Wendy's finds malware at some locations

Wendy's finds malware at some locations

Wendy's found malware on the systems at some restaurants under investigation after unusual activity was reported on customers' payment card accounts.

Hackers attack 20M accounts of Alibaba e-commerce unit

Hackers attack 20M accounts of Alibaba e-commerce unit

A group of hackers tried to access active accounts belonging to more than 20 million users of Taobao, Alibaba Group Holding Ltd.'s e-commerce unit.

Update: eBay 'cesspit' has 'no plans' to fix severe vulnerability

Update: eBay 'cesspit' has 'no plans' to fix severe vulnerability

Though a large vulnerability was discovered in eBay's global sales platform, the company has 'no plans' to fix the active code exploit.

Landry's concludes breach probe, lists affected locations and attack timeframes

Landry's concludes breach probe, lists affected locations and attack timeframes

Landry's Inc., the dining and hospitality chain operator that discovered a long-running data breach in December, said it has completed its internal investigation into the incident, and has fortified its point-of-sale operations with encryption technology to prevent future cyberattacks.

Unauthorized access leads to Neiman Marcus Group breach, 5,200 affected

Neiman Marcus Group (NMG) reported that someone gained unauthorized access to thousands of online customer accounts.

Data Privacy Day: Chip card adoption growing, but problems linger

Data Privacy Day: Chip card adoption growing, but problems linger

The roll out of the EMV cards last fall was expected to bring a new level of data security to American consumers and retailers, but depending upon whom one speaks the cards have either been a boon or a bust.

Industry pros concerned with AWS free cert offering

Industry pros concerned with AWS free cert offering

Amazon Web Services said it would offer free certificates to help companies automate use of TLS/SSL cryptographic protocols.

Ransomware and POS attackers to zero in on small businesses, retailers

Ransomware and POS attackers to zero in on small businesses, retailers

Small businesses and retailers should expect cybercriminals to pay extra attention to them in the coming months with ransomware and point of sale attacks becoming even more common.

New type of PayPal spam discovered

New type of PayPal spam discovered

Security researcher Troy Hunt has come across a new type of spam - $0 invoices from PayPal accounts.

Landry's investigates a potential POS attack

Landry's investigates a potential POS attack

The restaurant and hospitality company Landry's is reporting that some of its customers have had unauthorized charges placed on their payment cards after they were used at a Landry's establishment.

Walgreens, Target shopping apps can expose customer data

Walgreens, Target shopping apps can expose customer data

Santa may know if you have been naught or nice, but that's nothing compared to the amount of information Walgreens and Target collects from its shopping app users.

Global efforts take down 37,000 websites selling counterfeit goods

Global efforts take down 37,000 websites selling counterfeit goods

In an effort by global law enforcement, over 37,000 websites selling counterfeit goods have been shut down during the time leading up to the Black Friday/Cyber Monday weekend.

It isn't over .... Adele fans' security breached

It isn't over .... Adele fans' security breached

Some fans buying tickets for Adele's European tour were shocked to see the payment details and addresses from other people's shopping baskets other than their own while attempting to check out.

Walmart partnered with Lockheed Martin, FBI for employee surveillance

Walmart partnered with Lockheed Martin, FBI for employee surveillance

Walmart partnered with Lockheed Martin and FBI to monitor employee protests between 2012 and 2013

'Tis the season for holiday shopping scams

'Tis the season for holiday shopping scams

With Black Friday here and shoppers using every online method available to find the best deals, Cisco Talos Security Intelligence and Research Group warned shoppers that cybercriminals will also be out in force this holiday season.

Researchers identify stealth malware targeting POS systems since at least 2013

Researchers identify stealth malware targeting POS systems since at least 2013

Security researchers at cyber threat intelligence company iSight Partners identified malware - called ModPOS - that targets retail point-of-sale systems.

Banks warn Apple Pay users against storing family members' fingerprints on iPhones

Banks warn Apple Pay users against storing family members' fingerprints on iPhones

Banks are warning Apple Pay users against storing other people's fingerprints on their iPhones, with a threat that would void terms & conditions agreements.

