Contending with online thieves and fraudsters

As we all gear up for the holidays with plans to purchase any number of items online, cyberthieves too are gearing up with more and more creative ways to steal money, credentials and critical data from any number of organizations.

Asprox spammers use timely, but malicious, emails to trick holiday shoppers

Phishing emails are made to look like order confirmations from major retailers, like Best Buy, Target and Walmart, security firm Malcovery warns.

Credit unions urge Congress to enforce security standards for retailers

The National Association of Federal Credit Unions is asking Congress to establish national data breach and notification standards for retailers.

DHS, FBI sound alert on holiday cyber scams

The FBI and Homeland Security's US-CERT team have both warned that online scams, taking advantage of the holiday shopping frenzy, will be plentiful this season.

Backoff infections spike 33 percent at Q4 start, more variants surface

Damballa observed the spike in infections, which followed a Backoff peak in Q3.

Report: Dutch gov't OKs Drinkman extradition to U.S.

Vladimir Drinkman, who was charged for his involvement in the Heartland breach, is currently in the Netherlands.

Affected by breaches, consumers ready for more intensive security measures

Affected by breaches, consumers ready for more intensive security measures

A new study found that consumers are becoming more aware of security procedures at retailers after breaches have dominated this year's news cycle.

New version of Backoff detected, malware variant dubbed 'ROM'

New version of Backoff detected, malware variant dubbed 'ROM'

Researchers at Fortinet detailed the new variant on Monday, and urged businesses to keep their AV up to date.

A balancing act: Apple technology

A balancing act: Apple technology

Apple's iPhone 6 and iOS 8 offer encryption for mobile users, but a focus on consumers can create security conundrums, reports Lee Sustar.

PCI publishes guidance on security awareness programs

PCI publishes guidance on security awareness programs

The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.

ADDING RELATIONSHIP MANAGEMENT TO IDENTITY: A must for Customer-Centric companies

We're in the age of the customer. Empowered buyers are demanding a new level of customer obsession, and bring-your-own-everything is accelerating.

Canadian launches $500m class action against Home Depot

A Canadian is leading a $500 million class-action lawsuit against Home Depot following its data breach in which up to 56 million US and Canadian credit cards were stolen.

Suspected POS hacker Seleznev faces slew of new charges

Roman Seleznev is now charged in a 40-count indictment brought by a federal grand jury in Seattle.

Cash is king...for now

Cash is king...for now

A slide of a card at a POS system sure is convenient, but given last year's Target data theft and recent headlines about the Home Depot breach, some are questioning the safety of transactions.

Addressing attacks on critical infrastructure

Just recently we witnessed the U.S. House of Representative pass two bills aimed at bolstering the security operations of the nation's critical infrastructure.

Cyber thieves are ready for the holiday shopping season: are you?

Retail organizations have long been the target of financially-motivated crime. According to Verizon, 92% of the retail breaches they've studied were committed by external actors.

PCI Council holds North America community meeting, new GM Orfei speaks

PCI Council holds North America community meeting, new GM Orfei speaks

The PCI Security Standards Council's new general manager Stephen Orfei spoke at the Florida community meeting.

Home Depot: breach risks 56M payment cards, 'unique' malware used

Home Depot confirmed that approximately 56 million payment cards may have been compromised as result of a malware attack.

eBay addresses XSS issue affecting auction page visitors

Due to the flaw, iPhone bidders were vulnerable to being redirected to a phishing page.

Researcher challenges reports that BlackPOS variant struck Home Depot

Nuix believes the malware found on Home Depot's systems belongs to a different threat family.

PCI Council updates skimming prevention guidance

PCI Council updates skimming prevention guidance

On Wednesday, PCI SSC updated its card skimming prevention guidance for the first time in five years.

BlackPOS malware that struck Target also linked to Home Depot breach, report says

BlackPOS malware that struck Target also linked to Home Depot breach, report says

The same malware that reportedly struck Target also hit Home Depot's POS systems, a new report from Brian Krebs reveals.

PCI Council urges retailers to defend against Backoff POS attacks

The warning comes soon after the Secret Service and DHS issues a warning on the threat.

Calif. passes law requiring smartphone kill switch technology

Starting July 2015, all smartphones sold in the state must come with the anti-theft technology.

New variants of POS malware 'Backoff' found as infections expand

New variants of POS malware 'Backoff' found as infections expand

The Secret Service said that over 1,000 U.S. businesses have been infected with the malware.

PCI council releases third-party security assurance guidance

PCI council releases third-party security assurance guidance

The guidance is meant to help merchants and third parties better understand their roles and responsibilities in the payment security ecosystem.

PCI council's Bob Russo to retire, new general manager named

The PCI Security Standards Council General Manager Bob Russo will retire at year's end; Stephen W. Orfei will take the helm in September.

