Retail – Page 12 – WindowsTechs.com

Hide it well or market it well: Two reports show how point-of-sale malware has users in mind

Posted on March 14, 2019 by Jeff Stone

Sometimes the little things can help cybercriminals separate their wares from the pack. It could be an uncommon feature in the malware itself, or it could just be a new way to market a familiar strategy. In unrelated reports Wednesday, cybersecurity companies detailed DMSniff, which takes a new approach to remaining stealthy as it steals point-of-sale (POS) information from consumers, as well as GlitchPOS, which steals credit-card information in a familiar way but comes with an instructional video from its creators. Threat intelligence company Flashpoint reports that DMSniff has quietly been in active use since 2016 thanks in part to a domain generation algorithm, which allows hackers to continue siphoning data from a web page even after police or researchers have taken hackers’ domain pages offline. Flashpoint notes that the use of such an algorithm is “rarely seen” in the smash-and-grab world of POS malware, where thieves typically distribute malware to as many sites as possible and […]

The post Hide it well or market it well: Two reports show how point-of-sale malware has users in mind appeared first on CyberScoop.

Continue reading Hide it well or market it well: Two reports show how point-of-sale malware has users in mind→

Up to 40 percent of traffic on ticket sites is automated. Here’s why that’s bad for security.

Posted on February 28, 2019 by Jeff Stone

If you have rushed to score exclusive concert tickets online, the chances of you competing against a human are dwindling. According to new research, nearly 40 percent of traffic to ticketing websites is made up of bots, automated programs used by brokers and cybercriminals to do everything from denying customers inventory and scalping tickets to taking over customer accounts to commit fraud. An analysis of 26.3 billion requests from 180 websites reveals that bad bots made up 39.9 percent of ticketing traffic between September and December 2018, according to the bot mitigation company Distil Networks. Seventy-eight percent of bots evaded detection by relying on human-like behavior, and most (42.2 percent) targeted the primary ticket markets, compared to 23.9 percent that hit secondary markets. Distil suggested this kind of bot traffic hurts ticket sellers by making it more difficult to purchase tickets, which results in frustrated fans and artists complaining on […]

The post Up to 40 percent of traffic on ticket sites is automated. Here’s why that’s bad for security. appeared first on CyberScoop.

Continue reading Up to 40 percent of traffic on ticket sites is automated. Here’s why that’s bad for security.→

IBM Warns Retailers of Trojan Threat

Posted on February 12, 2019 by Michael Vizard

IBM has issued a cybersecurity advisory warning about an attack method originally developed for defraud banks that now is being applied to the retail sector. Limor Kessem, global executive security advisor for IBM Security, said the two-step IcedID Tr… Continue reading IBM Warns Retailers of Trojan Threat→

Hackaday Links: February 10, 2019

Posted on February 11, 2019 by Brian Benchoff

Last month was NAMM, the National Association of Musical Something that begins with ‘M’, which means we’re synthed and guitarded out for the year. The synth news? Behringer are making cheap reproductions and clones of vintage gear. There’s something you need to know about vintage gear: more than half of everything produced today has a Roland 808 or 909 drum machine (or sample), a 303 bass synth, or a 101 mono synth in it. Put an 808, 909, 303, and 101 on the same table, connected to a mixer, and you can make most of the electronic music from the …read more

Continue reading Hackaday Links: February 10, 2019→

IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites

Posted on February 6, 2019 by Itzik Chimino

The X-Force research team investigated the IcedID Trojan’s two-step injection attack that enables it to steal access credentials and payment card data from e-commerce customers in North America.

The post IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites appeared first on Security Intelligence.

Continue reading IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites→

Retail technology platform Relex raises $200M from TCV

Posted on February 6, 2019 by Ingrid Lunden

Amazon’s formidable presence in the world of retail stems partly from the fact that it’s just not a commerce giant, it’s also a tech company — building solutions and platforms in house that make its processes, from figuring out what to sell, to how much to have on hand and how best to distribute it […] Continue reading Retail technology platform Relex raises $200M from TCV→

Multifactor Authentication Delivers the Convenience and Security Online Shoppers Demand

Posted on January 21, 2019 by Pier Luigi Rotondo

When framed as an innovative, even “cool” feature, multifactor authentication can deliver the security online retail customers demand without diminishing the user experience.

The post Multifactor Authentication Delivers the Convenience and Security Online Shoppers Demand appeared first on Security Intelligence.

Continue reading Multifactor Authentication Delivers the Convenience and Security Online Shoppers Demand→

The Success of Your Business Depends on Digital Trust. Here Is How to Measure It

Posted on January 16, 2019 by Kami Haynes

As consumers become more aware of their data privacy, organizations across sectors are under increasing pressure to deliver frinctionless digital trust.

The post The Success of Your Business Depends on Digital Trust. Here Is How to Measure It appeared first on Security Intelligence.

Continue reading The Success of Your Business Depends on Digital Trust. Here Is How to Measure It→

Phishing Tactic Hides Tracks with Custom Fonts

Posted on January 4, 2019 by Lindsey O'Donnell

The phishing campaign is using a new technique to hide the source code of its landing page – and stealing credentials from customers of a major U.S.-based bank. Continue reading Phishing Tactic Hides Tracks with Custom Fonts→

The Gift That Keeps on Giving: PCI Compliance for Post-Holiday Season Returns

Posted on January 3, 2019 by Douglas Bonderud

Holiday spending is on the rise both in-store and online. How can retailers ensure PCI compliance to manage large transaction volumes and post-holiday refunds?

The post The Gift That Keeps on Giving: PCI Compliance for Post-Holiday Season Returns appeared first on Security Intelligence.

Continue reading The Gift That Keeps on Giving: PCI Compliance for Post-Holiday Season Returns→