Dridex on the loose again, this time in Switzerland

Dridex on the loose again, this time in Switzerland

The meteoric rise of Locky ransomware has not completely supplanted the distribution of the notorious Dridex malware.

After the breach: Settlement expected for 50M Home Depot customers

After the breach: Settlement expected for 50M Home Depot customers

A settlement is brewing between The Home Depot and 50 million customers whose personally identifiable information was compromised in a hack in 2014.

Unwanted guests: Hackers breach HEI Hotels & Resorts' POS terminals

Unwanted guests: Hackers breach HEI Hotels & Resorts' POS terminals

In the latest data breach impacting the hospitality industry, cybercriminals installed malware in the point-of-sale systems of HEI Hotels & Resorts and checked out with customer data that likely includes payment card information.

Research firm finds MICROS hackers infected more POS vendors

Research firm finds MICROS hackers infected more POS vendors

Fresh off the discovery that hackers compromised the customer support portal for Oracle's MICROS point-of-sale systems, a new shocking report surfaced, revealing that at least five more POS vendors were similarly breached.

Klimpton Hotel chain investigating possible breach

Klimpton Hotel chain investigating possible breach

Klimpton Hotels and Restaurants advised guests of a possible breach.

Point-of-sale experts bypass security measures in popular PIN pad, including EMV protections

Point-of-sale experts bypass security measures in popular PIN pad, including EMV protections

After physically demonstrating how to hijack retail point-of-sale transactions - including those using EMV-standard chip cards - two security experts from NCR Corporation offered attendees at Black Hat critical tips on preventing such incidents in real life.

1.5M downloaded fake app Prisma from Google Play

1.5M downloaded fake app Prisma from Google Play

A number of phony apps, masquerading as the popular photo-editing app Prisma, have been removed from the Google Play Store, but not before 1.5 million users downloaded the Android version

POS-terminals become target of cyber-attacks in Russia this year

POS-terminals become target of cyber-attacks in Russia this year

POS-terminals have increasingly become a target for cyber-attackers in Russia, posing a threat to ordinary buyers and shoppers, according to analysts of FinCERT

Russian web hub Deer.io offering stolen goods and exploit services, report

Russian web hub Deer.io offering stolen goods and exploit services, report

A robust underground marketplace for the sale of stolen products from compromised accounts as well as shady online services has been detected in Russia.

Cicis Pizza delivers the bad news, confirms breach at 138 locations

Cicis Pizza delivers the bad news, confirms breach at 138 locations

Cicis Pizza has officially acknowledged a payment card data breach in 138 of its restaurant locations, after reports of a point-of-sale malware attack first came to light last month.

Hackers compromising checkout process on retail sites, redirecting shoppers to phishing page

Hackers compromising checkout process on retail sites, redirecting shoppers to phishing page

Researchers at Sucuri has uncovered a sampling of novel e-commerce attacks that combine the classic duplicity of phishing schemes with the insidiousness of malicious webpage redirects.

Malware on Omni Hotel POS systems scarfed payment card info

Malware on Omni Hotel POS systems scarfed payment card info

Omni Hotels & Resorts said guests had to physically present payment cards at one of its affected POS systems to be affected by malware stealing payment card information during a six-month period.

Wendy's revises data breach figures; over 1K locations compromised by POS malware

Wendy's revises data breach figures; over 1K locations compromised by POS malware

Wendy's yesterday identified over 1,000 U.S. franchised locations that were affected by two variants of point-of-sale malware discovered earlier this year.

Spike in cyberattacks expected to exploit upcoming Olympics, report

Spike in cyberattacks expected to exploit upcoming Olympics, report

An Israel-based security firm has issued a warning to fans of the upcoming Olympics to be wary of phony offers.

Clinton pledges tech evolution

Clinton pledges tech evolution

Democratic presidential hopeful Hillary Clinton called for administrative reform to help bring the U.S. copyright system into the digital age.

Air India frequent flier miles hacked

Air India frequent flier miles hacked

Unidentified individuals hacked into the loyalty program of at least 20 accounts at Air India to steal nearly $24,000 worth of frequent flier miles.