Maine's Yellowfront Grocery hit by breach, other stores may be affected

Yellowfront Grocery in Damariscotta, Maine, notified its customers via Facebook that it had experienced a POS breach.

Hacking group stole credit card data of 150K casino customers

Hacking group stole credit card data of 150K casino customers

The personal information of 150,000 customers of an as-yet-unnamed casino was compromised following an incursion by the "Fin5" hacking group.

Credit card numbers compromised in America's Thrift Store data breach

Credit card numbers compromised in America's Thrift Store data breach

America's Thrift Stores reported a breach that compromised credit card information for an unknown number of its customers who shopped at the 18-store chain in September 2015.

Devaluing data: Payment card data

Devaluing data: Payment card data

Payment card breaches continue to plague retail and online operations here in the United States, while in Europe and many Asian countries the situation is less a concern owing primarily to the use there of chip cards rather than the magnetic stripe technology ingrained into U.S. operations.

Researchers say SHA-1 will soon be broken, urge migration to SHA-2

Researchers say SHA-1 will soon be broken, urge migration to SHA-2

In as little as three short months, the SHA-1 internet security standard used for digital signatures and set to be phased out by January 2017, could be broken by motivated hackers, a team of international researchers found, prompting security specialists to call for a ramping up of the migration to SHA-2.

FBI: chip cards not 100% invulnerable to hackers

FBI: chip cards not 100% invulnerable to hackers

The Federal Bureau of Investigation, (FBI) issued a warning yesterday to consumers stating that their newly-issued EMV, or chip, credit card is still vulnerable.

Home Depot breach costs expected to reach billions

Home Depot breach costs expected to reach billions

Owing to a slew of lawsuits filed by banks and credit unions, the expected cost to Home Depot for a cyber intrusion may reach into the billions.

Credit card security takes a step forward today with EMV cards

Credit card security takes a step forward today with EMV cards

Chip, or EMV, credit cards usage will become the retail standard as of today, but whether or not this high-tech payment method will improve security is still being debated between the retail and credit card industries.

At HP, Fiorina supplied NSA with surveillance material

At HP, Fiorina supplied NSA with surveillance material

Truckloads of HP servers were delivered to federal officials for a warrantless surveillance program codenamed "Stellar Wind."

Uber attempting to reset stolen customer passwords

Uber attempting to reset stolen customer passwords

Uber is attempting to squash the use of hacked customer accounts that have most likely been sold on the dark web and are currently being used in China.

Flaws fixed on Starbucks site that put accounts at risk

Flaws fixed on Starbucks site that put accounts at risk

Three flaws on Starbucks' website put customers' banking details at risk.

Mitigation available for flaw in building automation system

Mitigation available for flaw in building automation system

Schneider Electric released updated firmware to patch a remotely exploitable vulnerability for its StruxureWare Building Expert building automation system.

Customer data possibly compromised in online photo store malware attack

Customer data possibly compromised in online photo store malware attack

PNI Digital Media, CVS and Costco are warning their online photo customers that some personal information may have been compromised following a malware attack on the system in July.

Law firms file for class-action status in Target suit

Law firms file for class-action status in Target suit

Eleven law firms filed with a Minnesota court this past week to ask for class-action certification over Target's 2013 data breach.

SEC will not fine Target in aftermath of 2013 breach

SEC will not fine Target in aftermath of 2013 breach

The Securities and Exchange Commission will not penalize Target Corp. for a cyberattack two years ago in which credit card and other personal information of millions of customers was exposed.

Target settles with Visa following 2013 breach

Target will fork over as much as $67 million to banks issuing Visa cards and $10 million to customers who were affected in its 2013 breach.

Hacked, shuttered online photo print centers could prove costly to consumers, retailers

Hacked, shuttered online photo print centers could prove costly to consumers, retailers

As six major retailers spanning the U.S., Canada and the U.K. enter the second month of having their online photo print operations shuttered by hackers, industry analysts say the damage to consumers and the retailers could be significant in both data and dollars.

Imperva appoints Geraldine Elliot to board of directors

Imperva appoints Geraldine Elliot to board of directors

Geraldine "Gerri" Elliot was appointed by the cyber security solutions firm Impeva to the company's board of directors.

