Content about Computer security

August 21, 2014

Retailers working to improve their security posture have a new threat to consider: Backoff malware.

By Deena Coffman, IDT911 Consulting

Retailers working to improve their security posture have a new threat to consider: Backoff malware. Although its appearances have been traced back as early as October 2013, Backoff is still inflicting harm in the retail sector by actively targeting point-of-sale systems, and the United State is its favorite target, according to TrendMicro’s analysis.

July 31, 2014

The U.S. Department of Homeland Security is warning retailers about a new, nearly indetectable computer virus known as “Backoff” that poses a threat to POS systems.

Washington, D.C. – The U.S. Department of Homeland Security is warning retailers about a new, nearly indetectable computer virus known as “Backoff” that poses a threat to POS systems. According to an advisory from Homeland Security, most antivirus software cannot recognize Backoff.

July 28, 2014

The National Retail Federation, Retail Industry Leaders Association, Food Marketing Institute, Merchant Advisory Group, National Association of Convenience Stores, National Grocers Association, and National Restaurant Association are jointly calling for an open and universal tokenization standard in the U.S. payments system.

Washington, D.C. – The National Retail Federation (NRF), Retail Industry Leaders Association (RILA), Food Marketing Institute (FMI), Merchant Advisory Group, National Association of Convenience Stores (NACS), National Grocers Association, and National Restaurant Association (NRA) are jointly calling for an open and universal tokenization standard in the U.S. payments system.

June 24, 2014

A pound of prevention (which in this case means the use of chip-based payment cards, encryption of data stored in the enterprise, and restriction of third-party network access) is not a complete cure when it comes to improved data security for retailers, according to panelists at the recent CIO Symposium at the MIT Sloan School of Management in Cambridge, Massachusetts.

June 12, 2014

P.F. Chang’s China Bistro Inc. is the latest retailer to investigate a possible data breach.

Scottsdale, Ariz. — P.F. Chang’s China Bistro Inc. is the latest retailer to investigate a possible data breach.

The retailer emailed has been contacted by banks and law enforcement agencies about online reports that credit card and debit card numbers matching ones used at P.F. Chang’s locations between March and May 2o14 have appeared for sale on underground hacker websites.

Media reports indicate the U.S. Secret Service is also investigating the potential breach, although the Secret Service has not publicly commented.

 

June 10, 2014

Target Corp. has named Brad Maiorino as senior VP, chief information security officer, a new position added as the chain overhauls its security department in the wake of its data breach. Maiorino comes to Target from General Motors, where he was the company’s chief information security and information technology risk officer. Prior to that, he was the chief information security officer at General Electric.

Minneapolis — Target Corp. has named Brad Maiorino as senior VP, chief information security officer, a new position added as the chain overhauls its security department in the wake of its data breach.  Maiorino comes to Target from General Motors,  where he was the company’s chief information security and information technology risk officer.  Prior to that, he was the chief information security officer at General Electric.

May 7, 2014

Chain Store Age will host a webinar sponsored by Voltage Security on the steps retailers can take to secure their store and online networks against costly data breaches.

New York -- Chain Store Age will host a webinar sponsored by Voltage Security on the steps retailers can take to secure their store and online networks against costly data breaches. Speakers will also discuss key lessons learned from the recent breaches, and the latest developments in data security and retail fraud protection.
   

May 6, 2014

IBM has introduced comprehensive new security software and services to help organizations protect their critical data in an environment where advanced persistent threats, zero day attacks, breaches, and the financial impact on an organization continue to rise.

Armonk, N.Y. -- IBM has introduced comprehensive new security software and services to help organizations protect their critical data in an environment where advanced persistent threats, zero day attacks, breaches, and the financial impact on an organization continue to rise.

According to two IBM-commission studies, the average cost of a data breach increased by 15%, reaching an average of $3.5 million. The majority of companies surveyed say targeted attacks are the greatest threat, costing them on average $9.4 million in brand equity alone.

