Amazon customers are the target of a wide-ranging phishing email scam intended to fool recipients into opening up a malicious attachment that results in the downloading of Locky ransomware.
Vulnerabilities allow attackers to use an exploit known as the "forbidden attack," affecting dozens of Visa Inc.'s HTTPS-protected websites.
The Anti-Phishing Working Group observed more phishing attacks in the first quarter of 2016 than in any other three-month span since it began tracking data in 2004, according to the anti-cybercrime coalition.
Magento released a patch for a critical vulnerability that allowed unauthenticated users to execute PHP code remotely on the server using APIs.
A new government survey shows that U.S. households are growing averse to even the most routine online transactions, due to cyberattacks imperiling users' finances, identities and privacy.
The DHS yesterday issued its first-ever US-CERT security alert pertaining to the active exploit of an SAP application, after a security vendor determined 36 organizations were infiltrated via an SAP vulnerability that was disclosed over five years ago.
An investigation into a point-of-sale malware attack discovered earlier this year found 300 of the chain's 5,500 locations were impacted.
Kroger alerted current and former employees this week that their data - including Social Security numbers and birth dates - may have been compromised as a result of a breach at Equifax's W-2Express website.
Claiming that Wendy's didn't properly protect data, First Choice Credit Union filed a class action lawsuit against the retailer over a breach experienced last year.
The PCI Data Security Standard version 3.2 released Thursday not only includes new requirements to safeguard payment data, including multifactor authentication.
Beware of fake mystery shopper scams, a new McAfee Labs consumer alert warned.
A variant of the POS malware family known as NewPosThings, called Multigrain, has introduced a twist into its repertoire—exfiltrating stolen payment card data from POS systems via the Domain Name System (DNS).
DōTERRA International notified the State of California's Attorney General's office that personal information of its customers and wholesale members, or "Wellness Advocates," was breached.
The personal information of an undisclosed number of CVS customers in Calera, Ala., is at risk after a laptop was stolen from one of its vendors.
The Identity Theft Resource Center (ITRC) and IDT911 said that to date, the financial services, business, education, government and healthcare industrial sectors have experienced over 6,000 data breaches since 2005.
Worldpay's electronic payment gateway setup pages offer poor security seals on credit card details, according to a security researcher.
Nest will disable its smart home product Revolv on May 15th. Revolv founders Tim Enwall and Mike Soucie will re-focus on building Works with Nest.
Macy's is reportedly investigating a phishing scam that uses a fake Macy's delivery email notification for what is usually a non-existent order.
The six-month anniversary of chipped credit cards is coming up on April 1 and the general consensus in the industry on the rollout is "so far so good."
The Department of Homeland Security has declared itself officially ready to exchange cybersecurity intelligence with private industries and other organizations using an automated threat-sharing system, under the terms of the Cybersecurity Act of 2015.
The FTC has ordered nine companies to provide information on the way they assess whether retailers and others are in compliance with Payment Card Industry Data Security Standards (PCI DSS).
Kaspersky noticed an increase in fake emails that claim to be from Amazon online stores offering free gifts.
A new survey of U.S. payment service providers revealed that approximately 37 percent of retailers were ready to process EMV payments by Feb. 1, 2016.
Organizations that haven't updated their Magento sites with the SUPEE-5344 security patch for the Shoplift Bug run the risk of having their sites compromised by wily hackers pitching a fake patch.
An Android malware is masquerading as a security feature for AliPay, a Chinese PayPal-like online payment app.
VTech representatives are struggling to defend new terms and conditions that the electronic toy manufacturer company posted on its corporate website following a massive hack that exposed over 6.3 million accounts.
Wendy's found malware on the systems at some restaurants under investigation after unusual activity was reported on customers' payment card accounts.
A group of hackers tried to access active accounts belonging to more than 20 million users of Taobao, Alibaba Group Holding Ltd.'s e-commerce unit.
Though a large vulnerability was discovered in eBay's global sales platform, the company has 'no plans' to fix the active code exploit.
Landry's Inc., the dining and hospitality chain operator that discovered a long-running data breach in December, said it has completed its internal investigation into the incident, and has fortified its point-of-sale operations with encryption technology to prevent future cyberattacks.
Neiman Marcus Group (NMG) reported that someone gained unauthorized access to thousands of online customer accounts.
The roll out of the EMV cards last fall was expected to bring a new level of data security to American consumers and retailers, but depending upon whom one speaks the cards have either been a boon or a bust.