P.F. Chang's investigates breach, shifts to manual payment card imprinting

P.F. Chang's investigates breach, shifts to manual payment card imprinting

While P.F. Chang's investigates a breach, it has shifted to manual payment card imprinting, suggesting that point-of-sale devices may have been compromised.

Home Depot staffer fired, tapped 30,000 accounts, shared card data

A former Home Depot employee was fired and is being prosecuted for accessing customer account information and distributing card data.

Over 140 Target breach lawsuits consolidated in Minn.

It is still unclear whether the lawsuits will gain class-action status, putting potential claimants in the millions.

Target leadership changes continue with resignation of CEO

Target leadership changes continue with resignation of CEO

On Monday, Target CEO and Chairman Gregg Steinhafel announced that he was stepping down from his position.

Study: Post-breach, 30 percent of consumers would take business elsewhere

Study: Post-breach, 30 percent of consumers would take business elsewhere

A new study weighs the collateral damage from data breaches hitting businesses.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

POS malware risks millions of payment cards for Michaels, Aaron Brothers shoppers

POS malware risks millions of payment cards for Michaels, Aaron Brothers shoppers

An investigation dating back to January has finally confirmed that malware on point-of-sale systems may have compromised payment card data for millions of Michaels Stores and Aaron Brothers customers.

Report: Neiman Marcus breach work of Russian hackers who targeted Heartland

Report: Neiman Marcus breach work of Russian hackers who targeted Heartland

The group being implicated has stolen over 160 million card numbers over the years by hacking organizations, including Heartland Payment Systems, Visa and 7-Eleven.

Banks file class-action against Target and Trustwave over massive breach

Banks file class-action against Target and Trustwave over massive breach

Banks impacted by the Target data breach have banded together to file a class-action against the retail giant, as well as against security firm Trustwave.

Sally Beauty changes tune, says customer data was accessed in breach

Sally Beauty changes tune, says customer data was accessed in breach

After claiming it saw no evidence that payment card data was taken in a breach, the chain now says fewer than 25,000 records were "illegally accessed."

Target did not respond to FireEye security alerts prior to breach, according to report

Target did not respond to FireEye security alerts prior to breach, according to report

Prior to its massive breach, Target seems not to have responded to multiple alerts from security company FireEye involving suspicious activity on the retailer's network.

Sally Beauty investigates breach, no evidence of stolen payment cards

An attempted intrusion is still being investigated, but Texas-based Sally Beauty has no evidence to suggest that 282,000 payment cards found in an online underground crime market were pilfered from the worldwide retailer.

Online safety for kids of all ages

Online safety for kids of all ages

In the aftermath of the Target breach, there is a huge need for all the people who are engaging with technology to understand more about cyber threats and ways they can account for these before and after something goes down.

Firm detects Zeus variant targeting POS terminals

Firm detects Zeus variant targeting POS terminals

The malware is based on the leaked code of Zeus and RAM-scraping malware.

Trade groups from finance, retail sectors team for security initiative

The associations will explore options for improved information sharing and implementation of card security technology.

Target vendor, Fazio Mechanical, confirms being victim of attack

Target vendor, Fazio Mechanical, confirms being victim of attack

Target announced last week that hackers compromised its systems using credentials stolen from a third party vendor and, on Thursday, Fazio Mechanical confirmed that it was the victim of an attack.

Retailers testify before Senate Judiciary Committee, push chip cards

Executives with Target and Neiman Marcus were among the individuals who testified before the Senate Judiciary Committee on Tuesday.

White Lodging investigates suspected nine-month-long POS attack

White Lodging Services Corporation is investigating a suspected breach of its point-of-sale systems, the Indiana-based hotel management company announced on Monday.

Dozens of U.S. retailers impacted in global POS malware campaign

A worldwide point-of-sale malware operation involving a relatively new trojan - called ChewBacca - has impacted dozens of retailers in the U.S., according to RSA researchers.

Hackers accessed Target systems using stolen vendor credentials

Stolen vendor credentials is what led to a massive malware attack on Target's point-of-sale machines, ultimately resulting in the theft of 40 million payment cards, among other information.

Michaels Stores investigates possible payment card breach

After Target and Neiman Marcus, Michaels Stores is the next in a line of U.S. retailers to reveal that it is investigating a possible security breach that may have resulted in the compromise of customer payment cards.

Hasbro website served malware to visitors

Researchers at Barracuda Labs discovered that the toy and game website was infected.

Neiman Marcus: 1.1 million cards potentially compromised during breach

On Wednesday, the retailer's CEO Karen Katz announced that malware on its payment systems may have impacted more than one million cards.

