Friday , May 9 2025

Payments Giant NCR Hit by Ransomware

US payments giant NCR confirmed over the weekend that a data center outage is the result of a ransomware attack. A well-known ransomware group has taken credit for the attack.

NCR first reported investigating an “issue” related to its Aloha restaurant point-of-sale (PoS) product on April 12. On April 15, the company said a limited number of ancillary Aloha applications for a subset of its hospitality customers had been impacted by an outage at a single data center.

Microsoft Patches Four Critical Azure and Power Apps Vulns

Microsoft has fixed critical vulnerabilities in its core cloud services, including Azure Automation, Azure Storage, Azure DevOps, and Microsoft Power...
Read More
Microsoft Patches Four Critical Azure and Power Apps Vulns

Qilin Ransomware topped April 2025 with 45+ data leak disclosures

The cyber threat landscape is rapidly changing, with a notable increase in ransomware activity in April 2025, driven by the...
Read More
Qilin Ransomware topped April 2025 with 45+ data leak disclosures

SonicWall Patches 3 Flaws in SMA 100 Devices

SonicWall has released patches for three security flaws in SMA 100 Secure Mobile Access appliances that could allow remote code...
Read More
SonicWall Patches 3 Flaws in SMA 100 Devices

Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed

From April 2024 to April 2025, Flashpoint analysts noted that the financial sector was a major target for threat actors,...
Read More
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed

Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA

Cisco has issued a security advisory for a critical vulnerability in its IOS XE Software for Wireless LAN Controllers (WLCs)....
Read More
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA

CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day

Attackers linked to the Play ransomware operation deployed a zero-day privilege escalation exploit during an attempted attack against an organization...
Read More
CVE-2025-29824  Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day

Hacker exploited Samsung MagicINFO 9 Server RCE flaw

Hackers are exploiting an unauthenticated remote code execution vulnerability in the Samsung MagicINFO 9 Server to take control of devices...
Read More
Hacker exploited Samsung MagicINFO 9 Server RCE flaw

CISA adds Langflow flaw to its KEV catalog

CISA added the Langflow vulnerability, CVE-2025-3248 (CVSS score 9.8), to its Known Exploited Vulnerabilities catalog. Langflow is a popular tool...
Read More
CISA adds Langflow flaw to its KEV catalog

Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers

Google has released its monthly Android security updates, addressing 46 vulnerabilities, including one that has been actively exploited. CVE-2025-27363 (CVSS...
Read More
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers

UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition

The Cyber Security Club, representing the Department of Computer Science and Engineering at the University of Asia Pacific (UAP), has...
Read More
UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition

“On April 13, we confirmed that the outage was the result of a ransomware incident. Immediately upon discovering this development we began contacting customers, engaged third-party cybersecurity experts and launched an investigation. Law enforcement has also been notified,” NCR said.

The company has been working to restore affected services, but said that impacted restaurants should still be able to serve customers, with only specific functionality being impacted.

Cybersecurity researcher Dominic Alvieri noticed on April 15 that the ransomware group known as BlackCat, Alphv and Noberus took credit for the attack on its Tor-based leak website, but the post was quickly removed by the hackers.

In the now-removed post, the cybercriminals said they were contacted by NCR representatives who wanted to find out what type of data had been stolen from their systems. The hackers claimed they did not steal any actual NCR data, but they did obtain “a lot of credentials” that can be used to access NCR customer networks.

The removal of the post naming NCR from BlackCat’s leak website suggests that negotiations have started and the cybercriminals are hoping to get paid.

SecurityWeek has reached out to the company to find out if it plans on paying a ransom.

The BlackCat ransomware has been around since at least November 2021 and its leak website currently lists more than 300 victims. The group has been known to target industrial companies.

Mandiant warned recently that the hackers have been exploiting vulnerabilities in a Veritas data backup product for initial access.

UPDATE: NCR has not responded to questions regarding potential information compromise or the payment of a ransom, but it did tell SecurityWeek the following:

“We believe this incident is limited to specific functionality in Aloha cloud-based services and Counterpoint. At this time, our ongoing investigation also indicates that no customer systems or networks are involved. None of our ATM, digital banking, payments, or other retail products are processed at this data center.

While in-restaurant purchases and transactions continue to operate, affected customers have reduced capabilities on specific Aloha cloud-based and Counterpoint functionality that has impacted their ability to manage restaurant administrative functions. NCR is conducting concurrent efforts to establish alternative functionality for customers, fully restore impacted data and applications, and to enhance its cyber security protections.

Check Also

Quantum Computing Village

India Launches First Quantum Computing Village in Amaravati

India has taken a monumental stride toward next-generation technology by initiating its first Quantum Computing …

Leave a Reply

Your email address will not be published. Required fields are marked *