Sunday , June 15 2025

Payments Giant NCR Hit by Ransomware

US payments giant NCR confirmed over the weekend that a data center outage is the result of a ransomware attack. A well-known ransomware group has taken credit for the attack.

NCR first reported investigating an “issue” related to its Aloha restaurant point-of-sale (PoS) product on April 12. On April 15, the company said a limited number of ancillary Aloha applications for a subset of its hospitality customers had been impacted by an outage at a single data center.

Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems

WestJet, Canada's second-largest airline, is looking into a cyberattack that has affected some internal systems during its response to the...
Read More
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems

Paraguay 7.4 Million Citizen Records Leaked on Dark Web

Resecurity found 7.4 million records of Paraguayan citizens' personal information leaked on the dark web today. Last week, cybercriminals attempted...
Read More
Paraguay 7.4 Million Citizen Records Leaked on Dark Web

High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation

HashiCorp has revealed a critical vulnerability in its Nomad tool that may let attackers gain higher privileges by misusing the...
Read More
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation

SoftBank: Over 137,000 personal info leaked

SoftBank has disclosed that personal information of more than 137,000 mobile subscribers—covering names, addresses, and phone numbers—might have been leaked...
Read More
SoftBank: Over 137,000 personal info leaked

Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code

Serious security vulnerabilities in Trend Micro Apex One could allow attackers to inject malicious code and elevate their privileges within...
Read More
Alert  Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Action

Aim Labs discovered a zero-click AI vulnerability named “EchoLeak” in Microsoft 365 Copilot and reported several ways to exploit it...
Read More
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Action

Adobe Releases Patch Fixing 254 Vulnerabilities With High-Severity Security Gaps

On Tuesday, Adobe released security updates for 254 vulnerabilities in its software, mainly affecting Experience Manager (AEM). There are 254...
Read More
Adobe Releases Patch Fixing 254 Vulnerabilities With High-Severity Security Gaps

Alert
40,000 + live internet cameras exposed globally !

A new report from Bitsight reveals that over 40,000 internet-connected security cameras around the world are exposed, broadcasting live footage...
Read More
Alert  40,000 + live internet cameras exposed globally !

Microsoft patch Tuesday fix exploited zero-day and 65 vuls patched

Microsoft's June Patch Tuesday update has arrived, addressing 66 vulnerabilities across its product line. One of these flaws was actively...
Read More
Microsoft patch Tuesday fix exploited zero-day and 65 vuls patched

84,000+ Roundcube instances vulnerable to actively exploited flaw

More than 84,000 Roundcube webmail installations are at risk due to CVE-2025-49113, a severe remote code execution (RCE) vulnerability that...
Read More
84,000+ Roundcube instances vulnerable to actively exploited flaw

“On April 13, we confirmed that the outage was the result of a ransomware incident. Immediately upon discovering this development we began contacting customers, engaged third-party cybersecurity experts and launched an investigation. Law enforcement has also been notified,” NCR said.

The company has been working to restore affected services, but said that impacted restaurants should still be able to serve customers, with only specific functionality being impacted.

Cybersecurity researcher Dominic Alvieri noticed on April 15 that the ransomware group known as BlackCat, Alphv and Noberus took credit for the attack on its Tor-based leak website, but the post was quickly removed by the hackers.

In the now-removed post, the cybercriminals said they were contacted by NCR representatives who wanted to find out what type of data had been stolen from their systems. The hackers claimed they did not steal any actual NCR data, but they did obtain “a lot of credentials” that can be used to access NCR customer networks.

The removal of the post naming NCR from BlackCat’s leak website suggests that negotiations have started and the cybercriminals are hoping to get paid.

SecurityWeek has reached out to the company to find out if it plans on paying a ransom.

The BlackCat ransomware has been around since at least November 2021 and its leak website currently lists more than 300 victims. The group has been known to target industrial companies.

Mandiant warned recently that the hackers have been exploiting vulnerabilities in a Veritas data backup product for initial access.

UPDATE: NCR has not responded to questions regarding potential information compromise or the payment of a ransom, but it did tell SecurityWeek the following:

“We believe this incident is limited to specific functionality in Aloha cloud-based services and Counterpoint. At this time, our ongoing investigation also indicates that no customer systems or networks are involved. None of our ATM, digital banking, payments, or other retail products are processed at this data center.

While in-restaurant purchases and transactions continue to operate, affected customers have reduced capabilities on specific Aloha cloud-based and Counterpoint functionality that has impacted their ability to manage restaurant administrative functions. NCR is conducting concurrent efforts to establish alternative functionality for customers, fully restore impacted data and applications, and to enhance its cyber security protections.

Check Also

SIEM and SOAR

CISA Issued Guidance for SIEM and SOAR Implementation

CISA and ACSC issued new guidance this week on how to procure, implement, and maintain …

Leave a Reply

Your email address will not be published. Required fields are marked *