May 5, 2014

It has been about five months since the Target data breach made the vulnerability of retail POS data a hot topic. Investigation has since shown the Target breach did not involve POS terminals.

It has been about five months since the Target data breach made the vulnerability of retail POS data a hot topic. Investigation has since shown the Target breach did not involve POS terminals. However, high-profile thefts of customer payment card data from Target and other retailers including Neiman Marcus, Michaels and Sally Beauty Supply have highlighted the need for U.S. retailers to adopt the global Europass, MasterCard and Visa (EMV) standard for accepting payments from cards that store consumer information on secure embedded microchips, rather than on magnetic stripes.

May 1, 2014

The recent cyber attacks on Target, Neiman Marcus and Michaels Stores had an immediate and profound impact on sales, as well as a widespread and ongoing ripple effect on consumer confidence in the safety of credit-card information at point-of-sale terminals.

By Jason Fredrickson, Guidance Software

The recent cyber attacks on Target, Neiman Marcus and Michaels Stores had an immediate and profound impact on sales, as well as a widespread and ongoing ripple effect on consumer confidence in the safety of credit-card information at point-of-sale (POS) terminals.

April 29, 2014

Consumers avoid doing business with a breached organization at a high rate.

San Francisco - Consumers avoid doing business with a breached organization at a high rate. According to a new study conducted by Javelin Strategy & Research and commissioned by data management solution provider, Identity Finder, 33% of customers will shop elsewhere if their retailer of choice is breached.

April 23, 2014

Ever since the major retailer breaches last year, outsiders have been pointing fingers at the victim merchants demanding to know how something like this could happen. But cyber risk in the payment card industry is a problem greater than any one company.

By Erin Nealy Cox, Stroz Friedberg

April 18, 2014

If retailers want to address credit card breaches head-on, then they need to join the leaders already taking their systems off the radar of advanced malware based attacks — especially any retailer that's seen repeated attacks, which illustrate that traditional IT defenses simply don't cut the mustard.

By Mark Bower, Voltage Security

April 15, 2014

Target’s massive data breach continues to reverberate in the headlines, but in reality it’s just one of countless attacks that affect the retail industry on a daily basis.

By Jason Glassberg, co-founder of Casaba

Target’s massive data breach continues to reverberate in the headlines, but in reality it’s just one of countless attacks that affect the retail industry on a daily basis. Whether it’s highly sophisticated malware developed out of Russia, local hit-and-run point-of-sale thieves or insider threats, retailers must adapt to this increasingly risky environment.

March 31, 2014

Information security firm Trustwave Holdings Inc., which is being sued in connection with the Target Corp. data breach, is denying that it managed data security for Target.

Chicago – Information security firm Trustwave Holdings Inc., which is being sued in connection with the Target Corp. data breach, is denying that it managed data security for Target. In a letter to its business partners and clients, Trustwave CEO Robert McCullen said Trustwave did not monitor the Target data network or process credit card data from the retailer’s customers.

March 17, 2014

When preventing the type of data breaches that have recently gotten the names of several major retailers in the news for all the wrong reasons comes up, the discussion focuses almost exclusively on what type of technology should be employed to prevent them.

When preventing the type of data breaches that have recently gotten the names of several major retailers in the news for all the wrong reasons comes up, the discussion focuses almost exclusively on what type of technology should be employed to prevent them. IT is certainly a cornerstone of any retailer’s data security defense, but as explained in a Tech Boot Camp session at Chain Store Age’s 50th annual SPECS conference, a dose of common sense also goes a long way toward preventing unwanted visitors from entering your company’s network.

March 14, 2014

Target dropped prices on its monitored assortment by more than 20% during the days leading up to its confirmation of the data breach that compromised the security of 70 million customers’ personal information during the pre-holiday shopping season.

Ottawa, Canada - Target dropped prices on its monitored assortment by more than 20% during the days leading up to its confirmation of the data breach that compromised the security of 70 million customers’ personal information during the pre-holiday shopping season. According to data from 360pi analyzing approximately 830 products across eight categories, including TVs, tablets, digital cameras and more, Target dropped its prices by 18% between Dec. 14 and Dec. 17.

March 14, 2014

Target Corp. acknowledged its security software picked up on suspicious activity after a cyber attack was launched, but it decided not to take immediate action.

New York -- Target Corp. acknowledged its security software picked up on suspicious activity after a cyber attack was launched, but it decided not to take immediate action. The chain also advised that its security breach last year could be even more extensive than reported so far, Reuters reported.

March 13, 2014

Target Corp. reportedly had early notice of the holiday data breach that exposed the personal and financial information of millions of customers but did not act upon it.

Minneapolis – Target Corp. reportedly had early notice of the holiday data breach that exposed the personal and financial information of millions of customers but did not act upon it. According to Bloomberg, a $1.6 million security application called FireEye notified Target of a possible intrusion in to its network, but the retailer failed to respond.

March 6, 2014

Sally Beauty Holdings Inc., which sells cosmetics and hair care products both through salons and its own chain of more than 3,000 retail Sally Beauty Supply stores globally, is reporting that it discovered an attempted data breach.

Denton, Texas – Sally Beauty Holdings Inc., which sells cosmetics and hair care products both through salons and its own chain of more than 3,000 retail Sally Beauty Supply stores globally, is reporting that it discovered an attempted data breach.

February 11, 2014

The National Cyber Investigative Joint Task Force, a combined effort of the FBI, Secret Service, intelligence agencies, and the Department of Homeland Security, has released a report stating there is no evidence that recent data breaches in the computer networks of U.S., retailers are a deliberate attack on the U.S., economy.

Washington, D.C. – The National Cyber Investigative Joint Task Force, a combined effort of the FBI, Secret Service, intelligence agencies, and the Department of Homeland Security, has released a report stating there is no evidence that recent data breaches in the computer networks of U.S., retailers are a deliberate attack on the U.S., economy.

February 6, 2014

Increasingly, commercial heating, ventilation and air-conditioning (HVAC) and other building management systems in retail stores are connected to the Internet. And as recent events have shown, such systems (often called “smart systems”) also raise big security implications.

By Dwayne Melancon, chief technology officer, Tripwire

January 30, 2014

Target reportedly said a data breach at an unidentified vendor led to hackers obtaining phony credentials that allowed them to gain access to Target’s systems and steal the information for 40 million credit and debit cards, as well as the personal data of about 70 million consumers.

Minneapolis – Target reportedly said a data breach at an unidentified vendor led to hackers obtaining phony credentials that allowed them to gain access to Target’s systems and steal the information for 40 million credit and debit cards, as well as the personal data of about 70 million consumers. According to the Associated Press, Target did not offer any specific details on who the vendor was or how hackers obtained the credentials.

January 27, 2014

Secure data vault provider CertainStore is rolling out of a cybersecurity solution utilizing its proprietary micro-encryption/micro-tokenization technology to prevent the re-occurrence of recent malicious attacks on customer data.

Colorado Springs, Colo. – Secure data vault provider CertainStore is rolling out of a cybersecurity solution utilizing its proprietary micro-encryption/micro-tokenization technology to prevent the re-occurrence of recent malicious attacks on customer data.

January 24, 2014

The FBI has reportedly issued a confidential report to U.S. retailers warning that more cyber attacks like the ones recently suffered by Target and Neiman Marcus will occur.

Washington, D.C. – The FBI has reportedly issued a confidential report to U.S. retailers warning that more cyber attacks like the ones recently suffered by Target and Neiman Marcus will occur. According to Reuters, the three-page report was distributed Jan. 17 and informs retailers that the FBI has discovered in the past year there have been at least 20 attacks using the same type of malware used against Target.