Retail News, Articles and Updates

Air India frequent flier miles hacked

Air India frequent flier miles hacked

By

Unidentified individuals hacked into the loyalty program of at least 20 accounts at Air India to steal nearly $24,000 worth of frequent flier miles.

Twitter, HealthCare.gov top annual list of most trustworthy websites

Twitter, HealthCare.gov top annual list of most trustworthy websites

By

At one time ridiculed over lax cybersecurity, the federal health insurance exchange site HealthCare.gov scored second-highest out of approximately 1,000 websites in the Online Trust Alliance's eighth annual Trust Audit and Honor Roll.

Wendy's POS breach 'considerably' bigger than first thought

Wendy's POS breach 'considerably' bigger than first thought

By

Even more fast-food patrons may have a beef with The Wendy's Company, after the restaurant chain announced yesterday that the number of restaurants affected by a POS data breach may be "considerably higher" than first thought.

Consumers taking their business elsewhere after a hack, Centrify survey

Consumers taking their business elsewhere after a hack, Centrify survey

By

A new study examines consumer attitudes toward corporate hacking and companies should take heed.

Finish Line leverages IT auditing service to secure increase in cyber budget

Finish Line leverages IT auditing service to secure increase in cyber budget

By

In the perennial corporate tug-of-war over budget, Finish Line's director of security and compliance Cory Deeter recently relied on an independent security assessment service to influence upper-level executives to increase funding for cybersecurity initiatives.

FastPOS malware instantly delivers stolen credit card data

FastPOS malware instantly delivers stolen credit card data

By

Cybercriminals must be feeling the need for speed by brewing up a new point-of-sale (POS) malware family called FastPOS that is much faster at snatching and disseminating stolen credit card information.

New Locky ransomware campaign sets sights on Amazon customers

New Locky ransomware campaign sets sights on Amazon customers

By

Amazon customers are the target of a wide-ranging phishing email scam intended to fool recipients into opening up a malicious attachment that results in the downloading of Locky ransomware.

Flaws on Visa's HTTPS-protected sites allow hackers to insert JavaScript code

Flaws on Visa's HTTPS-protected sites allow hackers to insert JavaScript code

By

Vulnerabilities allow attackers to use an exploit known as the "forbidden attack," affecting dozens of Visa Inc.'s HTTPS-protected websites.

APWG report: Phishing surges by 250 percent in Q1 2016

APWG report: Phishing surges by 250 percent in Q1 2016

By

The Anti-Phishing Working Group observed more phishing attacks in the first quarter of 2016 than in any other three-month span since it began tracking data in 2004, according to the anti-cybercrime coalition.

Magento flaw allowed hackers to execute code using APIs

Magento flaw allowed hackers to execute code using APIs

By

Magento released a patch for a critical vulnerability that allowed unauthenticated users to execute PHP code remotely on the server using APIs.

NTIA study: Security threats deter online activities like making purchases and banking

NTIA study: Security threats deter online activities like making purchases and banking

By

A new government survey shows that U.S. households are growing averse to even the most routine online transactions, due to cyberattacks imperiling users' finances, identities and privacy.

DHS issues alert over old SAP vulnerability after 36 organizations infiltrated

DHS issues alert over old SAP vulnerability after 36 organizations infiltrated

By

The DHS yesterday issued its first-ever US-CERT security alert pertaining to the active exploit of an SAP application, after a security vendor determined 36 organizations were infiltrated via an SAP vulnerability that was disclosed over five years ago.

300 Wendy's restaurants affected by POS malware attack earlier this year

300 Wendy's restaurants affected by POS malware attack earlier this year

By

An investigation into a point-of-sale malware attack discovered earlier this year found 300 of the chain's 5,500 locations were impacted.

Kroger warns past, present employees of possible compromise after Equifax W-2Express breach

By

Kroger alerted current and former employees this week that their data - including Social Security numbers and birth dates - may have been compromised as a result of a breach at Equifax's W-2Express website.

First Choice Credit Union files class-action suit against Wendy's over breach

First Choice Credit Union files class-action suit against Wendy's over breach

By

Claiming that Wendy's didn't properly protect data, First Choice Credit Union filed a class action lawsuit against the retailer over a breach experienced last year.