Square: Our card reader security software prevents hacks

Square: Our card reader security software prevents hacks

Square countered the claim of three Boston University graduates that its reader can be quickly and easily converted into a credit card skimmer.

Tripwire uncovers smart home hub zero-day vulnerabilities

Three top-selling smart home hubs on Amazon have zero-day vulnerabilities that could allow an outsider entry into the user's home, Tripwire reported.

Federal Reserve's Powell concerned about security of chip and signature

Federal Reserve's Powell concerned about security of chip and signature

Speaking at a Federal Reserve Bank of Kansas City conference, Jerome Powell called EMV card deployment a step forward but questioned the security of cards that use signatures, not PINs, for authentication.

Visa, FireEye team to help retailers, issuers fight cyber attacks

Visa and FireEye formed a partnership aimed at helping merchants and card issuers access threat intelligence and combat cyber attacks.

Report: MasterCard's biggest card issuers rebuffed Target breach deal

The Wall Street Journal reports that some of MasterCard's biggest issuers refused to back the breach settlement.

The long and winding road: EMV adoption

The long and winding road: EMV adoption

Swapping out magnetic stripe payment cards for those equipped with computer chips is no small task, reports Karen Epper Hoffman.

Information sharing at work

Information sharing at work

There's been quite a bit of lip service paid to the ages-old concept of information sharing, says Illena Armstrong, VP, editorial, SC Magazine..

Report: $19M breach settlement between MasterCard, Target terminated

Report: $19M breach settlement between MasterCard, Target terminated

A federal judge recently denied banks' motion to block the settlement, but now the deal has been nixed for different reasons.

Hackers exploit Starbucks auto-reload feature to steal from customers

Hackers exploit Starbucks auto-reload feature to steal from customers

Starbucks customers say auto-reload feature is being used to steal from their linked credit cards and bank accounts.

POS threat 'Punkey' allows additional malware download for greater access

POS threat 'Punkey' allows additional malware download for greater access

Trustwave also found that the Punkey threat family and NewPosThings share the same code base.

FighterPOS malware strikes over 100 terminals in Brazil, captures info for 22K cards

FighterPOS malware strikes over 100 terminals in Brazil, captures info for 22K cards

Trend Micro warns that the threat could spread, as the sole perpetrator of the attacks is selling the malware.

'NewPosThings' malware evolves, malicious traffic traced to airports

'NewPosThings' malware evolves, malicious traffic traced to airports

Trend Micro believes that point-of-sale malware attackers will increasingly target travelers.

PCI Council updates penetration testing guidance for merchants

A recent Verizon study found that regular testing of security systems was a compliance weak point for merchants.

Verizon: PCI requirement to test security systems a compliance weak point for orgs

Verizon: PCI requirement to test security systems a compliance weak point for orgs

The percentage of companies compliant with PCI DSS Requirement 11 dropped to 33 percent last year, a Verizon report found.

Study: Fraud losses drop by $2 billion in 2014

Study: Fraud losses drop by $2 billion in 2014

A new study from Javelin Strategy & Research has found that both the fraud rate and the amount of money lost to fraud decreased this year.

Attempts made to access Toys"R"Us reward program profiles

Unnamed attackers attempted to gain access to some Toys"R"Us reward program profile in January, prompting the company to send email notifications and request users change their passwords.

Report: Target hackers steal card data from another parking company

Brian Krebs uncovered that a third parking service has been targeted by the same cybercriminals that hit Target and Home Depot.

Judge gives Home Depot till July to respond to class-action lawsuit allegations

A Georgia judge ordered Home Depot respond to class-action lawsuit allegations surrounding the retailer's major data breach this past summer by July 2015.

Contending with online thieves and fraudsters

As we all gear up for the holidays with plans to purchase any number of items online, cyberthieves too are gearing up with more and more creative ways to steal money, credentials and critical data from any number of organizations.

Asprox spammers use timely, but malicious, emails to trick holiday shoppers

Phishing emails are made to look like order confirmations from major retailers, like Best Buy, Target and Walmart, security firm Malcovery warns.

Credit unions urge Congress to enforce security standards for retailers

The National Association of Federal Credit Unions is asking Congress to establish national data breach and notification standards for retailers.