Amazon Web Services said it would offer free certificates to help companies automate use of TLS/SSL cryptographic protocols.
Small businesses and retailers should expect cybercriminals to pay extra attention to them in the coming months with ransomware and point of sale attacks becoming even more common.
Security researcher Troy Hunt has come across a new type of spam - $0 invoices from PayPal accounts.
The restaurant and hospitality company Landry's is reporting that some of its customers have had unauthorized charges placed on their payment cards after they were used at a Landry's establishment.
Santa may know if you have been naught or nice, but that's nothing compared to the amount of information Walgreens and Target collects from its shopping app users.
In an effort by global law enforcement, over 37,000 websites selling counterfeit goods have been shut down during the time leading up to the Black Friday/Cyber Monday weekend.
Some fans buying tickets for Adele's European tour were shocked to see the payment details and addresses from other people's shopping baskets other than their own while attempting to check out.
Walmart partnered with Lockheed Martin and FBI to monitor employee protests between 2012 and 2013
With Black Friday here and shoppers using every online method available to find the best deals, Cisco Talos Security Intelligence and Research Group warned shoppers that cybercriminals will also be out in force this holiday season.
Security researchers at cyber threat intelligence company iSight Partners identified malware - called ModPOS - that targets retail point-of-sale systems.
Banks are warning Apple Pay users against storing other people's fingerprints on their iPhones, with a threat that would void terms & conditions agreements.
Yellowfront Grocery in Damariscotta, Maine, notified its customers via Facebook that it had experienced a POS breach.
The personal information of 150,000 customers of an as-yet-unnamed casino was compromised following an incursion by the "Fin5" hacking group.
America's Thrift Stores reported a breach that compromised credit card information for an unknown number of its customers who shopped at the 18-store chain in September 2015.
Payment card breaches continue to plague retail and online operations here in the United States, while in Europe and many Asian countries the situation is less a concern owing primarily to the use there of chip cards rather than the magnetic stripe technology ingrained into U.S. operations.
In as little as three short months, the SHA-1 internet security standard used for digital signatures and set to be phased out by January 2017, could be broken by motivated hackers, a team of international researchers found, prompting security specialists to call for a ramping up of the migration to SHA-2.
The Federal Bureau of Investigation, (FBI) issued a warning yesterday to consumers stating that their newly-issued EMV, or chip, credit card is still vulnerable.
Owing to a slew of lawsuits filed by banks and credit unions, the expected cost to Home Depot for a cyber intrusion may reach into the billions.
Chip, or EMV, credit cards usage will become the retail standard as of today, but whether or not this high-tech payment method will improve security is still being debated between the retail and credit card industries.
Truckloads of HP servers were delivered to federal officials for a warrantless surveillance program codenamed "Stellar Wind."
Uber is attempting to squash the use of hacked customer accounts that have most likely been sold on the dark web and are currently being used in China.
Three flaws on Starbucks' website put customers' banking details at risk.
Schneider Electric released updated firmware to patch a remotely exploitable vulnerability for its StruxureWare Building Expert building automation system.
PNI Digital Media, CVS and Costco are warning their online photo customers that some personal information may have been compromised following a malware attack on the system in July.
Eleven law firms filed with a Minnesota court this past week to ask for class-action certification over Target's 2013 data breach.
The Securities and Exchange Commission will not penalize Target Corp. for a cyberattack two years ago in which credit card and other personal information of millions of customers was exposed.
Target will fork over as much as $67 million to banks issuing Visa cards and $10 million to customers who were affected in its 2013 breach.
As six major retailers spanning the U.S., Canada and the U.K. enter the second month of having their online photo print operations shuttered by hackers, industry analysts say the damage to consumers and the retailers could be significant in both data and dollars.
Geraldine "Gerri" Elliot was appointed by the cyber security solutions firm Impeva to the company's board of directors.
Square countered the claim of three Boston University graduates that its reader can be quickly and easily converted into a credit card skimmer.
Three top-selling smart home hubs on Amazon have zero-day vulnerabilities that could allow an outsider entry into the user's home, Tripwire reported.
Speaking at a Federal Reserve Bank of Kansas City conference, Jerome Powell called EMV card deployment a step forward but questioned the security of cards that use signatures, not PINs, for authentication.
Visa and FireEye formed a partnership aimed at helping merchants and card issuers access threat intelligence and combat cyber attacks.
The Wall Street Journal reports that some of MasterCard's biggest issuers refused to back the breach settlement.
Swapping out magnetic stripe payment cards for those equipped with computer chips is no small task, reports Karen Epper Hoffman.
