Holiday Shoppers Beware: 100K Malicious Sites Found Posing as Well-Known Retailers

Threatpost

Web Security copycat sites Fraud holiday shopping Let's Encrypt Phishing retail tls valid certificatesThe copycat sites are using valid certificates to be more convincing.

Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin

Krebs on Security

Orvis , a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned. and founded in 1856, privately-held Orvis is the oldest mail-order retailer in the United States. Encryption certificates.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Are Data Breaches the New Reality for Retail?

Thales eSecurity

As digital transformation takes hold, the retail industry is under siege from cyber criminals and nation states attempting to steal consumers’ personal information, credit card data and banking information. retailers experiencing a breach in the last year.

How data breaches are affecting the retail industry

IT Governance

Only time will tell – and we may not have to wait long – but in the meantime, what is the impact of data breaches in the retail industry, and what needs to be done to mitigate them? The data included contact information, usernames and encrypted passwords. Data breaches.

Retailers Face Many Challenges, Data Security Doesn’t Have to be One of the Them

Thales eSecurity

Retailers and shoppers are leveraging and enjoying many benefits data sharing brings: loyalty programs, personalized experiences, easier product location and ordering, online shopping, mobile access and the list goes on. Competition is one of many challenges retailers face and while that’s nothing new, the data-driven approach online and brick-and-mortar merchants use today is evolving quickly with transformative technology capabilities. Business is booming and data is flowing.

Retail has a multi-cloud problem…with sensitive data

Thales eSecurity

Digital transformation (DX) is fundamentally impacting all aspects of the economy across every industry, and nowhere is this truer than in retail. DX technologies such as cloud, mobile payments, IoT, Big Data and others have fundamentally changed retailers’ business models, not only by opening new channels to reach customers, but also in how they communicate with, serve, and support them. Encryption technologies are the top tools needed.

The Countdown to Black Friday Has Begun. Are Retailers and Consumers Ready?

Thales eSecurity

So before the shopping frenzy begins, we thought this would be an opportune time to outline some best practices that both retailers and consumers should follow in order to protect consumer data. As convenience technologies evolve, look for more risks to consumers and retailers.

Calculating the Benefits of the Advanced Encryption Standard

Schneier on Security

NIST has completed a study -- it was published last year, but I just saw it recently -- calculating the costs and benefits of the Advanced Encryption Standard. And I certainly agree that the benefits of a standardized encryption algorithm that we all trust and use outweigh the cost by orders of magnitude.

Data: E-Retail Hacks More Lucrative Than Ever

Krebs on Security

Traditionally, the average price for card data nabbed from online retailers — referred to in the underground as “ CVVs ” — has ranged somewhere between $2 and $8 per account. In contrast, the value of “ dumps ” — hacker slang for card data swiped from compromised retail stores, hotels and restaurants with the help of malware installed on point-of-sale systems — has long hovered around $15-$20 per card.

Retail 162

Forever 21 Found Malware and Encryption Disabled on its PoS Devices

Dark Reading

The retailer found signs of unauthorized access and malware installed on point-of-sale devices during an investigation into last year's data breach

Neiman Marcus Settles Lawsuit Over Payment Card Breach

Data Breach Today

Agreement With 43 States Requires Retailer to Use Encryption, Tokenization Forty-three states have reached a settlement with Neiman Marcus over its 2013 data breach, one of several breaches from that period blamed on in-memory malware. The retailer will pay $1.5 million and must use encryption and tokenization to protect card data

Retail 149

UK ICO Issues Unprecedented Fine Against Mobile Phone Retailer for Lax Security

Hunton Privacy

On January 8, 2017, the UK Information Commissioner (“ICO”) issued an unprecedented monetary penalty of £400,000 against British mobile phone retailer, The Car Phone Warehouse Limited. the encryption keys for historical transactions were not stored safely. Cybersecurity Enforcement International Security Breach Encryption EU Regulation Information Commissioners Office Penalty Personal Data Privacy United Kingdom

The importance of encryption in complying with Australia’s Privacy Amendment Act

Thales eSecurity

Around the same time, US fashion retailer Forever 21 admitted that hackers had collected customers’ credit card information from its stores’ point of sale terminals over much of 2017, and the information of nearly 1.2 One thing all of these incidents have in common is how accessible the leaked information was after the breaches themselves occurred, something that could have been avoided had the data been encrypted.

Marriott Starwood hack affects 500 million customers

IT Governance

Encrypted payment card numbers. Cyber Security Data Protection PCI DSS Retail Breaches and Hacks data breach Hack travel and tourismHotel giant Marriott has confirmed that its Starwood Hotels & Resorts guest reservation database has been hacked by an unauthorised party.