DHS, FBI sound alert on holiday cyber scams

The FBI and Homeland Security's US-CERT team have both warned that online scams, taking advantage of the holiday shopping frenzy, will be plentiful this season.

Backoff infections spike 33 percent at Q4 start, more variants surface

Damballa observed the spike in infections, which followed a Backoff peak in Q3.

Report: Dutch gov't OKs Drinkman extradition to U.S.

Vladimir Drinkman, who was charged for his involvement in the Heartland breach, is currently in the Netherlands.

Affected by breaches, consumers ready for more intensive security measures

Affected by breaches, consumers ready for more intensive security measures

A new study found that consumers are becoming more aware of security procedures at retailers after breaches have dominated this year's news cycle.

New version of Backoff detected, malware variant dubbed 'ROM'

New version of Backoff detected, malware variant dubbed 'ROM'

Researchers at Fortinet detailed the new variant on Monday, and urged businesses to keep their AV up to date.

A balancing act: Apple technology

A balancing act: Apple technology

Apple's iPhone 6 and iOS 8 offer encryption for mobile users, but a focus on consumers can create security conundrums, reports Lee Sustar.

PCI publishes guidance on security awareness programs

PCI publishes guidance on security awareness programs

The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.

ADDING RELATIONSHIP MANAGEMENT TO IDENTITY: A must for Customer-Centric companies

We're in the age of the customer. Empowered buyers are demanding a new level of customer obsession, and bring-your-own-everything is accelerating.

Canadian launches $500m class action against Home Depot

A Canadian is leading a $500 million class-action lawsuit against Home Depot following its data breach in which up to 56 million US and Canadian credit cards were stolen.

Suspected POS hacker Seleznev faces slew of new charges

Roman Seleznev is now charged in a 40-count indictment brought by a federal grand jury in Seattle.

Cash is king...for now

Cash is king...for now

A slide of a card at a POS system sure is convenient, but given last year's Target data theft and recent headlines about the Home Depot breach, some are questioning the safety of transactions.

Addressing attacks on critical infrastructure

Just recently we witnessed the U.S. House of Representative pass two bills aimed at bolstering the security operations of the nation's critical infrastructure.

Cyber thieves are ready for the holiday shopping season: are you?

Retail organizations have long been the target of financially-motivated crime. According to Verizon, 92% of the retail breaches they've studied were committed by external actors.

PCI Council holds North America community meeting, new GM Orfei speaks

PCI Council holds North America community meeting, new GM Orfei speaks

The PCI Security Standards Council's new general manager Stephen Orfei spoke at the Florida community meeting.

Home Depot: breach risks 56M payment cards, 'unique' malware used

Home Depot confirmed that approximately 56 million payment cards may have been compromised as result of a malware attack.

eBay addresses XSS issue affecting auction page visitors

Due to the flaw, iPhone bidders were vulnerable to being redirected to a phishing page.

Researcher challenges reports that BlackPOS variant struck Home Depot

Nuix believes the malware found on Home Depot's systems belongs to a different threat family.

PCI Council updates skimming prevention guidance

PCI Council updates skimming prevention guidance

On Wednesday, PCI SSC updated its card skimming prevention guidance for the first time in five years.

BlackPOS malware that struck Target also linked to Home Depot breach, report says

BlackPOS malware that struck Target also linked to Home Depot breach, report says

The same malware that reportedly struck Target also hit Home Depot's POS systems, a new report from Brian Krebs reveals.

PCI Council urges retailers to defend against Backoff POS attacks

The warning comes soon after the Secret Service and DHS issues a warning on the threat.

Calif. passes law requiring smartphone kill switch technology

Starting July 2015, all smartphones sold in the state must come with the anti-theft technology.

New variants of POS malware 'Backoff' found as infections expand

New variants of POS malware 'Backoff' found as infections expand

The Secret Service said that over 1,000 U.S. businesses have been infected with the malware.

PCI council releases third-party security assurance guidance

PCI council releases third-party security assurance guidance

The guidance is meant to help merchants and third parties better understand their roles and responsibilities in the payment security ecosystem.

PCI council's Bob Russo to retire, new general manager named

The PCI Security Standards Council General Manager Bob Russo will retire at year's end; Stephen W. Orfei will take the helm in September.

