Homeland Security Advisory - More Than 1,000 Businesses Hit by Same Cyber Attack as Target - More Retailers Will Be Announcing Breaches - Government urges retailers to scan Your POS systems!  More than 1,000 American businesses have been affected by the cyberattack that hit the in-store cash register systems at Target, Supervalu and most recently UPS Stores, the Department of Homeland Security said in an advisory released on Friday. The attacks were much more pervasive than previously reported, the advisory said, and hackers were pilfering the data of millions of payment cards from American consumers without companies knowing about it. The breadth of the breaches, once considered limited to a handful of businesses, underscored the vulnerability of payment systems widely used by retail stores across the country. On July 31, Homeland Security, along with the Secret Service, the National Cybersecurity and Communications Integration Center and their partners in the security industry, warned companies to check their in-store cash register systems for a malware package that security experts called Backoff after a word that appeared in its code. Until that point, Backoff malware and variations of it were undetectable by antivirus products. Since then, seven companies that sell and manage in-store cash register systems have confirmed to government officials that they each had multiple clients affected, the government said Friday. Some of those clients, like UPS and Supervalu, have stepped forward, but most have not. That means at least 5 more retailers will be announcing soon! (Source nytimes.com)

'Backoff' is the new standard by which other malware will be judged - Remote Access is killing the retailers!  Backoff works by allowing further remote control of the infected system, grabbing credit card data out of memory, writing files with sensitive authentication data, and transmitting the stolen information using standard HTML posts. There is nothing particularly innovative about how Backoff works, but the completeness of its design and simplicity has allowed some of the biggest credit card thefts in history. Hackers can easily obtain a copy of Backoff from the Internet; it is streamlined so that it causes few issues installing it on a remote machine; and it was well written so that it is extremely effective at stealing data once it is in place. The key to defeating Backoff is by embracing basic security measures which too many retailers have ignored regardless of initiatives like the Payment Card Industry Data Security Standard (PCI). First and foremost, make sure that remote access is secure. (Source retailcustomerexperience.com)

Lessons learned from UPS Store breach - Make a list of the employees and vendors with remote access and restrict their privileges to those resources that are absolutely necessary Also, passwords should be changed at least every six months and when vendors are dropped or employees leave, their credentials should be revoked immediately Experts have a long list of suggestions for retailers to avoid security breaches. A protective technology recommended for POS systems is white-listing software that blocks any unknown code from executing. "Whitelisting works really well in environments where the software that should be running is very restrictive, such as a point-of-sale terminals," Wysopal said. Requirements could include an approved POS system, regular installation of updates and patches, regular password changes, controls for limiting employee and vendor access and regular security training for franchise owners, managers and POS workers. "A lot of these breaches are because of people who just don't know the risks." (Source csoonline.com)

Feeding The Credit Card Fraud Epidemic - The crime that keeps growing and won't go away - It's a mad rush to hit the U.S. before EMV  At the end of the day all of these data breaches keep feeding the credit card fraud epidemic hitting the U.S. With cases in every city across America and no end in site. Millions of cards roaming the internet worldwide and the U.S. with a bulls eye squarely planted on every business that takes online payments, keeps patient data, and has POS systems. This is a war and Russian crime gangs are waging it against us.

NYPD urged to outfit officers with body cameras
City Public Advocate Letitia James on Thursday proposed a pilot program that would outfit dozens of New York Police Department officers in high-crime precincts with body-mounted cameras. While not making the final selection, Ms. James's office is testing two brands of cameras that are the size of a pager and cost between $400 and $900 each. In other cities where the cameras are used—such as New Orleans and San Diego—Ms. James said they have helped reduce the burden of civil suits against police. (Source wsj.com)

Dollar General releases statement on Family Dollar rebuff - says their proposal is superior to Dollar Tree's

Activist Investor Presses Ann Taylor for a Sale

Burger King in Talks to Buy Tim Hortons and Move to Canada

Macy's Said Near Deal in China - with Abu Dhabi store on the boards as well - first full-line store abroad