Adidas data breach

IT Governance

In its statement , Adidas said: “According to the preliminary investigation, the limited data includes contact information, usernames and encrypted passwords. If you would like more information on how to do this, request a call with one of our retail experts.

FIFA caught hook, line and sinker in phishing attack

IT Governance

While many of us can appreciate his perspective, the fact remains that there are effective tools and systems that organisations can employ to reduce the risks when sharing information, such as encryption, password controls and permissions settings.

Dixons Carphone: 5.9 million payment cards compromised

IT Governance

At this point, the major consumer electronics retailer said there was no evidence of any fraud. The retailer’s chief executive, Alex Baldock, has apologised for the data breach and admitted that the firm has failed its customers. This isn’t the first time that the retailer has suffered a data breach. The data accessed included names, addresses, dates of birth, email addresses and bank details, as well as the encrypted card details of 90,000 people.

Retailers must upgrade online credit card processing security by June 30

Data Protection Report

By June 30, 2018, retailers accepting digital (online) credit card transactions must cease using encryption protocols known as SSL or TLS 1.0. Retailers must transition to TLS 1.1 Encryption protocol TLS 1.0 so upgrading encryption may involve more than a quick protocol fix. The PCI Security Standard Council has offered guidance on moving to higher encryption protocols, including an infographic.

Safely adopting technology in the hospitality industry

IT Governance

They also offer other compelling benefits, such as unlimited data storage, encryption, technical support and reduced demand for internal hardware. . Cyber Resilience Cyber Security Data Protection PCI DSS Retail Staff Awareness Training hospitality hotelsThe hospitality sector has embraced consumer-facing technology.

Morrisons loses data leak appeal

IT Governance

Cyber Security Data Protection IT Best Practice Retail data breach data misuseSupermarket giant Morrisons has lost the latest round in the legal battle for compensation by thousands of its staff whose personal details were leaked on the Internet.

Sailing the cyber security waves

IT Governance

This could include: Staff training ; Limiting user privileges; Keeping systems up to date; Implementing encryption methodologies; and. Cyber Security Data Protection ISO 27001 Retail Staff Awareness Cruise operators Freight Maritime industry Shipping Travel travel and tourismShips have experienced a digital transformation in recent years. New technologies are helping them navigate the waters and ensure that everyone on board experiences the connectivity and convenience they expect.

Experts report a rampant growth in the number of malicious, lookalike domains

Security Affairs

Cyber security firm Venafi announced it has uncovered lookalike domains with valid TLS certificates that appear to target major retailers. Ahead of the holiday shopping season , security experts from Venafi conducted a study of typosquatted domains used to target 20 major retailers in the United States, the United Kingdom, Australia, Germany, and France. Over half (60%) of the look-alike domains studied use free certificates from Let’s Encrypt. .

Robot receptionists aren’t the answer: Why the hotel industry should rethink its approach to smart technology

IT Governance

For example, 29% of hotels didn’t encrypt initial links containing booking IDs and references to customers, which could enable crooks to eavesdrop and steal these details. Cyber Security RetailThe hospitality sector has been clamouring for technological innovation recently, with organisations eager to find novel ways to improve the customer experience. You might have heard about Connie, a Watson-enabled robot concierge that’s been introduced at the Hilton in McLean, Virginia.

Addition to Washington Breach Law Imposes Retailer Liability in Payment Card Breaches

Hunton Privacy

For example, there is no liability if the account information was encrypted at the time of the breach. Under a Washington law effective July 1, 2010, certain entities involved in payment card transactions may be liable to financial institutions for costs associated with reissuing payment cards after security breaches. Designed to encourage the reissuance of payment cards as a means of mitigating harm caused by security breaches, Washington H.B.

Data Stewards, Say Goodbye to Painful, Rules-based Matching.

Reltio

You can generate on demand with background re-encryption of data using the new keys or automatically, according to a schedule. Business IT B Business B Compliance B Compliance & GDPR B Customer 360 B Digital Transformation B IT B Machine Learning B Retail & CPGBring on the data and teach the machine to make your life easier. Too much data, too little time! Today’s data management problem is not one of lack, but that of excess.

MDM 40

Report Shows Major Security Holes in Banking Apps

Adam Levin

The analysis was conducted by the Aite Group, which looked at mobile apps in eight categories: retail banking, credit cards, mobile payment, healthcare savings, retail finance, health insurance, auto insurance and cryptocurrency. Other findings included improperly secured database commands (capable of allowing man-in-the-middle attacks), weak encryption, and the ability to reverse-engineer the app code into a readable format.

