Attacks/Breaches

11/13/2014
12:18 PM
Connect Directly
Google+
Twitter
RSS
E-Mail vvv
50%
50%

Retail Hacking: What To Expect This Holiday Season

Find out what retailers are doing (and not doing) to keep customers and transactions safe on Dark Reading Radio with guests with Nick Pelletier of Mandiant, and Arthur Tisi, CIO, Natural Markets Food Group.

Call it The Year of the Retail Breach.

It's been one year since Target suffered a massive data breach of 40 million customer credit and debit card numbers in an attack that rocked both the retail industry and consumer world. Target was only the beginning of what ultimately became a string of major hacks against big-name retailers that resulted in the theft of millions of customer payment card accounts. The list included Neiman Marcus, Michael's, Sally Beauty, P.F. Chang's, Dairy Queen, UPS, JimmyJohn's, Staples, and Home Depot, which all came clean this past year with breach disclosures. And it's very likely there are many more retailers that haven't yet disclosed attacks, as well as others that may not yet know.

Now that the holiday season is about to kick off both online and in brick-and-mortar stores, is yet another wave of attacks imminent? Not only is it prime shopping season, but it's also the time of year when retailers institute their annual "freeze" on new technology and some security patching to avoid disruption to their busiest and most lucrative revenue-generating time of the year, a strategy that could leave some stores even more at risk.

[After the Year of the Retail Breach, retail's annual holiday shopping season "freeze" on new technology and some security patching is just around the corner. Read Retailers Facing Intensified Cyberthreat This Holiday Season.]

Join us on Wednesday, November 19 at 1:00 p.m. ET (10:00 a.m. PT), when I will host the next episode of Dark Reading Radio, where we will explore the threats to holiday shoppers and retailers, and what retailers are doing (or not) to keep their systems and customers safe from cybercrime. My guests will be Nick Pelletier, senior consultant with Mandiant, who has conducted forensic investigations for retailers and other high-profile breach targets, and Arthur Tisi, co-founder and CEO at The Praescripto Group LLC, and former CIO for Natural Markets Food Group, who also serves as an advisor to the retail industry.

So register here now to listen to the broadcast next week. Have questions for our guests? Share them in the comments section below, or bring them along to the show. Both Nick and Arthur will join us in a live text chat following the broadcast, where you can ask them your burning questions about the upcoming holiday shopping cyberthreats.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/21/2014 | 8:26:36 AM
Missed the live DR Radio broadcast on retail hacking this holiday season? You're not too late..
Check out the radio broacast archive and chat transcript (including surpsise guest appearances in the chat room by Sean Mason, VP, Incident Response, Resolution1 Security  & Pat Carrol, Founder and Executive Chiarman of ValidSoft. I can guarantee you won't be disappointed! Here's the link: http://www.darkreading.com/radio.asp?webinar_id=162
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/17/2014 | 10:15:03 AM
Re: Breaches
There's never a perfect solution to any problem. But there's no doubt that we will have a lively discussion about where the retail industry is and where it is going on Wednesday on  Dark Reading radio. You've got a great lineup, Kelly. I'm excited for the discussion.... 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
11/14/2014 | 9:07:27 AM
Re: Breaches
I hear ya, @Bprince. Then I think of how we would worry about my grandpa carrying around wads of cash in his wallet--he didn't believe in credit cards and incurring debt. There's the physical security threat, which you rarely will get reimbursed for. No good answers here except due diligence and awareness, I suppose. Oh--and my never-use-debit rule. 
Bprince
50%
50%
Bprince,
User Rank: Ninja
11/14/2014 | 8:53:41 AM
Breaches
It's almost enough to make me want to carry around cash a lot more.
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: So now we are monitoring the monitor?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14623
PUBLISHED: 2018-12-14
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulne...
CVE-2018-18093
PUBLISHED: 2018-12-14
Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access.
CVE-2018-18096
PUBLISHED: 2018-12-14
Improper memory handling in Intel QuickAssist Technology for Linux (all versions) may allow an authenticated user to potentially enable a denial of service via local access.
CVE-2018-18097
PUBLISHED: 2018-12-14
Improper directory permissions in Intel Solid State Drive Toolbox before 3.5.7 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2018-3704
PUBLISHED: 2018-12-14
Improper directory permissions in the installer for the Intel Parallel Studio before 2019 Gold may allow authenticated users to potentially enable an escalation of privilege via local access.