Retail News, Articles and Updates

APWG report: Phishing surges by 250 percent in Q1 2016

APWG report: Phishing surges by 250 percent in Q1 2016

By

The Anti-Phishing Working Group observed more phishing attacks in the first quarter of 2016 than in any other three-month span since it began tracking data in 2004, according to the anti-cybercrime coalition.

Magento flaw allowed hackers to execute code using APIs

Magento flaw allowed hackers to execute code using APIs

By

Magento released a patch for a critical vulnerability that allowed unauthenticated users to execute PHP code remotely on the server using APIs.

NTIA study: Security threats deter online activities like making purchases and banking

NTIA study: Security threats deter online activities like making purchases and banking

By

A new government survey shows that U.S. households are growing averse to even the most routine online transactions, due to cyberattacks imperiling users' finances, identities and privacy.

DHS issues alert over old SAP vulnerability after 36 organizations infiltrated

DHS issues alert over old SAP vulnerability after 36 organizations infiltrated

By

The DHS yesterday issued its first-ever US-CERT security alert pertaining to the active exploit of an SAP application, after a security vendor determined 36 organizations were infiltrated via an SAP vulnerability that was disclosed over five years ago.

300 Wendy's restaurants affected by POS malware attack earlier this year

300 Wendy's restaurants affected by POS malware attack earlier this year

By

An investigation into a point-of-sale malware attack discovered earlier this year found 300 of the chain's 5,500 locations were impacted.

Kroger warns past, present employees of possible compromise after Equifax W-2Express breach

By

Kroger alerted current and former employees this week that their data - including Social Security numbers and birth dates - may have been compromised as a result of a breach at Equifax's W-2Express website.

First Choice Credit Union files class-action suit against Wendy's over breach

First Choice Credit Union files class-action suit against Wendy's over breach

By

Claiming that Wendy's didn't properly protect data, First Choice Credit Union filed a class action lawsuit against the retailer over a breach experienced last year.

PCI DSS version 3.2 release extends multifactor authentication requirement

PCI DSS version 3.2 release extends multifactor authentication requirement

By

The PCI Data Security Standard version 3.2 released Thursday not only includes new requirements to safeguard payment data, including multifactor authentication.

Online scammers entice wannabe mystery shoppers to disclose personal data

Online scammers entice wannabe mystery shoppers to disclose personal data

By

Beware of fake mystery shopper scams, a new McAfee Labs consumer alert warned.

'Multigrain' variant of POS malware crops up; uses DNS tunneling to steal data

'Multigrain' variant of POS malware crops up; uses DNS tunneling to steal data

By

A variant of the POS malware family known as NewPosThings, called Multigrain, has introduced a twist into its repertoire—exfiltrating stolen payment card data from POS systems via the Domain Name System (DNS).

DōTERRA breach exposes customer info; including SS, DOB, and addresses

DōTERRA breach exposes customer info; including SS, DOB, and addresses

By

DōTERRA International notified the State of California's Attorney General's office that personal information of its customers and wholesale members, or "Wellness Advocates," was breached.

Stolen laptop puts data of CVS customers in Alabama at risk

Stolen laptop puts data of CVS customers in Alabama at risk

By

The personal information of an undisclosed number of CVS customers in Calera, Ala., is at risk after a laptop was stolen from one of its vendors.

Research: Over 6,000 data breaches in key industry sectors since 2005

Research: Over 6,000 data breaches in key industry sectors since 2005

By

The Identity Theft Resource Center (ITRC) and IDT911 said that to date, the financial services, business, education, government and healthcare industrial sectors have experienced over 6,000 data breaches since 2005.

Worldpay merchant portal allowed merchants to view customer card data

Worldpay merchant portal allowed merchants to view customer card data

Worldpay's electronic payment gateway setup pages offer poor security seals on credit card details, according to a security researcher.

UPDATE: Nest disables smart home device, triggers IoT security concerns

UPDATE: Nest disables smart home device, triggers IoT security concerns

By

Nest will disable its smart home product Revolv on May 15th. Revolv founders Tim Enwall and Mike Soucie will re-focus on building Works with Nest.