P.F. Chang's investigates breach, shifts to manual payment card imprinting

P.F. Chang's investigates breach, shifts to manual payment card imprinting

While P.F. Chang's investigates a breach, it has shifted to manual payment card imprinting, suggesting that point-of-sale devices may have been compromised.

Home Depot staffer fired, tapped 30,000 accounts, shared card data

A former Home Depot employee was fired and is being prosecuted for accessing customer account information and distributing card data.

Over 140 Target breach lawsuits consolidated in Minn.

It is still unclear whether the lawsuits will gain class-action status, putting potential claimants in the millions.

Target leadership changes continue with resignation of CEO

Target leadership changes continue with resignation of CEO

On Monday, Target CEO and Chairman Gregg Steinhafel announced that he was stepping down from his position.

Study: Post-breach, 30 percent of consumers would take business elsewhere

Study: Post-breach, 30 percent of consumers would take business elsewhere

A new study weighs the collateral damage from data breaches hitting businesses.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

POS malware risks millions of payment cards for Michaels, Aaron Brothers shoppers

POS malware risks millions of payment cards for Michaels, Aaron Brothers shoppers

An investigation dating back to January has finally confirmed that malware on point-of-sale systems may have compromised payment card data for millions of Michaels Stores and Aaron Brothers customers.

Report: Neiman Marcus breach work of Russian hackers who targeted Heartland

Report: Neiman Marcus breach work of Russian hackers who targeted Heartland

The group being implicated has stolen over 160 million card numbers over the years by hacking organizations, including Heartland Payment Systems, Visa and 7-Eleven.

Banks file class-action against Target and Trustwave over massive breach

Banks file class-action against Target and Trustwave over massive breach

Banks impacted by the Target data breach have banded together to file a class-action against the retail giant, as well as against security firm Trustwave.

Sally Beauty changes tune, says customer data was accessed in breach

Sally Beauty changes tune, says customer data was accessed in breach

After claiming it saw no evidence that payment card data was taken in a breach, the chain now says fewer than 25,000 records were "illegally accessed."

Target did not respond to FireEye security alerts prior to breach, according to report

Target did not respond to FireEye security alerts prior to breach, according to report

Prior to its massive breach, Target seems not to have responded to multiple alerts from security company FireEye involving suspicious activity on the retailer's network.

Sally Beauty investigates breach, no evidence of stolen payment cards

An attempted intrusion is still being investigated, but Texas-based Sally Beauty has no evidence to suggest that 282,000 payment cards found in an online underground crime market were pilfered from the worldwide retailer.

Online safety for kids of all ages

Online safety for kids of all ages

In the aftermath of the Target breach, there is a huge need for all the people who are engaging with technology to understand more about cyber threats and ways they can account for these before and after something goes down.

Firm detects Zeus variant targeting POS terminals

Firm detects Zeus variant targeting POS terminals

The malware is based on the leaked code of Zeus and RAM-scraping malware.

Trade groups from finance, retail sectors team for security initiative

The associations will explore options for improved information sharing and implementation of card security technology.

Target vendor, Fazio Mechanical, confirms being victim of attack

Target vendor, Fazio Mechanical, confirms being victim of attack

Target announced last week that hackers compromised its systems using credentials stolen from a third party vendor and, on Thursday, Fazio Mechanical confirmed that it was the victim of an attack.

Retailers testify before Senate Judiciary Committee, push chip cards

Executives with Target and Neiman Marcus were among the individuals who testified before the Senate Judiciary Committee on Tuesday.

White Lodging investigates suspected nine-month-long POS attack

White Lodging Services Corporation is investigating a suspected breach of its point-of-sale systems, the Indiana-based hotel management company announced on Monday.

Dozens of U.S. retailers impacted in global POS malware campaign

A worldwide point-of-sale malware operation involving a relatively new trojan - called ChewBacca - has impacted dozens of retailers in the U.S., according to RSA researchers.

Hackers accessed Target systems using stolen vendor credentials

Stolen vendor credentials is what led to a massive malware attack on Target's point-of-sale machines, ultimately resulting in the theft of 40 million payment cards, among other information.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US