Quarterly Same Store Sales Results
Tuesday Morning Q2 up 7.4% with net sales up 5.2%
Foot Locker Q2 up 7% withy total sales up 12.9%
Ann Q2 down 2.3% with net sales up 1.6%
Aeropostale Q2 down 13% with net sales down 13%

Last week's most popular news article --



Kroger pressured to ban open-carry guns in stores  The fight over whether shoppers should be allowed to tote guns openly in American businesses is about to spill into the aisles of Kroger, the nation's largest supermarket chain. Moms Demand Action for Gun Sense in America, a national gun control organization backed by former New York Mayor Michael Bloomberg, will kick off a campaign this week that seeks to pressure the grocery giant to ban the open carry of firearms in all of its nearly 2,500 stores. (Source huffingtonpost.com)

All the News - One Place - One Source - One Time
The D&D Daily respects your time & doesn't filter retail's reality
 

E-retailers lead the way on e-mail security
The web sites of the Top 100 e-retailers, as included in the Internet Retailer Top 500 Guide, are outpacing other industries—such as social networks, government organizations, financial institutions and news outlets—in terms of implementing e-mail security standards, according to the Online Trust Alliance’s Email Integrity Audit, a companion to the recently released annual Online Trust Honor Roll, which analyzes the trustworthiness of web sites based on data protection, privacy and security. The report focuses on e-mail security and privacy protection practices of more than 800 web sites, including those maintained by merchants in the Internet Retailer Top 500 Guide. The report also analyzed more than 100 million e-mail headers. The report tested sites for two standard e-mail security protocols: Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). “These protocols work to complement each other to help verify that the email is authorized by the owner of the domain used,” the report says. SPF describes where a domain’s e-mail should be coming from. DKIM uses cryptography to sign messages originating from a server. Among the Internet Retailer Top 100, 100% of the sites tested use SPF or DKIM, and 88.0% use both of the protocols—the highest percentage of any industry tested. (Source internetretailer.com)
 

Northern California online ID & credit card Vendor - Thief gets 100 months in federal prison  Makyl Haggerty, also known as “Wave” and “G5,” must also pay $50.5 million in restitution for his part in the identity theft and credit card fraud ring known as “Carder.su.” Carder.su members trafficked in compromised credit card account data and counterfeit identifications, and committed money laundering, drug trafficking and various computer crimes. He worked as a vendor on the organization’s websites and sold about 1,000 counterfeit identification documents and counterfeit credit cards to other Carder.su members. The 24-year-old Oakland resident made and sold counterfeit driver’s licenses for at least 15 states and British Columbia. Fifty-six people were charged in four indictments in Operation Open Market, which targeted the Carder.su organization. So far 25 people have been convicted. The rest are either fugitives or awaiting trial. (Source reviewjournal.com)

Two ORC suspects sought hitting Sam's Club in Shreveport, La. for thousands in electronics in multiple thefts  Nathan C. Stachmus and Missy Lepitre, both 30, have been named as suspects in a series of thefts from the Sam's club located in the 7400 block of Youree Drive. Back on June 28, Stachmus is captured on surveillance video entering the business and removing thousands of dollars in electronics before walking out of the business. On a number of occasions, Stachmus is observed traveling with Lepitre, who apparently serves as an accomplice during the commission of the thefts. The suspects are suspected of thefts which have also occurred in other states in the southern region. The couple is believed to reside in the Hot Springs, Arkansas, area but frequents the Shreveport-Bossier City area. Arrest warrants for the couple have been signed charging the duo with Felony theft. (Source shreveporttimes.com)