Twitter, HealthCare.gov top annual list of most trustworthy websites

Twitter, HealthCare.gov top annual list of most trustworthy websites

At one time ridiculed over lax cybersecurity, the federal health insurance exchange site HealthCare.gov scored second-highest out of approximately 1,000 websites in the Online Trust Alliance's eighth annual Trust Audit and Honor Roll.

Wendy's POS breach 'considerably' bigger than first thought

Wendy's POS breach 'considerably' bigger than first thought

Even more fast-food patrons may have a beef with The Wendy's Company, after the restaurant chain announced yesterday that the number of restaurants affected by a POS data breach may be "considerably higher" than first thought.

Consumers taking their business elsewhere after a hack, Centrify survey

Consumers taking their business elsewhere after a hack, Centrify survey

A new study examines consumer attitudes toward corporate hacking and companies should take heed.

Finish Line leverages IT auditing service to secure increase in cyber budget

Finish Line leverages IT auditing service to secure increase in cyber budget

In the perennial corporate tug-of-war over budget, Finish Line's director of security and compliance Cory Deeter recently relied on an independent security assessment service to influence upper-level executives to increase funding for cybersecurity initiatives.

FastPOS malware instantly delivers stolen credit card data

FastPOS malware instantly delivers stolen credit card data

Cybercriminals must be feeling the need for speed by brewing up a new point-of-sale (POS) malware family called FastPOS that is much faster at snatching and disseminating stolen credit card information.

New Locky ransomware campaign sets sights on Amazon customers

New Locky ransomware campaign sets sights on Amazon customers

Amazon customers are the target of a wide-ranging phishing email scam intended to fool recipients into opening up a malicious attachment that results in the downloading of Locky ransomware.

Flaws on Visa's HTTPS-protected sites allow hackers to insert JavaScript code

Flaws on Visa's HTTPS-protected sites allow hackers to insert JavaScript code

Vulnerabilities allow attackers to use an exploit known as the "forbidden attack," affecting dozens of Visa Inc.'s HTTPS-protected websites.

APWG report: Phishing surges by 250 percent in Q1 2016

APWG report: Phishing surges by 250 percent in Q1 2016

The Anti-Phishing Working Group observed more phishing attacks in the first quarter of 2016 than in any other three-month span since it began tracking data in 2004, according to the anti-cybercrime coalition.

Magento flaw allowed hackers to execute code using APIs

Magento flaw allowed hackers to execute code using APIs

Magento released a patch for a critical vulnerability that allowed unauthenticated users to execute PHP code remotely on the server using APIs.

NTIA study: Security threats deter online activities like making purchases and banking

NTIA study: Security threats deter online activities like making purchases and banking

A new government survey shows that U.S. households are growing averse to even the most routine online transactions, due to cyberattacks imperiling users' finances, identities and privacy.

DHS issues alert over old SAP vulnerability after 36 organizations infiltrated

DHS issues alert over old SAP vulnerability after 36 organizations infiltrated

The DHS yesterday issued its first-ever US-CERT security alert pertaining to the active exploit of an SAP application, after a security vendor determined 36 organizations were infiltrated via an SAP vulnerability that was disclosed over five years ago.

300 Wendy's restaurants affected by POS malware attack earlier this year

300 Wendy's restaurants affected by POS malware attack earlier this year

An investigation into a point-of-sale malware attack discovered earlier this year found 300 of the chain's 5,500 locations were impacted.

Kroger warns past, present employees of possible compromise after Equifax W-2Express breach

Kroger alerted current and former employees this week that their data - including Social Security numbers and birth dates - may have been compromised as a result of a breach at Equifax's W-2Express website.

First Choice Credit Union files class-action suit against Wendy's over breach

First Choice Credit Union files class-action suit against Wendy's over breach

Claiming that Wendy's didn't properly protect data, First Choice Credit Union filed a class action lawsuit against the retailer over a breach experienced last year.