Scammers phishing using fake Macy's delivery emails

Scammers phishing using fake Macy's delivery emails

By

Macy's is reportedly investigating a phishing scam that uses a fake Macy's delivery email notification for what is usually a non-existent order.

Six months in, chipped credit cards gaining acceptance with consumers, retailers

Six months in, chipped credit cards gaining acceptance with consumers, retailers

By

The six-month anniversary of chipped credit cards is coming up on April 1 and the general consensus in the industry on the rollout is "so far so good."

DHS launches two-way threat sharing system for public-private collaboration

DHS launches two-way threat sharing system for public-private collaboration

By

The Department of Homeland Security has declared itself officially ready to exchange cybersecurity intelligence with private industries and other organizations using an automated threat-sharing system, under the terms of the Cybersecurity Act of 2015.

FTC orders nine companies to provide details on PCI DSS audit process

FTC orders nine companies to provide details on PCI DSS audit process

By

The FTC has ordered nine companies to provide information on the way they assess whether retailers and others are in compliance with Payment Card Industry Data Security Standards (PCI DSS).

Kaspersky sees uptick in spam from fake 'Amazon stores'

Kaspersky sees uptick in spam from fake 'Amazon stores'

By

Kaspersky noticed an increase in fake emails that claim to be from Amazon online stores offering free gifts.

Retailers falling short of earlier predictions on EMV readiness

Retailers falling short of earlier predictions on EMV readiness

By

A new survey of U.S. payment service providers revealed that approximately 37 percent of retailers were ready to process EMV payments by Feb. 1, 2016.

Fake patch for Magento Shoplift bug steals payment info

Fake patch for Magento Shoplift bug steals payment info

By

Organizations that haven't updated their Magento sites with the SUPEE-5344 security patch for the Shoplift Bug run the risk of having their sites compromised by wily hackers pitching a fake patch.

Android malware masquerades as AliPay app

Android malware masquerades as AliPay app

By

An Android malware is masquerading as a security feature for AliPay, a Chinese PayPal-like online payment app.

VTech: You acknowledge that PII "may not be secure"

VTech: You acknowledge that PII "may not be secure"

By

VTech representatives are struggling to defend new terms and conditions that the electronic toy manufacturer company posted on its corporate website following a massive hack that exposed over 6.3 million accounts.

Wendy's finds malware at some locations

Wendy's finds malware at some locations

By

Wendy's found malware on the systems at some restaurants under investigation after unusual activity was reported on customers' payment card accounts.

Hackers attack 20M accounts of Alibaba e-commerce unit

Hackers attack 20M accounts of Alibaba e-commerce unit

By

A group of hackers tried to access active accounts belonging to more than 20 million users of Taobao, Alibaba Group Holding Ltd.'s e-commerce unit.

Update: eBay 'cesspit' has 'no plans' to fix severe vulnerability

Update: eBay 'cesspit' has 'no plans' to fix severe vulnerability

Though a large vulnerability was discovered in eBay's global sales platform, the company has 'no plans' to fix the active code exploit.

Landry's concludes breach probe, lists affected locations and attack timeframes

Landry's concludes breach probe, lists affected locations and attack timeframes

By

Landry's Inc., the dining and hospitality chain operator that discovered a long-running data breach in December, said it has completed its internal investigation into the incident, and has fortified its point-of-sale operations with encryption technology to prevent future cyberattacks.

Unauthorized access leads to Neiman Marcus Group breach, 5,200 affected

By

Neiman Marcus Group (NMG) reported that someone gained unauthorized access to thousands of online customer accounts.

Data Privacy Day: Chip card adoption growing, but problems linger

Data Privacy Day: Chip card adoption growing, but problems linger

By

The roll out of the EMV cards last fall was expected to bring a new level of data security to American consumers and retailers, but depending upon whom one speaks the cards have either been a boon or a bust.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US