Russian man claims he wrote Target POS malware as a security program

IntelCrawler concluded on Sunday that 23-year-old Rinat Shibaev - not 17-year-old Sergey Taraspov, as the company previously reported - is the writer of the malware that infected Target's point-of-sale systems.

Texas police arrest two in connection with Target breach

Texas police arrest two in connection with Target breach

At the border of U.S. and Mexico, two individuals were arrested in connection with the late-2013 Target breach.

Neiman Marcus breach dates back to July 2013, according to report

The attack on Neiman Marcus point-of-sale systems dates back to July 2013 and the threat was not completely mitigated until Sunday, unnamed people briefed on the retailer's investigation told the New York Times.

Report indicates KAPTOXA operation led to massive retailer breaches

Report indicates KAPTOXA operation led to massive retailer breaches

The operation that likely led to the infection of Target's point-of-sale systems is known as KAPTOXA, according to a release by iSIGHT Partners.

Researchers discover a point-of-sale malware written in VBScript

Researchers with cyber intelligence company IntelCrawler have identified a new point-of-sale (POS) malware, known as 'Decebal,' available for purchase on underground forums.

Apple to refund $32.5 million after kids rack up app charges without adult consent

The refund was agreed upon under a Federal Trade Commission (FTC) settlement.

Neiman Marcus CEO says PIN data not accessed in card breach

Neiman Marcus CEO says PIN data not accessed in card breach

Malware found on the payment systems of Neiman Marcus led to the compromise of card data for an undisclosed number of shoppers, but PIN data is not at risk because the retailer does not use PIN pads in its stores.

Complaint filed against Neiman Marcus, slams breach response

A class-action complaint was filed against Neiman Marcus in the Eastern District of New York on Monday, just days after the major retailer announced that an undisclosed number of payment cards may have been stolen in a breach.

After Neiman Marcus, Target breaches, experts speak to bull's-eye on retailers' backs

High-end retailer Neiman Marcus is now added to the list of major retailers confirming credit card breaches.

Target CEO confirms malware on POS machines, talks chip cards

Target CEO confirms malware on POS machines, talks chip cards

Target CEO Gregg Steinhafel confirmed in a CNBC interview on Monday that malware introduced on point-of-sale devices is what enabled thieves to steal 40 million cards and other personal information.

Overstock.com begins accepting Bitcoin as payment

On Thursday, the online retailer began accepting the popular digital currency.

Separate info on 70M stolen in Target breach

Separate info on 70M stolen in Target breach

In addition to an earlier revelation that 40M cards were pilfered, the PII of up to 70 million individuals was also stolen, according to a Friday statement by Target.

Hackers seek to decrypt PIN codes likely stolen in Target breach

Hackers seek to decrypt PIN codes likely stolen in Target breach

A group of individuals communicating in underground forums are attempting to decrypt a 50GB dump of Triple DES encrypted PIN numbers believed to have been acquired in the massive 2013 attack on retail giant Target.

Delta Air Lines website glitch lets flyers nab extra low fares

Due to the glitch, some travelers were able to purchase $400 flights for $48 or less.

In light of Target breach, senators push for hearing on consumer data security

Three senators have asked that a congressional hearing on consumer data security be held as soon as possible.

Card fraud hitting Boston convention groups linked to restaurant chain breach

The Briar Group confirmed that its systems were breached between October and November.

A Target payment processor denies being impacted in 40M card breach

A payment processor that handles transactions for Target denied being impacted in an attack on the retail giant's point-of-sale devices.

Exploit of eBay site flaw could allow account takeover

Exploit of eBay site flaw could allow account takeover

According to a UK researcher, eBay's site has remained vulnerable to cross-site request forgery (CSRF) attacks for several months.

Cards pilfered in Target breach for sale in underground markets

Cards pilfered in Target breach for sale in underground markets

Credit and debit cards and CVV codes stolen by hackers in the holiday Target breach have begun showing up in underground marketplaces.

Experts discuss implications of massive Target breach

Retail giant Target has yet to announce exactly how attackers compromised its point-of-sale devices, but researchers and security experts have already begun weighing in on the implications of such a colossal breach.

POS attack enabled hackers to steal 40M card numbers from Target, researchers say

POS attack enabled hackers to steal 40M card numbers from Target, researchers say

The retailer announced that it had become the target of a more than two-week-long attack that may have compromised 40 million credit and debit cards.

Malicious DLL targets e-commerce sites for customer credit card data

The malware, dubbed "ISN," is masked as a module for Microsoft Internet Information Services (IIS) web-hosting software, Trustwave found.

POS botnet discovered using Dexter variant

The botnet is reportedly behind the compromise of more than 20,000 payment cards in recent months.

Funds of RBS customers unavailable during Cyber Monday glitch

The system crash reportedly kept bank customers from withdrawing money from ATMs and from carrying out mobile and online transactions.