There's been quite a bit of lip service paid to the ages-old concept of information sharing, says Illena Armstrong, VP, editorial, SC Magazine..
A federal judge recently denied banks' motion to block the settlement, but now the deal has been nixed for different reasons.
Starbucks customers say auto-reload feature is being used to steal from their linked credit cards and bank accounts.
Trustwave also found that the Punkey threat family and NewPosThings share the same code base.
Trend Micro warns that the threat could spread, as the sole perpetrator of the attacks is selling the malware.
Trend Micro believes that point-of-sale malware attackers will increasingly target travelers.
A recent Verizon study found that regular testing of security systems was a compliance weak point for merchants.
The percentage of companies compliant with PCI DSS Requirement 11 dropped to 33 percent last year, a Verizon report found.
A new study from Javelin Strategy & Research has found that both the fraud rate and the amount of money lost to fraud decreased this year.
Unnamed attackers attempted to gain access to some Toys"R"Us reward program profile in January, prompting the company to send email notifications and request users change their passwords.
Brian Krebs uncovered that a third parking service has been targeted by the same cybercriminals that hit Target and Home Depot.
A Georgia judge ordered Home Depot respond to class-action lawsuit allegations surrounding the retailer's major data breach this past summer by July 2015.
As we all gear up for the holidays with plans to purchase any number of items online, cyberthieves too are gearing up with more and more creative ways to steal money, credentials and critical data from any number of organizations.
Phishing emails are made to look like order confirmations from major retailers, like Best Buy, Target and Walmart, security firm Malcovery warns.
The National Association of Federal Credit Unions is asking Congress to establish national data breach and notification standards for retailers.
The FBI and Homeland Security's US-CERT team have both warned that online scams, taking advantage of the holiday shopping frenzy, will be plentiful this season.
Damballa observed the spike in infections, which followed a Backoff peak in Q3.
Vladimir Drinkman, who was charged for his involvement in the Heartland breach, is currently in the Netherlands.
A new study found that consumers are becoming more aware of security procedures at retailers after breaches have dominated this year's news cycle.
Researchers at Fortinet detailed the new variant on Monday, and urged businesses to keep their AV up to date.
Apple's iPhone 6 and iOS 8 offer encryption for mobile users, but a focus on consumers can create security conundrums, reports Lee Sustar.
The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.
We're in the age of the customer. Empowered buyers are demanding a new level of customer obsession, and bring-your-own-everything is accelerating.
A Canadian is leading a $500 million class-action lawsuit against Home Depot following its data breach in which up to 56 million US and Canadian credit cards were stolen.
Roman Seleznev is now charged in a 40-count indictment brought by a federal grand jury in Seattle.
A slide of a card at a POS system sure is convenient, but given last year's Target data theft and recent headlines about the Home Depot breach, some are questioning the safety of transactions.
Just recently we witnessed the U.S. House of Representative pass two bills aimed at bolstering the security operations of the nation's critical infrastructure.
Retail organizations have long been the target of financially-motivated crime. According to Verizon, 92% of the retail breaches they've studied were committed by external actors.
The PCI Security Standards Council's new general manager Stephen Orfei spoke at the Florida community meeting.
Home Depot confirmed that approximately 56 million payment cards may have been compromised as result of a malware attack.
Due to the flaw, iPhone bidders were vulnerable to being redirected to a phishing page.
Nuix believes the malware found on Home Depot's systems belongs to a different threat family.
On Wednesday, PCI SSC updated its card skimming prevention guidance for the first time in five years.
SC Magazine Articles
- GCHQ infosec group disclosed kernel privilege exploit to Apple
- Adobe Flash remains threat as users fail to update, researchers
- Russian bank app changes password when users attempt removal
- Update: 117 million LinkedIn email credentials found for sale on the dark web
- 2.5K Twitter accounts hacked to spread links to adult content
- Some U.S. Bancorp workers' W-2 info exposed in ADP data breach
- Spearphishing attack nets $495K from investment firm
- Updated: Gmail, Yahoo email credentials among millions found on the dark web
- APWG report: Phishing surges by 250 percent in Q1 2016
- Adobe Flash remains threat as users fail to update, researchers
- Chrome 51 serves up 42 security fixes, $65K in bug bounties
- Reddit resets passwords after LinkedIn data dump
- The Southeast Eye Institute patient information compromised
- Microsoft warns of new, self-propagating ransomware in the wild
- Email error leaks hundreds of Northern Ireland prison officer details