PCI DSS version 3.2 release extends multifactor authentication requirement

PCI DSS version 3.2 release extends multifactor authentication requirement

The PCI Data Security Standard version 3.2 released Thursday not only includes new requirements to safeguard payment data, including multifactor authentication.

Online scammers entice wannabe mystery shoppers to disclose personal data

Online scammers entice wannabe mystery shoppers to disclose personal data

Beware of fake mystery shopper scams, a new McAfee Labs consumer alert warned.

'Multigrain' variant of POS malware crops up; uses DNS tunneling to steal data

'Multigrain' variant of POS malware crops up; uses DNS tunneling to steal data

A variant of the POS malware family known as NewPosThings, called Multigrain, has introduced a twist into its repertoire—exfiltrating stolen payment card data from POS systems via the Domain Name System (DNS).

DōTERRA breach exposes customer info; including SS, DOB, and addresses

DōTERRA breach exposes customer info; including SS, DOB, and addresses

DōTERRA International notified the State of California's Attorney General's office that personal information of its customers and wholesale members, or "Wellness Advocates," was breached.

Stolen laptop puts data of CVS customers in Alabama at risk

Stolen laptop puts data of CVS customers in Alabama at risk

The personal information of an undisclosed number of CVS customers in Calera, Ala., is at risk after a laptop was stolen from one of its vendors.

Research: Over 6,000 data breaches in key industry sectors since 2005

Research: Over 6,000 data breaches in key industry sectors since 2005

The Identity Theft Resource Center (ITRC) and IDT911 said that to date, the financial services, business, education, government and healthcare industrial sectors have experienced over 6,000 data breaches since 2005.

Worldpay merchant portal allowed merchants to view customer card data

Worldpay merchant portal allowed merchants to view customer card data

Worldpay's electronic payment gateway setup pages offer poor security seals on credit card details, according to a security researcher.

UPDATE: Nest disables smart home device, triggers IoT security concerns

UPDATE: Nest disables smart home device, triggers IoT security concerns

Nest will disable its smart home product Revolv on May 15th. Revolv founders Tim Enwall and Mike Soucie will re-focus on building Works with Nest.

Scammers phishing using fake Macy's delivery emails

Scammers phishing using fake Macy's delivery emails

Macy's is reportedly investigating a phishing scam that uses a fake Macy's delivery email notification for what is usually a non-existent order.

Six months in, chipped credit cards gaining acceptance with consumers, retailers

Six months in, chipped credit cards gaining acceptance with consumers, retailers

The six-month anniversary of chipped credit cards is coming up on April 1 and the general consensus in the industry on the rollout is "so far so good."

DHS launches two-way threat sharing system for public-private collaboration

DHS launches two-way threat sharing system for public-private collaboration

The Department of Homeland Security has declared itself officially ready to exchange cybersecurity intelligence with private industries and other organizations using an automated threat-sharing system, under the terms of the Cybersecurity Act of 2015.

FTC orders nine companies to provide details on PCI DSS audit process

FTC orders nine companies to provide details on PCI DSS audit process

The FTC has ordered nine companies to provide information on the way they assess whether retailers and others are in compliance with Payment Card Industry Data Security Standards (PCI DSS).

Kaspersky sees uptick in spam from fake 'Amazon stores'

Kaspersky sees uptick in spam from fake 'Amazon stores'

Kaspersky noticed an increase in fake emails that claim to be from Amazon online stores offering free gifts.

Retailers falling short of earlier predictions on EMV readiness

Retailers falling short of earlier predictions on EMV readiness

A new survey of U.S. payment service providers revealed that approximately 37 percent of retailers were ready to process EMV payments by Feb. 1, 2016.

Fake patch for Magento Shoplift bug steals payment info

Fake patch for Magento Shoplift bug steals payment info

Organizations that haven't updated their Magento sites with the SUPEE-5344 security patch for the Shoplift Bug run the risk of having their sites compromised by wily hackers pitching a fake patch.

Android malware masquerades as AliPay app

Android malware masquerades as AliPay app

An Android malware is masquerading as a security feature for AliPay, a Chinese PayPal-like online payment app.