PCI council publishes updated payment security standards

Version 3.0 of the PCI Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS) became available today.

Glitch caused Walmart website to display jaw dropping deals

On Wednesday morning, the website showcased items, normally priced for hundreds of dollars, at around $10 to $20.

First P2P encryption solution gets PCI council seal of approval

So far, one solution, developed by European Payment Services, has been verified under PCI security standards for point-to-point encryption (P2PE) hardware.

On Cyber Monday, downed sites cost merchants $500K per hour, study finds

"The 2013 eCommerce Cyber Crime Report" weighed the business loss incurred by holiday cyber attacks.

Scammers bug Nordstrom registers with $40 devices to skim card data

Scammers bug Nordstrom registers with $40 devices to skim card data

Fraudsters boldly entered the store to plant skimming devices.

In Barnes & Noble skimming case, federal judge dismisses plaintiffs' class-action suit

In Barnes & Noble skimming case, federal judge dismisses plaintiffs' class-action suit

According to a federal judge in Illinois, the plaintiffs failed to demonstrate loss or injury as a result of increased risk of identity theft, invasion of privacy and other claims.

FTC cracks down on seller that left in-home security cameras exposed to hack

The case hinges on a 2012 breach where the live video feeds of nearly 700 web-connected cameras were made available online.

Insurer to Schnucks: We won't pay for lawsuits related to your breach

Liberty Mutual, the insurer for St. Louis-based Schnucks, said the supermarket chain's general liability policy wasn't designed to absorb costs associated with data breach lawsuits and related claims.

PCI Council previews changes to data security standards

PCI Council previews changes to data security standards

The council released a highlight of potential new requirements and guidance to the PCI Data Security Standard and Payment Application Data Security Standard, both due out in November.

Hackers breach US Airways to steal frequent flyer miles

US Airways reported Aug. 2 that an unauthorized user gained access to a small number of Dividend Miles accounts. It was the second reported breach in under a month for the airline.

US Airways employees notified of potential data compromise

US Airways employees notified of potential data compromise

A programming error experienced by the payroll vendor for US Airways may have allowed employees to see wage information belonging to their colleagues.

Class-action filed against convenience store over breach

Mapco Express suffered a credit card breach in March and April after hackers infected its systems with malware.

Credit card breach strikes Roy's Restaurants in Hawaii

Customers that used their credit and debit cards during the month of February may have had their data exposed.

Not enough data education within Canada corporations

More than half of C-level executives surveyed in large Canadian companies do not educate employees about data security, storage and destruction.

FDA seizes $41M in drugs after shuttering pharmacy spam sites

Between June and July, the U.S. Food and Drug Administration shut down 1,677 pharmacies it says were operating illegally.

Store opening: Retail malware

Store opening: Retail malware

Technological vulnerability and valuable data make retailers the latest target for malware attacks, says Jenny Craig CIO Abe Lietz. Karen Epper Hoffman investigates.

Hackers invade Raley's grocery chain

The supermarket chain, which has more than 120 stores, primarily in California, was targeted by online intruders.

Another Subway hacker pleads guilty

Another Subway hacker pleads guilty

Adrian-Tiberiu Oprea, a Romanian man, admitted that he helped steal payment card data from hundreds of U.S.-based point-of-sale (POS) systems at the sandwich chain.

Convenience store operator discloses payment card breach

Mapco disclosed this week that hackers compromised its payment card processing systems to steal credit and debit card information belonging to an unknown number of customers.

Schnucks supermarket chain discloses breach that stole 2.4 million credit card numbers

Schnucks supermarket chain discloses breach that stole 2.4 million credit card numbers

The numbers corresponded to cards used by shoppers at 79 of 100 Schnucks Markets locations in the Midwest. The attacks may have persisted as long as four months, from last December through March 29.

VSkimmer trojan steals card data on point-of-sale systems

VSkimmer trojan steals card data on point-of-sale systems

The trojan was recently a topic of discussion on an underground Russian forum, researchers found.

PCI council clarifies merchant's cloud security obligations

The Payment Card Industry Security Standards Council (PCI SSC) released recommendations for card data security and compliance in cloud environments.

Customer service in a network security world

How can we provide the customers with outstanding customer support to complement our products?

Hackers raid systems at 100 fast-food restaurants

Zaxby's, a Georgia-based restaurant chain, said the credit and debit card information of customers at locations in 10 states may have been accessed by fraudsters.

Subway restaurant hacker sentenced to 21 months

Cezar Butu received the penalty after admitting that he helped infiltrate the credit card processing systems of more than 150 Subway restaurants in 2011.

PCI council issues guidance to help meet risk assessment piece

The PCI Security Standards Council, the body that manages payment security industries guidelines, on Friday released a methodology for meeting a risk management requirement included in the standard.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US