Attacks/Breaches

11/13/2014
12:18 PM
Connect Directly
Google+
Twitter
RSS
E-Mail vvv
50%
50%

Retail Hacking: What To Expect This Holiday Season

Find out what retailers are doing (and not doing) to keep customers and transactions safe on Dark Reading Radio with guests with Nick Pelletier of Mandiant, and Arthur Tisi, CIO, Natural Markets Food Group.

Call it The Year of the Retail Breach.

It's been one year since Target suffered a massive data breach of 40 million customer credit and debit card numbers in an attack that rocked both the retail industry and consumer world. Target was only the beginning of what ultimately became a string of major hacks against big-name retailers that resulted in the theft of millions of customer payment card accounts. The list included Neiman Marcus, Michael's, Sally Beauty, P.F. Chang's, Dairy Queen, UPS, JimmyJohn's, Staples, and Home Depot, which all came clean this past year with breach disclosures. And it's very likely there are many more retailers that haven't yet disclosed attacks, as well as others that may not yet know.

Now that the holiday season is about to kick off both online and in brick-and-mortar stores, is yet another wave of attacks imminent? Not only is it prime shopping season, but it's also the time of year when retailers institute their annual "freeze" on new technology and some security patching to avoid disruption to their busiest and most lucrative revenue-generating time of the year, a strategy that could leave some stores even more at risk.

[After the Year of the Retail Breach, retail's annual holiday shopping season "freeze" on new technology and some security patching is just around the corner. Read Retailers Facing Intensified Cyberthreat This Holiday Season.]

Join us on Wednesday, November 19 at 1:00 p.m. ET (10:00 a.m. PT), when I will host the next episode of Dark Reading Radio, where we will explore the threats to holiday shoppers and retailers, and what retailers are doing (or not) to keep their systems and customers safe from cybercrime. My guests will be Nick Pelletier, senior consultant with Mandiant, who has conducted forensic investigations for retailers and other high-profile breach targets, and Arthur Tisi, co-founder and CEO at The Praescripto Group LLC, and former CIO for Natural Markets Food Group, who also serves as an advisor to the retail industry.

So register here now to listen to the broadcast next week. Have questions for our guests? Share them in the comments section below, or bring them along to the show. Both Nick and Arthur will join us in a live text chat following the broadcast, where you can ask them your burning questions about the upcoming holiday shopping cyberthreats.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/21/2014 | 8:26:36 AM
Missed the live DR Radio broadcast on retail hacking this holiday season? You're not too late..
Check out the radio broacast archive and chat transcript (including surpsise guest appearances in the chat room by Sean Mason, VP, Incident Response, Resolution1 Security  & Pat Carrol, Founder and Executive Chiarman of ValidSoft. I can guarantee you won't be disappointed! Here's the link: http://www.darkreading.com/radio.asp?webinar_id=162
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/17/2014 | 10:15:03 AM
Re: Breaches
There's never a perfect solution to any problem. But there's no doubt that we will have a lively discussion about where the retail industry is and where it is going on Wednesday on  Dark Reading radio. You've got a great lineup, Kelly. I'm excited for the discussion.... 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
11/14/2014 | 9:07:27 AM
Re: Breaches
I hear ya, @Bprince. Then I think of how we would worry about my grandpa carrying around wads of cash in his wallet--he didn't believe in credit cards and incurring debt. There's the physical security threat, which you rarely will get reimbursed for. No good answers here except due diligence and awareness, I suppose. Oh--and my never-use-debit rule. 
Bprince
50%
50%
Bprince,
User Rank: Ninja
11/14/2014 | 8:53:41 AM
Breaches
It's almost enough to make me want to carry around cash a lot more.
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/13/2018
10 Ways to Protect Protocols That Aren't DNS
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/16/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10869
PUBLISHED: 2018-07-19
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.
CVE-2018-10870
PUBLISHED: 2018-07-19
redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.
CVE-2018-12959
PUBLISHED: 2018-07-19
The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account).
CVE-2018-14336
PUBLISHED: 2018-07-19
TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.
CVE-2018-10620
PUBLISHED: 2018-07-19
AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code t...