Retail News, Articles and Updates
The Anti-Phishing Working Group observed more phishing attacks in the first quarter of 2016 than in any other three-month span since it began tracking data in 2004, according to the anti-cybercrime coalition.
Magento released a patch for a critical vulnerability that allowed unauthenticated users to execute PHP code remotely on the server using APIs.
A new government survey shows that U.S. households are growing averse to even the most routine online transactions, due to cyberattacks imperiling users' finances, identities and privacy.
The DHS yesterday issued its first-ever US-CERT security alert pertaining to the active exploit of an SAP application, after a security vendor determined 36 organizations were infiltrated via an SAP vulnerability that was disclosed over five years ago.
An investigation into a point-of-sale malware attack discovered earlier this year found 300 of the chain's 5,500 locations were impacted.
Kroger alerted current and former employees this week that their data - including Social Security numbers and birth dates - may have been compromised as a result of a breach at Equifax's W-2Express website.
Claiming that Wendy's didn't properly protect data, First Choice Credit Union filed a class action lawsuit against the retailer over a breach experienced last year.
The PCI Data Security Standard version 3.2 released Thursday not only includes new requirements to safeguard payment data, including multifactor authentication.
Beware of fake mystery shopper scams, a new McAfee Labs consumer alert warned.
A variant of the POS malware family known as NewPosThings, called Multigrain, has introduced a twist into its repertoire—exfiltrating stolen payment card data from POS systems via the Domain Name System (DNS).
DōTERRA International notified the State of California's Attorney General's office that personal information of its customers and wholesale members, or "Wellness Advocates," was breached.
The personal information of an undisclosed number of CVS customers in Calera, Ala., is at risk after a laptop was stolen from one of its vendors.
The Identity Theft Resource Center (ITRC) and IDT911 said that to date, the financial services, business, education, government and healthcare industrial sectors have experienced over 6,000 data breaches since 2005.
Worldpay's electronic payment gateway setup pages offer poor security seals on credit card details, according to a security researcher.
Nest will disable its smart home product Revolv on May 15th. Revolv founders Tim Enwall and Mike Soucie will re-focus on building Works with Nest.
Macy's is reportedly investigating a phishing scam that uses a fake Macy's delivery email notification for what is usually a non-existent order.
The six-month anniversary of chipped credit cards is coming up on April 1 and the general consensus in the industry on the rollout is "so far so good."
The Department of Homeland Security has declared itself officially ready to exchange cybersecurity intelligence with private industries and other organizations using an automated threat-sharing system, under the terms of the Cybersecurity Act of 2015.
The FTC has ordered nine companies to provide information on the way they assess whether retailers and others are in compliance with Payment Card Industry Data Security Standards (PCI DSS).
Kaspersky noticed an increase in fake emails that claim to be from Amazon online stores offering free gifts.
A new survey of U.S. payment service providers revealed that approximately 37 percent of retailers were ready to process EMV payments by Feb. 1, 2016.
Organizations that haven't updated their Magento sites with the SUPEE-5344 security patch for the Shoplift Bug run the risk of having their sites compromised by wily hackers pitching a fake patch.
An Android malware is masquerading as a security feature for AliPay, a Chinese PayPal-like online payment app.
VTech representatives are struggling to defend new terms and conditions that the electronic toy manufacturer company posted on its corporate website following a massive hack that exposed over 6.3 million accounts.
Wendy's found malware on the systems at some restaurants under investigation after unusual activity was reported on customers' payment card accounts.
A group of hackers tried to access active accounts belonging to more than 20 million users of Taobao, Alibaba Group Holding Ltd.'s e-commerce unit.
Though a large vulnerability was discovered in eBay's global sales platform, the company has 'no plans' to fix the active code exploit.
Landry's Inc., the dining and hospitality chain operator that discovered a long-running data breach in December, said it has completed its internal investigation into the incident, and has fortified its point-of-sale operations with encryption technology to prevent future cyberattacks.
Neiman Marcus Group (NMG) reported that someone gained unauthorized access to thousands of online customer accounts.
The roll out of the EMV cards last fall was expected to bring a new level of data security to American consumers and retailers, but depending upon whom one speaks the cards have either been a boon or a bust.
SC Magazine Articles
- Some U.S. Bancorp workers' W-2 info exposed in ADP data breach
- Spearphishing attack nets $495K from investment firm
- Updated: Gmail, Yahoo email credentials among millions found on the dark web
- Report: Ransomware feeds off poor endpoint security
- Organizations need formal vendor risk management programs, study
- State Dept. criticized for poor records management, Clinton broke rules, IG report says
- APWG report: Phishing surges by 250 percent in Q1 2016
- Apple rehires crypto legend Jon Callas
- China's quantum communications satellite to improve data security, thwart hackers
- 34% of Brits willing to sacrifice their online safety for weight loss