PCI DSS version 3.2 release extends multifactor authentication requirement

PCI DSS version 3.2 release extends multifactor authentication requirement

By

The PCI Data Security Standard version 3.2 released Thursday not only includes new requirements to safeguard payment data, including multifactor authentication.

Online scammers entice wannabe mystery shoppers to disclose personal data

Online scammers entice wannabe mystery shoppers to disclose personal data

By

Beware of fake mystery shopper scams, a new McAfee Labs consumer alert warned.

'Multigrain' variant of POS malware crops up; uses DNS tunneling to steal data

'Multigrain' variant of POS malware crops up; uses DNS tunneling to steal data

By

A variant of the POS malware family known as NewPosThings, called Multigrain, has introduced a twist into its repertoire—exfiltrating stolen payment card data from POS systems via the Domain Name System (DNS).

DōTERRA breach exposes customer info; including SS, DOB, and addresses

DōTERRA breach exposes customer info; including SS, DOB, and addresses

By

DōTERRA International notified the State of California's Attorney General's office that personal information of its customers and wholesale members, or "Wellness Advocates," was breached.

Stolen laptop puts data of CVS customers in Alabama at risk

Stolen laptop puts data of CVS customers in Alabama at risk

By

The personal information of an undisclosed number of CVS customers in Calera, Ala., is at risk after a laptop was stolen from one of its vendors.

Research: Over 6,000 data breaches in key industry sectors since 2005

Research: Over 6,000 data breaches in key industry sectors since 2005

By

The Identity Theft Resource Center (ITRC) and IDT911 said that to date, the financial services, business, education, government and healthcare industrial sectors have experienced over 6,000 data breaches since 2005.

Worldpay merchant portal allowed merchants to view customer card data

Worldpay merchant portal allowed merchants to view customer card data

Worldpay's electronic payment gateway setup pages offer poor security seals on credit card details, according to a security researcher.

UPDATE: Nest disables smart home device, triggers IoT security concerns

UPDATE: Nest disables smart home device, triggers IoT security concerns

By

Nest will disable its smart home product Revolv on May 15th. Revolv founders Tim Enwall and Mike Soucie will re-focus on building Works with Nest.

Scammers phishing using fake Macy's delivery emails

Scammers phishing using fake Macy's delivery emails

By

Macy's is reportedly investigating a phishing scam that uses a fake Macy's delivery email notification for what is usually a non-existent order.

Six months in, chipped credit cards gaining acceptance with consumers, retailers

Six months in, chipped credit cards gaining acceptance with consumers, retailers

By

The six-month anniversary of chipped credit cards is coming up on April 1 and the general consensus in the industry on the rollout is "so far so good."

DHS launches two-way threat sharing system for public-private collaboration

DHS launches two-way threat sharing system for public-private collaboration

By

The Department of Homeland Security has declared itself officially ready to exchange cybersecurity intelligence with private industries and other organizations using an automated threat-sharing system, under the terms of the Cybersecurity Act of 2015.

FTC orders nine companies to provide details on PCI DSS audit process

FTC orders nine companies to provide details on PCI DSS audit process

By

The FTC has ordered nine companies to provide information on the way they assess whether retailers and others are in compliance with Payment Card Industry Data Security Standards (PCI DSS).

Kaspersky sees uptick in spam from fake 'Amazon stores'

Kaspersky sees uptick in spam from fake 'Amazon stores'

By

Kaspersky noticed an increase in fake emails that claim to be from Amazon online stores offering free gifts.

Retailers falling short of earlier predictions on EMV readiness

Retailers falling short of earlier predictions on EMV readiness

By

A new survey of U.S. payment service providers revealed that approximately 37 percent of retailers were ready to process EMV payments by Feb. 1, 2016.

Fake patch for Magento Shoplift bug steals payment info

Fake patch for Magento Shoplift bug steals payment info

By

Organizations that haven't updated their Magento sites with the SUPEE-5344 security patch for the Shoplift Bug run the risk of having their sites compromised by wily hackers pitching a fake patch.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US