VTech: You acknowledge that PII "may not be secure"

VTech: You acknowledge that PII "may not be secure"

VTech representatives are struggling to defend new terms and conditions that the electronic toy manufacturer company posted on its corporate website following a massive hack that exposed over 6.3 million accounts.

Wendy's finds malware at some locations

Wendy's finds malware at some locations

Wendy's found malware on the systems at some restaurants under investigation after unusual activity was reported on customers' payment card accounts.

Hackers attack 20M accounts of Alibaba e-commerce unit

Hackers attack 20M accounts of Alibaba e-commerce unit

A group of hackers tried to access active accounts belonging to more than 20 million users of Taobao, Alibaba Group Holding Ltd.'s e-commerce unit.

Update: eBay 'cesspit' has 'no plans' to fix severe vulnerability

Update: eBay 'cesspit' has 'no plans' to fix severe vulnerability

Though a large vulnerability was discovered in eBay's global sales platform, the company has 'no plans' to fix the active code exploit.

Landry's concludes breach probe, lists affected locations and attack timeframes

Landry's concludes breach probe, lists affected locations and attack timeframes

Landry's Inc., the dining and hospitality chain operator that discovered a long-running data breach in December, said it has completed its internal investigation into the incident, and has fortified its point-of-sale operations with encryption technology to prevent future cyberattacks.

Unauthorized access leads to Neiman Marcus Group breach, 5,200 affected

Neiman Marcus Group (NMG) reported that someone gained unauthorized access to thousands of online customer accounts.

Data Privacy Day: Chip card adoption growing, but problems linger

Data Privacy Day: Chip card adoption growing, but problems linger

The roll out of the EMV cards last fall was expected to bring a new level of data security to American consumers and retailers, but depending upon whom one speaks the cards have either been a boon or a bust.

Industry pros concerned with AWS free cert offering

Industry pros concerned with AWS free cert offering

Amazon Web Services said it would offer free certificates to help companies automate use of TLS/SSL cryptographic protocols.

Ransomware and POS attackers to zero in on small businesses, retailers

Ransomware and POS attackers to zero in on small businesses, retailers

Small businesses and retailers should expect cybercriminals to pay extra attention to them in the coming months with ransomware and point of sale attacks becoming even more common.

New type of PayPal spam discovered

New type of PayPal spam discovered

Security researcher Troy Hunt has come across a new type of spam - $0 invoices from PayPal accounts.

Landry's investigates a potential POS attack

Landry's investigates a potential POS attack

The restaurant and hospitality company Landry's is reporting that some of its customers have had unauthorized charges placed on their payment cards after they were used at a Landry's establishment.

Walgreens, Target shopping apps can expose customer data

Walgreens, Target shopping apps can expose customer data

Santa may know if you have been naught or nice, but that's nothing compared to the amount of information Walgreens and Target collects from its shopping app users.

Global efforts take down 37,000 websites selling counterfeit goods

Global efforts take down 37,000 websites selling counterfeit goods

In an effort by global law enforcement, over 37,000 websites selling counterfeit goods have been shut down during the time leading up to the Black Friday/Cyber Monday weekend.

It isn't over .... Adele fans' security breached

It isn't over .... Adele fans' security breached

Some fans buying tickets for Adele's European tour were shocked to see the payment details and addresses from other people's shopping baskets other than their own while attempting to check out.

Walmart partnered with Lockheed Martin, FBI for employee surveillance

Walmart partnered with Lockheed Martin, FBI for employee surveillance

Walmart partnered with Lockheed Martin and FBI to monitor employee protests between 2012 and 2013

'Tis the season for holiday shopping scams

'Tis the season for holiday shopping scams

With Black Friday here and shoppers using every online method available to find the best deals, Cisco Talos Security Intelligence and Research Group warned shoppers that cybercriminals will also be out in force this holiday season.

Researchers identify stealth malware targeting POS systems since at least 2013

Researchers identify stealth malware targeting POS systems since at least 2013

Security researchers at cyber threat intelligence company iSight Partners identified malware - called ModPOS - that targets retail point-of-sale systems.

