Attacks/Breaches
11/13/2014
12:18 PM
Connect Directly
Google+
Twitter
RSS
E-Mail vvv
50%
50%

Retail Hacking: What To Expect This Holiday Season

Find out what retailers are doing (and not doing) to keep customers and transactions safe on Dark Reading Radio with guests with Nick Pelletier of Mandiant, and Arthur Tisi, CIO, Natural Markets Food Group.

Call it The Year of the Retail Breach.

It's been one year since Target suffered a massive data breach of 40 million customer credit and debit card numbers in an attack that rocked both the retail industry and consumer world. Target was only the beginning of what ultimately became a string of major hacks against big-name retailers that resulted in the theft of millions of customer payment card accounts. The list included Neiman Marcus, Michael's, Sally Beauty, P.F. Chang's, Dairy Queen, UPS, JimmyJohn's, Staples, and Home Depot, which all came clean this past year with breach disclosures. And it's very likely there are many more retailers that haven't yet disclosed attacks, as well as others that may not yet know.

Now that the holiday season is about to kick off both online and in brick-and-mortar stores, is yet another wave of attacks imminent? Not only is it prime shopping season, but it's also the time of year when retailers institute their annual "freeze" on new technology and some security patching to avoid disruption to their busiest and most lucrative revenue-generating time of the year, a strategy that could leave some stores even more at risk.

[After the Year of the Retail Breach, retail's annual holiday shopping season "freeze" on new technology and some security patching is just around the corner. Read Retailers Facing Intensified Cyberthreat This Holiday Season.]

Join us on Wednesday, November 19 at 1:00 p.m. ET (10:00 a.m. PT), when I will host the next episode of Dark Reading Radio, where we will explore the threats to holiday shoppers and retailers, and what retailers are doing (or not) to keep their systems and customers safe from cybercrime. My guests will be Nick Pelletier, senior consultant with Mandiant, who has conducted forensic investigations for retailers and other high-profile breach targets, and Arthur Tisi, co-founder and CEO at The Praescripto Group LLC, and former CIO for Natural Markets Food Group, who also serves as an advisor to the retail industry.

So register here now to listen to the broadcast next week. Have questions for our guests? Share them in the comments section below, or bring them along to the show. Both Nick and Arthur will join us in a live text chat following the broadcast, where you can ask them your burning questions about the upcoming holiday shopping cyberthreats.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/21/2014 | 8:26:36 AM
Missed the live DR Radio broadcast on retail hacking this holiday season? You're not too late..
Check out the radio broacast archive and chat transcript (including surpsise guest appearances in the chat room by Sean Mason, VP, Incident Response, Resolution1 Security  & Pat Carrol, Founder and Executive Chiarman of ValidSoft. I can guarantee you won't be disappointed! Here's the link: http://www.darkreading.com/radio.asp?webinar_id=162
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/17/2014 | 10:15:03 AM
Re: Breaches
There's never a perfect solution to any problem. But there's no doubt that we will have a lively discussion about where the retail industry is and where it is going on Wednesday on  Dark Reading radio. You've got a great lineup, Kelly. I'm excited for the discussion.... 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
11/14/2014 | 9:07:27 AM
Re: Breaches
I hear ya, @Bprince. Then I think of how we would worry about my grandpa carrying around wads of cash in his wallet--he didn't believe in credit cards and incurring debt. There's the physical security threat, which you rarely will get reimbursed for. No good answers here except due diligence and awareness, I suppose. Oh--and my never-use-debit rule. 
Bprince
50%
50%
Bprince,
User Rank: Ninja
11/14/2014 | 8:53:41 AM
Breaches
It's almost enough to make me want to carry around cash a lot more.
Microsoft Word Vuln Went Unnoticed for 17 Years: Report
Kelly Sheridan, Associate Editor, Dark Reading,  11/14/2017
Companies Blindly Believe They've Locked Down Users' Mobile Use
Dawn Kawamoto, Associate Editor, Dark Reading,  11/14/2017
121 Pieces of Malware Flagged on NSA Employee's Home Computer
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/16/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.