Female ORC suspect hitting Walmart stores in several states Between Florida and Missouri for tens of thousands in electronics  New images have been made available showing a brazen thief making off with tens of thousands of dollars in new electronics from three Walmarts in the region late last week. The suspect walks into the store, grabs a cart and uses whatever she can find and smashes the display case and throws everything in the cart and casually walks out of the store,” said LaHay. “She typically wears nurse type scrubs and even has a name tag pinned on her uniform. That time (of the night) the buffer machines are running and there is only one clerk at the registers, so she waits until their head is turned to walk out of the store.” There were three Walmart’s in the region hit Friday morning: High Ridge, Desoto and Potosi, MO. Local authorities were joined by multiple jurisdictions across the United States searching for a Chrysler minivan and its occupant or occupants. The driver and other possible passengers are wanted for stealing thousands of dollars in merchandise. (Source dailyjournalonline.com)

Best Buy employee, boyfriend charged in identity theft ring in Gwinnett Co. GA  Investigators say Adriana Orellana ran applications for iPhone and Verizon service using the names and information from victims her boyfriend had stolen the identities from. Christopher Verdell is behind bars. Both he and Orellana are charged in three cases where police say they have video showing the couple committing the crimes at the Best Buy store on Pleasant Hill Road in Duluth. Gwinnett County police reports show Best Buy internal security suspects there are as many as 30 additional incidents at the Pleasant Hill store and another store in Atlanta where a relative of Orellana's works. (Source wsbtv.com)

Credit card fraud International Gang arrested in Dubai
Police say they have arrested three of five members of an international gang that uses high-tech equipment in ATMs to steal credit card data. The suspects were detected by Dubai Police as part of an operation “Ramadan Cannon” The other two suspects are being pursued in a European country in collaboration with Interpol. Dubai Police said the gang made sure it never sent the same member to a target country twice, and never used data from the stolen credit card in the country in which it was issued. He said the suspects caught in Dubai had almost 60 stolen cards in their possession when arrested. Dubai Police said the gang would plant a device equipped with a scanner and a camera in ATMs to scan credit card data as clients conducted transactions. They would then provide the data to their accomplices in Europe to produce fake cards. The suspects are wanted in European countries and North America. (Source thenational.ae)

Macy's employee arrested in $50,000 Michael Kors scheme
An employee at the Macy’s store in Palm Beach Gardens, Florida, is accused of stealing more than $50,000 worth of merchandise from the store over a one-year period starting last August, according to an arrest report made public Friday. Odell Tripp of West Palm Beach, 25, began stealing Michael Kors handbags and wallets in August 2013, swiping $36,000 worth of merchandise in the first six months, the report said. This year he allegedly stole about $14,000 worth of the products. City police were informed of the thefts by an anonymous woman who said Tripp had been selling the merchandise “on the streets.” (Source palmbeachpost.com)

Belk Employee and Co-Conspirator arrested for Fraud Scheme in Rock Hill, NC
A Belk employee and an alleged co-conspirator were arrested Friday in connection to a fraud scheme, according to a Rock Hill Police report. A Belk loss prevention worker claimed that Mark Thomas, 23, who is a cashier for the Galleria store, and Tazhane Atkins, 21, sought to exchange items with the wrong price tags for a refund total of $2706.89. Police viewed surveillance video showing Thomas and Atkins had committed similar incidents for two months.  (Source islandpacket.com)

Two Brooklyn, N.Y., men busted using 11 fake credit cards over two days buying gift cards in Vermont

Four suspects arrested for ORC stealing cartons of cigarettes from Walmart in Houston
 

Job Opening

Company

Location

Origination
 

National Account Mgr

Confidential

Northeast

Downing & Downing

Job Opening

Company

Location

Origination

Last week's most popular articles--

Uncomfortable Being the Boss? 5 Tips to Help  There's a lot on your plate and a lot that you are responsible for when you are the boss. Maybe it doesn't always feel right, or maybe you're more of a persuader, not a commander. Here are some tips to help you be in charge. (Ask for help)

Fixing a Work Relationship Gone Sour
Sometimes you get stuck in a rut with someone at work, whether it's a boss or a coworker. Maybe the two of you had a falling out or maybe you two just don't get along. Instead of calling it a lost cause, use these steps to take action and start anew. (Neutral ground)