Endpoint

1/19/2018
02:28 PM
50%
50%

Up to 40K Affected in Credit Card Breach at OnePlus

The smartphone manufacturer has sent an email to anyone who may have been affected in the breach.

Chinese smartphone manufacturer OnePlus has reported a credit card breach affecting up to 40,000 users at oneplus.net. Users who entered their credit card data on the website between mid-November 2017 and January 11, 2018 could be at risk.

Over the weekend of Jan. 13, OnePlus customers reported unknown credit card transactions appearing on their accounts following purchases from oneplus.net. The company began an investigation and learned one of its systems was attacked. A malicious script was injected into the payment page code to discover credit card information as it was being entered.

The malicious script has been eliminated, the infected server quarantined, and all relevant system structures reinforced. Users who paid using a saved credit card, the "Credit Card via PayPal" option, or PayPal should not be affected, OnePlus reports.

"This breach should be a reminder that HTTPS, while encrypted, is not a guarantee of a secure transaction as attackers can compromise the systems at both ends of any encrypted conversation," says Chris Morales, head of security analytics at Vectra.

Read more details here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/22/2018 | 10:24:40 PM
Re: Chase Bank
@REISEN: Same here, the other day.

I'm not even a Chase customer. So extra #FAIL on that one.

But, then again, they do deal in volume.

 
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
1/19/2018 | 3:10:11 PM
Chase Bank
Just received a suspect email regarding insufficient funds in my chase account.  Oh, click on this link to verify.  I AM NOT DUMB so checked the account NORMAL method and funds there,  nobody hacked - so if you have a breach it comes often from some dumb user clicking on a bad link and off to hell the game goes. 
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-13435
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this is not an attack of interest w...
CVE-2018-13446
PUBLISHED: 2018-08-16
** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. ...
CVE-2018-14567
PUBLISHED: 2018-08-16
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
CVE-2018-15122
PUBLISHED: 2018-08-16
An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource.
CVE-2018-11509
PUBLISHED: 2018-08-16
ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell.