Trustwave also found that the Punkey threat family and NewPosThings share the same code base.
Trend Micro warns that the threat could spread, as the sole perpetrator of the attacks is selling the malware.
Trend Micro believes that point-of-sale malware attackers will increasingly target travelers.
A recent Verizon study found that regular testing of security systems was a compliance weak point for merchants.
The percentage of companies compliant with PCI DSS Requirement 11 dropped to 33 percent last year, a Verizon report found.
A new study from Javelin Strategy & Research has found that both the fraud rate and the amount of money lost to fraud decreased this year.
Unnamed attackers attempted to gain access to some Toys"R"Us reward program profile in January, prompting the company to send email notifications and request users change their passwords.
Brian Krebs uncovered that a third parking service has been targeted by the same cybercriminals that hit Target and Home Depot.
A Georgia judge ordered Home Depot respond to class-action lawsuit allegations surrounding the retailer's major data breach this past summer by July 2015.
As we all gear up for the holidays with plans to purchase any number of items online, cyberthieves too are gearing up with more and more creative ways to steal money, credentials and critical data from any number of organizations.
Phishing emails are made to look like order confirmations from major retailers, like Best Buy, Target and Walmart, security firm Malcovery warns.
The National Association of Federal Credit Unions is asking Congress to establish national data breach and notification standards for retailers.
The FBI and Homeland Security's US-CERT team have both warned that online scams, taking advantage of the holiday shopping frenzy, will be plentiful this season.
Damballa observed the spike in infections, which followed a Backoff peak in Q3.
Vladimir Drinkman, who was charged for his involvement in the Heartland breach, is currently in the Netherlands.
A new study found that consumers are becoming more aware of security procedures at retailers after breaches have dominated this year's news cycle.
Researchers at Fortinet detailed the new variant on Monday, and urged businesses to keep their AV up to date.
Apple's iPhone 6 and iOS 8 offer encryption for mobile users, but a focus on consumers can create security conundrums, reports Lee Sustar.
The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.
We're in the age of the customer. Empowered buyers are demanding a new level of customer obsession, and bring-your-own-everything is accelerating.
A Canadian is leading a $500 million class-action lawsuit against Home Depot following its data breach in which up to 56 million US and Canadian credit cards were stolen.
Roman Seleznev is now charged in a 40-count indictment brought by a federal grand jury in Seattle.
A slide of a card at a POS system sure is convenient, but given last year's Target data theft and recent headlines about the Home Depot breach, some are questioning the safety of transactions.
Just recently we witnessed the U.S. House of Representative pass two bills aimed at bolstering the security operations of the nation's critical infrastructure.
Retail organizations have long been the target of financially-motivated crime. According to Verizon, 92% of the retail breaches they've studied were committed by external actors.
The PCI Security Standards Council's new general manager Stephen Orfei spoke at the Florida community meeting.
Home Depot confirmed that approximately 56 million payment cards may have been compromised as result of a malware attack.
Due to the flaw, iPhone bidders were vulnerable to being redirected to a phishing page.
Nuix believes the malware found on Home Depot's systems belongs to a different threat family.
On Wednesday, PCI SSC updated its card skimming prevention guidance for the first time in five years.
The same malware that reportedly struck Target also hit Home Depot's POS systems, a new report from Brian Krebs reveals.
The warning comes soon after the Secret Service and DHS issues a warning on the threat.
Starting July 2015, all smartphones sold in the state must come with the anti-theft technology.
The Secret Service said that over 1,000 U.S. businesses have been infected with the malware.
The guidance is meant to help merchants and third parties better understand their roles and responsibilities in the payment security ecosystem.
The PCI Security Standards Council General Manager Bob Russo will retire at year's end; Stephen W. Orfei will take the helm in September.
While P.F. Chang's investigates a breach, it has shifted to manual payment card imprinting, suggesting that point-of-sale devices may have been compromised.
A former Home Depot employee was fired and is being prosecuted for accessing customer account information and distributing card data.
It is still unclear whether the lawsuits will gain class-action status, putting potential claimants in the millions.
On Monday, Target CEO and Chairman Gregg Steinhafel announced that he was stepping down from his position.
A new study weighs the collateral damage from data breaches hitting businesses.
The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.
An investigation dating back to January has finally confirmed that malware on point-of-sale systems may have compromised payment card data for millions of Michaels Stores and Aaron Brothers customers.
The group being implicated has stolen over 160 million card numbers over the years by hacking organizations, including Heartland Payment Systems, Visa and 7-Eleven.
Banks impacted by the Target data breach have banded together to file a class-action against the retail giant, as well as against security firm Trustwave.
After claiming it saw no evidence that payment card data was taken in a breach, the chain now says fewer than 25,000 records were "illegally accessed."
Prior to its massive breach, Target seems not to have responded to multiple alerts from security company FireEye involving suspicious activity on the retailer's network.
An attempted intrusion is still being investigated, but Texas-based Sally Beauty has no evidence to suggest that 282,000 payment cards found in an online underground crime market were pilfered from the worldwide retailer.
In the aftermath of the Target breach, there is a huge need for all the people who are engaging with technology to understand more about cyber threats and ways they can account for these before and after something goes down.
The malware is based on the leaked code of Zeus and RAM-scraping malware.
The associations will explore options for improved information sharing and implementation of card security technology.
Target announced last week that hackers compromised its systems using credentials stolen from a third party vendor and, on Thursday, Fazio Mechanical confirmed that it was the victim of an attack.
Executives with Target and Neiman Marcus were among the individuals who testified before the Senate Judiciary Committee on Tuesday.
White Lodging Services Corporation is investigating a suspected breach of its point-of-sale systems, the Indiana-based hotel management company announced on Monday.
A worldwide point-of-sale malware operation involving a relatively new trojan - called ChewBacca - has impacted dozens of retailers in the U.S., according to RSA researchers.
Stolen vendor credentials is what led to a massive malware attack on Target's point-of-sale machines, ultimately resulting in the theft of 40 million payment cards, among other information.
After Target and Neiman Marcus, Michaels Stores is the next in a line of U.S. retailers to reveal that it is investigating a possible security breach that may have resulted in the compromise of customer payment cards.
Researchers at Barracuda Labs discovered that the toy and game website was infected.
On Wednesday, the retailer's CEO Karen Katz announced that malware on its payment systems may have impacted more than one million cards.
IntelCrawler concluded on Sunday that 23-year-old Rinat Shibaev - not 17-year-old Sergey Taraspov, as the company previously reported - is the writer of the malware that infected Target's point-of-sale systems.
At the border of U.S. and Mexico, two individuals were arrested in connection with the late-2013 Target breach.
The attack on Neiman Marcus point-of-sale systems dates back to July 2013 and the threat was not completely mitigated until Sunday, unnamed people briefed on the retailer's investigation told the New York Times.
The operation that likely led to the infection of Target's point-of-sale systems is known as KAPTOXA, according to a release by iSIGHT Partners.
Researchers with cyber intelligence company IntelCrawler have identified a new point-of-sale (POS) malware, known as 'Decebal,' available for purchase on underground forums.
The refund was agreed upon under a Federal Trade Commission (FTC) settlement.
Malware found on the payment systems of Neiman Marcus led to the compromise of card data for an undisclosed number of shoppers, but PIN data is not at risk because the retailer does not use PIN pads in its stores.
A class-action complaint was filed against Neiman Marcus in the Eastern District of New York on Monday, just days after the major retailer announced that an undisclosed number of payment cards may have been stolen in a breach.
High-end retailer Neiman Marcus is now added to the list of major retailers confirming credit card breaches.
Target CEO Gregg Steinhafel confirmed in a CNBC interview on Monday that malware introduced on point-of-sale devices is what enabled thieves to steal 40 million cards and other personal information.
On Thursday, the online retailer began accepting the popular digital currency.
In addition to an earlier revelation that 40M cards were pilfered, the PII of up to 70 million individuals was also stolen, according to a Friday statement by Target.
A group of individuals communicating in underground forums are attempting to decrypt a 50GB dump of Triple DES encrypted PIN numbers believed to have been acquired in the massive 2013 attack on retail giant Target.
Due to the glitch, some travelers were able to purchase $400 flights for $48 or less.
Three senators have asked that a congressional hearing on consumer data security be held as soon as possible.
The Briar Group confirmed that its systems were breached between October and November.
A payment processor that handles transactions for Target denied being impacted in an attack on the retail giant's point-of-sale devices.
According to a UK researcher, eBay's site has remained vulnerable to cross-site request forgery (CSRF) attacks for several months.
Credit and debit cards and CVV codes stolen by hackers in the holiday Target breach have begun showing up in underground marketplaces.
Retail giant Target has yet to announce exactly how attackers compromised its point-of-sale devices, but researchers and security experts have already begun weighing in on the implications of such a colossal breach.
The retailer announced that it had become the target of a more than two-week-long attack that may have compromised 40 million credit and debit cards.
The malware, dubbed "ISN," is masked as a module for Microsoft Internet Information Services (IIS) web-hosting software, Trustwave found.
The botnet is reportedly behind the compromise of more than 20,000 payment cards in recent months.
The system crash reportedly kept bank customers from withdrawing money from ATMs and from carrying out mobile and online transactions.
Version 3.0 of the PCI Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS) became available today.
On Wednesday morning, the website showcased items, normally priced for hundreds of dollars, at around $10 to $20.
So far, one solution, developed by European Payment Services, has been verified under PCI security standards for point-to-point encryption (P2PE) hardware.
"The 2013 eCommerce Cyber Crime Report" weighed the business loss incurred by holiday cyber attacks.
Fraudsters boldly entered the store to plant skimming devices.
According to a federal judge in Illinois, the plaintiffs failed to demonstrate loss or injury as a result of increased risk of identity theft, invasion of privacy and other claims.
The case hinges on a 2012 breach where the live video feeds of nearly 700 web-connected cameras were made available online.
Liberty Mutual, the insurer for St. Louis-based Schnucks, said the supermarket chain's general liability policy wasn't designed to absorb costs associated with data breach lawsuits and related claims.
The council released a highlight of potential new requirements and guidance to the PCI Data Security Standard and Payment Application Data Security Standard, both due out in November.
US Airways reported Aug. 2 that an unauthorized user gained access to a small number of Dividend Miles accounts. It was the second reported breach in under a month for the airline.
A programming error experienced by the payroll vendor for US Airways may have allowed employees to see wage information belonging to their colleagues.
Mapco Express suffered a credit card breach in March and April after hackers infected its systems with malware.
Customers that used their credit and debit cards during the month of February may have had their data exposed.
More than half of C-level executives surveyed in large Canadian companies do not educate employees about data security, storage and destruction.
Between June and July, the U.S. Food and Drug Administration shut down 1,677 pharmacies it says were operating illegally.
Technological vulnerability and valuable data make retailers the latest target for malware attacks, says Jenny Craig CIO Abe Lietz. Karen Epper Hoffman investigates.
The supermarket chain, which has more than 120 stores, primarily in California, was targeted by online intruders.
Sign up to our newsletters
SC Magazine Articles
- APT group detects threat monitoring and backs away in documented first
- Cyber attacks to rise, but competent security talent scarce, study says
- Researchers identify attack technique, all Windows versions at risk
- FighterPOS malware strikes over 100 terminals in Brazil, captures info for 22K cards
- Microsoft addresses 26 vulnerabilities, some critical, on Patch Tuesday
- Human error cited as leading contributor to breaches, study shows
- Data possibly exposed for more than 364K Auburn University students
- IBM will invest $3 billion in new IoT unit
- Banking industry security protocol falters in third-party vendor contracts
- Cyber attacks to rise, but competent security talent scarce, study says
- Cybersecurity bills move forward on Capitol Hill
- Flash EK leveraged in potentially widespread malvertising attack
- Study: Average organization has 4,000 instances of exposed credentials stored in the cloud
- Member of group that hacked Farmers Insurance, DirecTV, sentenced to 3 years
- HSBC mortgage customer info was publicly accessible on the internet