Breach at Hy-Vee Supermarket Chain Tied to Sale of 5M+ Stolen Credit, Debit Cards

Krebs on Security

But typically, such breaches occur when cybercriminals manage to remotely install malicious software on a retailer’s card-processing systems. “These locations have different point-of-sale systems than those located at our grocery stores, drugstores and inside our convenience stores, which utilize point-to-point encryption technology for processing payment card transactions,” Hy-Vee said. “This encryption technology protects card data by making it unreadable.

Sales 184

Wawa Breach May Have Compromised More Than 30 Million Payment Cards

Krebs on Security

” Gemini’s director of research Stas Alforov stressed that some of the 30 million cards advertised for sale as part of this BIGBADABOOM batch may in fact be sourced from breaches at other retailers, something Joker’s Stash has been known to do in previous large batches.

Sales 221

Business Continuity Plans Must Evolve for the Post-COVID World

InfoGoTo

Many employees have been forced to connect to business networks from computers that lack company-sanctioned software, up-to-date malware protection, encryption controls and secure email clients. The pandemic has revealed a painful downside to just-in-time inventory management as some retailers and manufacturers were caught flat-footed when their suppliers were shut down by illness or government mandate.

Cloud 76

Ransomware at IT Services Provider Synoptek

Krebs on Security

based Synoptek is a managed service provider that maintains a variety of cloud-based services for more than 1,100 customers across a broad spectrum of industries , including state and local governments, financial services, healthcare, manufacturing, media, retail and software.

GUEST ESSAY: 3 key ingredients to stress-free compliance with data handling regulations

The Last Watchdog

Encryption provides an extra layer of security and control over your data, as well as the systems holding and transmitting your data. This enables regulatory compliance with HIPPA for healthcare organizations, PCI DSS for retailers, and other regulations. Data encryption also allows your employees to continue sharing files through familiar systems like email. For complete control of your encrypted data, you must have sole access to your encryption keys.

MY TAKE: Why the next web-delivered ad you encounter could invisibly infect your smartphone

The Last Watchdog

The tech titans have swelled into multi-billion dollar behemoths by myopically focusing on delivering targeted online advertising, in support of online retailing. Cybercriminals have begun escalating their efforts to bend the legitimate online advertising and retailing fulfillment ecosystem to their whims. Hark back two decades, Olson says, and the software that website publishers deployed to conduct online advertising and retail transactions was 80 percent homegrown.

Retail 115

Key Ring digital wallet exposes data of 14 Million users in data leak

Security Affairs

The images include scans of government-issued IDs, retail club membership and loyalty cards, NRA membership cards, gift cards, credit cards with all details exposed (including CVV), medical insurance cards, medical marijuana ID cards, and more.

SHEIN Data breach affected 6.42 million users

Security Affairs

Another fashion retailer suffered a data breach, the victim is SHEIN that announces the security breach affected 6.42 The retailer hired a forensic cybersecurity firm as well as an international law firm to investigate the security breach.

Croatia’s largest petrol station chain INA group hit by ransomware attack

Security Affairs

Fuel sales at our retail locations continue unhindered. “Multiple sources have told ZDNet the cyber-attack is a ransomware infection that infected and then encrypted some of the company’s backend servers.”

Report: Threat of Emotet and Ryuk

Security Affairs

Analyzing the general distribution of the compromised domains, grouped by category, it is possible to verify that the most affected were as follows: professional/companies (20.2%), personal (13.5%), retail (12.7%) and industry (11.9%).

The Future of Payments? Frictionless.

Thales eSecurity

With an estimated $500 billion retail market spend per year, what’s next for the payments industry as a whole. Consumers today live in the world of Amazon and online shopping and the need for effortless speed is ever-growing thanks to the retail giant. For example, in our annual Data Threat Report we found that 97% of respondents are storing sensitive data in digitally transformative environments, but only 30% are deploying encryption.

FBI Warns of ‘Unlimited’ ATM Cashout Blitz

Krebs on Security

“The cyber criminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores,” the FBI warned.

List of data breaches and cyber attacks in March 2020 – 832 million records breached

IT Governance

Randleman Eye Center says some files were encrypted in cyber attack (unknown). India-based electronics retailer Vijay Sales made to pay for misconfigured database (unknown). Financial companies embroiled in massive data leak after failing to encrypt info (500,000).

Freedom Mobile data breach impacts at least 15,000 customers

Security Affairs

All the data was encrypted. Freedom Mobile attempted to downplay the incident saying that the total records stored in the unprotected database were related to only 15,000 customers who had opened or made any changes to their accounts at 17 Freedom Mobile retail locations between March 25 and April 16. Canadian Freedom Mobile mobile network operator exposed the details of many customers, including their payment card data.