Banks warn Apple Pay users against storing family members' fingerprints on iPhones

Banks warn Apple Pay users against storing family members' fingerprints on iPhones

Banks are warning Apple Pay users against storing other people's fingerprints on their iPhones, with a threat that would void terms & conditions agreements.

Maine's Yellowfront Grocery hit by breach, other stores may be affected

Yellowfront Grocery in Damariscotta, Maine, notified its customers via Facebook that it had experienced a POS breach.

Hacking group stole credit card data of 150K casino customers

Hacking group stole credit card data of 150K casino customers

The personal information of 150,000 customers of an as-yet-unnamed casino was compromised following an incursion by the "Fin5" hacking group.

Credit card numbers compromised in America's Thrift Store data breach

Credit card numbers compromised in America's Thrift Store data breach

America's Thrift Stores reported a breach that compromised credit card information for an unknown number of its customers who shopped at the 18-store chain in September 2015.

Devaluing data: Payment card data

Devaluing data: Payment card data

Payment card breaches continue to plague retail and online operations here in the United States, while in Europe and many Asian countries the situation is less a concern owing primarily to the use there of chip cards rather than the magnetic stripe technology ingrained into U.S. operations.

Researchers say SHA-1 will soon be broken, urge migration to SHA-2

Researchers say SHA-1 will soon be broken, urge migration to SHA-2

In as little as three short months, the SHA-1 internet security standard used for digital signatures and set to be phased out by January 2017, could be broken by motivated hackers, a team of international researchers found, prompting security specialists to call for a ramping up of the migration to SHA-2.

FBI: chip cards not 100% invulnerable to hackers

FBI: chip cards not 100% invulnerable to hackers

The Federal Bureau of Investigation, (FBI) issued a warning yesterday to consumers stating that their newly-issued EMV, or chip, credit card is still vulnerable.

Home Depot breach costs expected to reach billions

Home Depot breach costs expected to reach billions

Owing to a slew of lawsuits filed by banks and credit unions, the expected cost to Home Depot for a cyber intrusion may reach into the billions.

Credit card security takes a step forward today with EMV cards

Credit card security takes a step forward today with EMV cards

Chip, or EMV, credit cards usage will become the retail standard as of today, but whether or not this high-tech payment method will improve security is still being debated between the retail and credit card industries.

At HP, Fiorina supplied NSA with surveillance material

At HP, Fiorina supplied NSA with surveillance material

Truckloads of HP servers were delivered to federal officials for a warrantless surveillance program codenamed "Stellar Wind."

Uber attempting to reset stolen customer passwords

Uber attempting to reset stolen customer passwords

Uber is attempting to squash the use of hacked customer accounts that have most likely been sold on the dark web and are currently being used in China.

Flaws fixed on Starbucks site that put accounts at risk

Flaws fixed on Starbucks site that put accounts at risk

Three flaws on Starbucks' website put customers' banking details at risk.

Mitigation available for flaw in building automation system

Mitigation available for flaw in building automation system

Schneider Electric released updated firmware to patch a remotely exploitable vulnerability for its StruxureWare Building Expert building automation system.

Customer data possibly compromised in online photo store malware attack

Customer data possibly compromised in online photo store malware attack

PNI Digital Media, CVS and Costco are warning their online photo customers that some personal information may have been compromised following a malware attack on the system in July.

Law firms file for class-action status in Target suit

Law firms file for class-action status in Target suit

Eleven law firms filed with a Minnesota court this past week to ask for class-action certification over Target's 2013 data breach.

SEC will not fine Target in aftermath of 2013 breach

SEC will not fine Target in aftermath of 2013 breach

The Securities and Exchange Commission will not penalize Target Corp. for a cyberattack two years ago in which credit card and other personal information of millions of customers was exposed.

Target settles with Visa following 2013 breach

Target will fork over as much as $67 million to banks issuing Visa cards and $10 million to customers who were affected in its 2013 breach.

