Retail News, Articles and Updates

SAP addresses high-priority POS server flaw on Patch Tuesday

SAP on Tuesday released a dozen security notes after developing patches for a series of vulnerabilities, including a high-priority flaw in its Point of Sale Retail Xpress Server that could expose the server to attackers.

Bank websites struggle, consumer services sites shine in online trust assessment

An annual audit of more than 1,000 top websites found that 52 percent have highly trustworthy cybersecurity and privacy practices, yet 46 percent failed the assessment altogether, with bank sites surprisingly faring worst of all.

Jaff ransomware server also hosting Dark Web PII fencing operation

WannaCry ransomware stole most of the headlines in May, but researchers have noted that Jaff ransomware, which was wreaking havoc at the same time, is being operated from the same server as a large Dark Web department store.

Data breach rattles Sabre: Intrusion into hotel reservations system revealed

Sabre Corporation, a $3.37 billion company that provides technology solutions to airline and hotel companies, has disclosed a breach of its Hospitality Solutions SynXis Central Reservations system, which may have exposed consumers' payment card data and personally identifiable information.

Hacker served Shoney's POS malware for three months

Best American Hospitality Corp. reported that 37 Shoney's restaurants it manages and operates were hit with point-of-sale (POS) malware starting in late December and lasting through early March.

GameStop investigating point of sale data breach

GameStop is investigating a possible payment card breach on the retailer's GameStop.com online store, according to published reports.

Hacker compromises nearly 100k McDonald's Canada job applications

The McDonald's Canada career website has suffered a data breach that compromised about 95,000 restaurant job applications, the fast-food giant acknowledged on Friday in a company statement.

Insurer sues Rosen Hotels over data breach payments

St. Paul Fire & Marine Insurance has filed a lawsuit asking a Florida judge to formally state that the insurance company is not responsible for paying any costs related to a data breach that took place at Rosen Hotels & Resorts.

Food court: Arby's reportedly faces 8 lawsuits resulting from breach

Fast-foot chain Arby's is now facing a total of eight lawsuits stemming from a data breach that was discovered in February and affected around 1,000 locations, the AP has reported.

Saks Fifth Avenue leaves customer data exposed

Saks Fifth Avenue reportedly exposed the personal information of tens of thousands of customers in plain text on publically accessible pages.

Verifone calls security breach 'limited,' after quick response

The company said attackers didn't target merchants and the security and integrity of its networks remained intact.

Cylance says RawPOS is back with a fresh new signature, not much else

The California-based security has published an analysis which claims not much effort has been put into the new variant, and as a result was a doddle to catch.

The retail industry steps up the fight against cyber-threats

The British Retail Consortium releases practical guidance for British retail businesses to ensure they have the appropriate preventative and response measures in place to reduce their vulnerabilities and to protect both themselves and their customers.

Arby's hit with POS breach, 1,100 stores possibly affected

The fast food restaurant chain Arby's has suffered a breach involving the payment card systems in up to 1,100 of its locations.

Bed-lam: 1,100 furniture company employees' W-2 info exposed in spoofing scam

Furniture manufacturer and retailer Mitchell Gold + Bob Williams mistakenly furnished a cybercriminal operation with its employees' W-2 information after falling for a phishing scam that used a spoofed email address.

15 million affected by ID fraud, report

The number of people hit with identity fraud and the total monetary loss due to this crime increased dramatically in 2016 with more than 15 million people losing a combined $16 billion.

Unhappy meal: McDonald's website doesn't securely protect passwords, researcher finds

Registered users of McDonald's website are susceptible to credential theft due to the combination of a cross-site scripting (XSS) vulnerability and a cryptographic storage vulnerability, a researcher has found.

Amazon customers targeted in phishing scam

Sophos researchers pulled the covers off a phishing scam hitting Amazon customers who are looking for deals on electronics that are too good to be true.

FTC Issues fake app alert, but perhaps too late

Apparently, it's always better late than never, but one wonders how much damages was already done.

Shoppers willing to punish hacked retailers, survey

Retailer hacks like Target and Home Depot could prove disastrous for stores as a recent consumer survey found that many holiday shoppers would stop shopping at any retailer that suffered a similar attack.

Breach risk assessment reveals attackers' favorite techniques

A network breach risk assessment of over 20 organizations found that 100 percent showed signs of traffic tunneling, DNS-related exfiltration and malformed protocols in outbound traffic - all indicators of attackers using evasion and exfiltration techniques.

Researchers find OpenCart backdoor technique that approves false log-in credentials

Hackers who break into the servers of websites that use OpenCart software can ensure future access to these sites' back-end systems by secretly modifying a particular file so that the log-in authentication process accepts any random credentials, Sucuri has reported.

400% increase in POS malware variants across US Thanksgiving weekend

Proofpoint researchers have written a blogpost detailing a 400 percent increase in Point-of-Sale malware variants across Thanksgiving weekend in the US.

Mastercard and Visa push EMV liability deadline to 2020 for automated fuel pumps

Citing technological and regulatory challenges, Mastercard and Visa have postponed their liability deadlines for merchants to employ EMV chip card technology at automated fuel pumps, from October 2017 to October 2020.

NetWire RAT acts as keylogger, steals payment card data

Criminals used a remote access trojan with keylogging capabilities rather than traditional point-of-sale malware.

Data breach hits MSG: Rangers, Knicks, Rockettes fans hacked

Madison Square Garden Company (MSG) reported payment card information was stolen from potentially hundreds of thousands of customers who attended shows or sporting events at the organization's five major venues during the last year.

McDonald's adding biometrics-based access management to its menu?

McDonald's has been tinkering with the idea of using biometrics to manage employee access to corporate systems inside its retail locations, said a McDonald's corporate manager at SC Congress Chicago on Thursday.