional literature, in 2009, the company launched the Nook service, an ebook reader and storage platform. 
Over the weekend, as reported by Bleeping Computer, Barnes & Noble customers complained across social media of outages. Some customers were unable to access their Nook libraries, their previous purchases had vanished into thin air, others were not able to log in to the firm’s online platform, and connectivity issues between sending or loading new books ran rampant. 
See also: Today’s ‘mega’ data breaches now cost companies $392 million to recover from
As noted by The Register, the outage also spread to physical outlets, where it appeared that some cash registers were also “briefly” unable to function. 
This prompted speculation that the disruption could be due to a malware infection, as when Point-of-Sale (PoS) systems become involved, the issue may not merely be due to a backend or server glitch. 
The bookseller partially restored its systems by Tuesday, but it was not until Wednesday that Nook publicly acknowledged customer access and Nook service issues.  
Nook said at the time that a “system failure” was at fault and engineers were working hard to “get all Nook services back to full operation.”
“Unfortunately, it has taken longer than anticipated,” Nook continued. “We sincerely apologize for this inconvenience and frustration.”
Now, Barnes & Noble has confirmed to customers that cyberattackers caused the service disruption. 
In an email, the bookseller said that on October 10, Barnes & Noble was the victim of intrusion, leading to “unauthorized and unlawful access to certain Barnes & Noble corporate systems.”
Customer email addresses, billing and shipping addresses, telephone numbers, and transaction histories may have been exposed during the breach.
CNET: Microsoft takes down hacking network with potential to disrupt election
“We currently have no evidence of the exposure of any of this data, but we cannot at this stage rule out the possibility,” the company added. 
However, the bookseller emphasizes that no financial data, “encrypted and tokenized” as a security measure, was taken or available to the threat actors.
The firm has not disclosed how many customers may be impacted by the suspected data breach. Barnes & Noble warns that as email addresses have been leaked, they may be used in phishing campaigns.
TechRepublic: IoT security: University creates new labels for devices to increase awareness for consumers
While the details of the cyberattack are yet to be made public, it is possible that ransomware could be at the heart of the incident. Bad Packets told BleepingComputer that the bookseller’s VPN servers were previously vulnerable to CVE-2019-11510, an arbitrary read vulnerability.
Security flaws like this can be used to compromise corporate networks and deploy payloads, including ransomware. In recent months, AG and the Duesseldorf University Hospital have experienced severe ransomware attacks. 
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

After years of lying dormant, the Zeus Sphinx malware strain has been resurrected to capitalize on the coronavirus pandemic in a new wave of scams. Spam emails claiming to hold the secret to novel coronavirus cures, texts and phone calls from operators pretending to be utilities and banks impacted by the respiratory illness, and fake […] More

Is it worth giving up your privacy for? Of course it is. Burger King We’re all very particular about our privacy. Well, at least we say we are. Yet the Coronavirus crisis has forced us to examine which principles we’ll stand up for. And which principles we’ll happily give up without a qualm. In countries […] More