Attacks/Breaches

11/13/2014
12:18 PM
Connect Directly
Google+
Twitter
RSS
E-Mail vvv
50%
50%

Retail Hacking: What To Expect This Holiday Season

Find out what retailers are doing (and not doing) to keep customers and transactions safe on Dark Reading Radio with guests with Nick Pelletier of Mandiant, and Arthur Tisi, CIO, Natural Markets Food Group.

Call it The Year of the Retail Breach.

It's been one year since Target suffered a massive data breach of 40 million customer credit and debit card numbers in an attack that rocked both the retail industry and consumer world. Target was only the beginning of what ultimately became a string of major hacks against big-name retailers that resulted in the theft of millions of customer payment card accounts. The list included Neiman Marcus, Michael's, Sally Beauty, P.F. Chang's, Dairy Queen, UPS, JimmyJohn's, Staples, and Home Depot, which all came clean this past year with breach disclosures. And it's very likely there are many more retailers that haven't yet disclosed attacks, as well as others that may not yet know.

Now that the holiday season is about to kick off both online and in brick-and-mortar stores, is yet another wave of attacks imminent? Not only is it prime shopping season, but it's also the time of year when retailers institute their annual "freeze" on new technology and some security patching to avoid disruption to their busiest and most lucrative revenue-generating time of the year, a strategy that could leave some stores even more at risk.

[After the Year of the Retail Breach, retail's annual holiday shopping season "freeze" on new technology and some security patching is just around the corner. Read Retailers Facing Intensified Cyberthreat This Holiday Season.]

Join us on Wednesday, November 19 at 1:00 p.m. ET (10:00 a.m. PT), when I will host the next episode of Dark Reading Radio, where we will explore the threats to holiday shoppers and retailers, and what retailers are doing (or not) to keep their systems and customers safe from cybercrime. My guests will be Nick Pelletier, senior consultant with Mandiant, who has conducted forensic investigations for retailers and other high-profile breach targets, and Arthur Tisi, co-founder and CEO at The Praescripto Group LLC, and former CIO for Natural Markets Food Group, who also serves as an advisor to the retail industry.

So register here now to listen to the broadcast next week. Have questions for our guests? Share them in the comments section below, or bring them along to the show. Both Nick and Arthur will join us in a live text chat following the broadcast, where you can ask them your burning questions about the upcoming holiday shopping cyberthreats.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/21/2014 | 8:26:36 AM
Missed the live DR Radio broadcast on retail hacking this holiday season? You're not too late..
Check out the radio broacast archive and chat transcript (including surpsise guest appearances in the chat room by Sean Mason, VP, Incident Response, Resolution1 Security  & Pat Carrol, Founder and Executive Chiarman of ValidSoft. I can guarantee you won't be disappointed! Here's the link: http://www.darkreading.com/radio.asp?webinar_id=162
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/17/2014 | 10:15:03 AM
Re: Breaches
There's never a perfect solution to any problem. But there's no doubt that we will have a lively discussion about where the retail industry is and where it is going on Wednesday on  Dark Reading radio. You've got a great lineup, Kelly. I'm excited for the discussion.... 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
11/14/2014 | 9:07:27 AM
Re: Breaches
I hear ya, @Bprince. Then I think of how we would worry about my grandpa carrying around wads of cash in his wallet--he didn't believe in credit cards and incurring debt. There's the physical security threat, which you rarely will get reimbursed for. No good answers here except due diligence and awareness, I suppose. Oh--and my never-use-debit rule. 
Bprince
50%
50%
Bprince,
User Rank: Ninja
11/14/2014 | 8:53:41 AM
Breaches
It's almost enough to make me want to carry around cash a lot more.
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Are you sure this is how we get our data into the cloud?
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-8298
PUBLISHED: 2018-09-24
Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or the (5) rxtec cookie to index.htm.
CVE-2018-14825
PUBLISHED: 2018-09-24
A skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges. This could enable the attacker to obtain access to keystrokes, passwords, personal identifiable...
CVE-2018-17437
PUBLISHED: 2018-09-24
Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
CVE-2018-17438
PUBLISHED: 2018-09-24
A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVE-2018-17439
PUBLISHED: 2018-09-24
An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file.