Retail News, Articles and Updates

Arby's hit with POS breach, 1,100 stores possibly affected

The fast food restaurant chain Arby's has suffered a breach involving the payment card systems in up to 1,100 of its locations.

Bed-lam: 1,100 furniture company employees' W-2 info exposed in spoofing scam

Furniture manufacturer and retailer Mitchell Gold + Bob Williams mistakenly furnished a cybercriminal operation with its employees' W-2 information after falling for a phishing scam that used a spoofed email address.

15 million affected by ID fraud, report

The number of people hit with identity fraud and the total monetary loss due to this crime increased dramatically in 2016 with more than 15 million people losing a combined $16 billion.

Unhappy meal: McDonald's website doesn't securely protect passwords, researcher finds

Registered users of McDonald's website are susceptible to credential theft due to the combination of a cross-site scripting (XSS) vulnerability and a cryptographic storage vulnerability, a researcher has found.

Amazon customers targeted in phishing scam

Sophos researchers pulled the covers off a phishing scam hitting Amazon customers who are looking for deals on electronics that are too good to be true.

FTC Issues fake app alert, but perhaps too late

Apparently, it's always better late than never, but one wonders how much damages was already done.

Shoppers willing to punish hacked retailers, survey

Retailer hacks like Target and Home Depot could prove disastrous for stores as a recent consumer survey found that many holiday shoppers would stop shopping at any retailer that suffered a similar attack.

Breach risk assessment reveals attackers' favorite techniques

A network breach risk assessment of over 20 organizations found that 100 percent showed signs of traffic tunneling, DNS-related exfiltration and malformed protocols in outbound traffic - all indicators of attackers using evasion and exfiltration techniques.

Researchers find OpenCart backdoor technique that approves false log-in credentials

Hackers who break into the servers of websites that use OpenCart software can ensure future access to these sites' back-end systems by secretly modifying a particular file so that the log-in authentication process accepts any random credentials, Sucuri has reported.

400% increase in POS malware variants across US Thanksgiving weekend

Proofpoint researchers have written a blogpost detailing a 400 percent increase in Point-of-Sale malware variants across Thanksgiving weekend in the US.

Mastercard and Visa push EMV liability deadline to 2020 for automated fuel pumps

Citing technological and regulatory challenges, Mastercard and Visa have postponed their liability deadlines for merchants to employ EMV chip card technology at automated fuel pumps, from October 2017 to October 2020.

NetWire RAT acts as keylogger, steals payment card data

Criminals used a remote access trojan with keylogging capabilities rather than traditional point-of-sale malware.

Data breach hits MSG: Rangers, Knicks, Rockettes fans hacked

Madison Square Garden Company (MSG) reported payment card information was stolen from potentially hundreds of thousands of customers who attended shows or sporting events at the organization's five major venues during the last year.

McDonald's adding biometrics-based access management to its menu?

McDonald's has been tinkering with the idea of using biometrics to manage employee access to corporate systems inside its retail locations, said a McDonald's corporate manager at SC Congress Chicago on Thursday.

Nearly 6K e-commerce sites hacked, including GOP group

Hackers exploited security vulnerabilities and weak passwords to burrow their way into a number of e-commerce sites, including that of the National Republican Senatorial Committee.

FastPOS malware goes modular, adds stealth to speed

As the holiday shopping season approaches, the newest iteration of point-of-sale malware FastPOS appears to have improved its evasion efforts by using modular architecture.

Vendetta Brothers scalable POS campaign revealed

Security researchers have uncovered a detailed cybercrime campaign against point-of-sale systems managed by two entrepreneurial criminals who have instituted the best practices of the global economy.

Hairy situation: Just For Men website rigged to redirect to RIG Exploit Kit

Executives at Combe Incorporated may have sprung a few new gray hairs after learning that the website for its Just for Men brand of hair coloring products was compromised to serve up malware.

Kimpton Hotels details data breach, dozens of properties impacted

The Kimpton Hotel chain officially notified its customers that its point-of-sale system severs had been infected with malware earlier this year, possibly exposing payment card information and cardholder names.

Misfortune cookie: Mr. Chow restaurants website hacked to distribute ransomware

The website for the upscale Mr. Chow restaurants has been compromised to deliver CrypMIC ransomware to visitors via the Neutrino Exploit Kit.

Jerry's Artarama hit with hack

A letter has gone out to customers of Jerry's Artarama advising that its online portal "may have been attacked" by a hacker and customer information "may have been compromised."

Dridex on the loose again, this time in Switzerland

The meteoric rise of Locky ransomware has not completely supplanted the distribution of the notorious Dridex malware.

After the breach: Settlement expected for 50M Home Depot customers

A settlement is brewing between The Home Depot and 50 million customers whose personally identifiable information was compromised in a hack in 2014.

Unwanted guests: Hackers breach HEI Hotels & Resorts' POS terminals

In the latest data breach impacting the hospitality industry, cybercriminals installed malware in the point-of-sale systems of HEI Hotels & Resorts and checked out with customer data that likely includes payment card information.

Research firm finds MICROS hackers infected more POS vendors

Fresh off the discovery that hackers compromised the customer support portal for Oracle's MICROS point-of-sale systems, a new shocking report surfaced, revealing that at least five more POS vendors were similarly breached.

Kimpton Hotel chain investigating possible breach

Kimpton Hotels and Restaurants advised guests of a possible breach.

Point-of-sale experts bypass security measures in popular PIN pad, including EMV protections

After physically demonstrating how to hijack retail point-of-sale transactions - including those using EMV-standard chip cards - two security experts from NCR Corporation offered attendees at Black Hat critical tips on preventing such incidents in real life.

1.5M downloaded fake app Prisma from Google Play

A number of phony apps, masquerading as the popular photo-editing app Prisma, have been removed from the Google Play Store, but not before 1.5 million users downloaded the Android version

POS-terminals become target of cyber-attacks in Russia this year

POS-terminals have increasingly become a target for cyber-attackers in Russia, posing a threat to ordinary buyers and shoppers, according to analysts of FinCERT

Russian web hub offering stolen goods and exploit services, report

A robust underground marketplace for the sale of stolen products from compromised accounts as well as shady online services has been detected in Russia.