Hacked, shuttered online photo print centers could prove costly to consumers, retailers

Hacked, shuttered online photo print centers could prove costly to consumers, retailers

As six major retailers spanning the U.S., Canada and the U.K. enter the second month of having their online photo print operations shuttered by hackers, industry analysts say the damage to consumers and the retailers could be significant in both data and dollars.

Imperva appoints Geraldine Elliot to board of directors

Imperva appoints Geraldine Elliot to board of directors

Geraldine "Gerri" Elliot was appointed by the cyber security solutions firm Impeva to the company's board of directors.

Square: Our card reader security software prevents hacks

Square: Our card reader security software prevents hacks

Square countered the claim of three Boston University graduates that its reader can be quickly and easily converted into a credit card skimmer.

Tripwire uncovers smart home hub zero-day vulnerabilities

Three top-selling smart home hubs on Amazon have zero-day vulnerabilities that could allow an outsider entry into the user's home, Tripwire reported.

Federal Reserve's Powell concerned about security of chip and signature

Federal Reserve's Powell concerned about security of chip and signature

Speaking at a Federal Reserve Bank of Kansas City conference, Jerome Powell called EMV card deployment a step forward but questioned the security of cards that use signatures, not PINs, for authentication.

Visa, FireEye team to help retailers, issuers fight cyber attacks

Visa and FireEye formed a partnership aimed at helping merchants and card issuers access threat intelligence and combat cyber attacks.

Report: MasterCard's biggest card issuers rebuffed Target breach deal

The Wall Street Journal reports that some of MasterCard's biggest issuers refused to back the breach settlement.

The long and winding road: EMV adoption

The long and winding road: EMV adoption

Swapping out magnetic stripe payment cards for those equipped with computer chips is no small task, reports Karen Epper Hoffman.

Information sharing at work

Information sharing at work

There's been quite a bit of lip service paid to the ages-old concept of information sharing, says Illena Armstrong, VP, editorial, SC Magazine..

Report: $19M breach settlement between MasterCard, Target terminated

Report: $19M breach settlement between MasterCard, Target terminated

A federal judge recently denied banks' motion to block the settlement, but now the deal has been nixed for different reasons.

Hackers exploit Starbucks auto-reload feature to steal from customers

Hackers exploit Starbucks auto-reload feature to steal from customers

Starbucks customers say auto-reload feature is being used to steal from their linked credit cards and bank accounts.

POS threat 'Punkey' allows additional malware download for greater access

POS threat 'Punkey' allows additional malware download for greater access

Trustwave also found that the Punkey threat family and NewPosThings share the same code base.

FighterPOS malware strikes over 100 terminals in Brazil, captures info for 22K cards

FighterPOS malware strikes over 100 terminals in Brazil, captures info for 22K cards

Trend Micro warns that the threat could spread, as the sole perpetrator of the attacks is selling the malware.

'NewPosThings' malware evolves, malicious traffic traced to airports

'NewPosThings' malware evolves, malicious traffic traced to airports

Trend Micro believes that point-of-sale malware attackers will increasingly target travelers.

PCI Council updates penetration testing guidance for merchants

A recent Verizon study found that regular testing of security systems was a compliance weak point for merchants.

Verizon: PCI requirement to test security systems a compliance weak point for orgs

Verizon: PCI requirement to test security systems a compliance weak point for orgs

The percentage of companies compliant with PCI DSS Requirement 11 dropped to 33 percent last year, a Verizon report found.

Study: Fraud losses drop by $2 billion in 2014

Study: Fraud losses drop by $2 billion in 2014

A new study from Javelin Strategy & Research has found that both the fraud rate and the amount of money lost to fraud decreased this year.

Attempts made to access Toys"R"Us reward program profiles

Unnamed attackers attempted to gain access to some Toys"R"Us reward program profile in January, prompting the company to send email notifications and request users change their passwords.

Report: Target hackers steal card data from another parking company

Brian Krebs uncovered that a third parking service has been targeted by the same cybercriminals that hit Target and Home Depot.

Judge gives Home Depot till July to respond to class-action lawsuit allegations

A Georgia judge ordered Home Depot respond to class-action lawsuit allegations surrounding the retailer's major data breach this past summer by July 2015.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US