Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/13/2014
12:18 PM
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Retail Hacking: What To Expect This Holiday Season

Find out what retailers are doing (and not doing) to keep customers and transactions safe on Dark Reading Radio with guests with Nick Pelletier of Mandiant, and Arthur Tisi, CIO, Natural Markets Food Group.

Call it The Year of the Retail Breach.

It's been one year since Target suffered a massive data breach of 40 million customer credit and debit card numbers in an attack that rocked both the retail industry and consumer world. Target was only the beginning of what ultimately became a string of major hacks against big-name retailers that resulted in the theft of millions of customer payment card accounts. The list included Neiman Marcus, Michael's, Sally Beauty, P.F. Chang's, Dairy Queen, UPS, JimmyJohn's, Staples, and Home Depot, which all came clean this past year with breach disclosures. And it's very likely there are many more retailers that haven't yet disclosed attacks, as well as others that may not yet know.

Now that the holiday season is about to kick off both online and in brick-and-mortar stores, is yet another wave of attacks imminent? Not only is it prime shopping season, but it's also the time of year when retailers institute their annual "freeze" on new technology and some security patching to avoid disruption to their busiest and most lucrative revenue-generating time of the year, a strategy that could leave some stores even more at risk.

[After the Year of the Retail Breach, retail's annual holiday shopping season "freeze" on new technology and some security patching is just around the corner. Read Retailers Facing Intensified Cyberthreat This Holiday Season.]

Join us on Wednesday, November 19 at 1:00 p.m. ET (10:00 a.m. PT), when I will host the next episode of Dark Reading Radio, where we will explore the threats to holiday shoppers and retailers, and what retailers are doing (or not) to keep their systems and customers safe from cybercrime. My guests will be Nick Pelletier, senior consultant with Mandiant, who has conducted forensic investigations for retailers and other high-profile breach targets, and Arthur Tisi, co-founder and CEO at The Praescripto Group LLC, and former CIO for Natural Markets Food Group, who also serves as an advisor to the retail industry.

So register here now to listen to the broadcast next week. Have questions for our guests? Share them in the comments section below, or bring them along to the show. Both Nick and Arthur will join us in a live text chat following the broadcast, where you can ask them your burning questions about the upcoming holiday shopping cyberthreats.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ...
View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Ninja
11/14/2014 | 8:53:41 AM
Breaches
It's almost enough to make me want to carry around cash a lot more.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
11/14/2014 | 9:07:27 AM
Re: Breaches
I hear ya, @Bprince. Then I think of how we would worry about my grandpa carrying around wads of cash in his wallet--he didn't believe in credit cards and incurring debt. There's the physical security threat, which you rarely will get reimbursed for. No good answers here except due diligence and awareness, I suppose. Oh--and my never-use-debit rule. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/17/2014 | 10:15:03 AM
Re: Breaches
There's never a perfect solution to any problem. But there's no doubt that we will have a lively discussion about where the retail industry is and where it is going on Wednesday on  Dark Reading radio. You've got a great lineup, Kelly. I'm excited for the discussion.... 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
11/21/2014 | 8:26:36 AM
Missed the live DR Radio broadcast on retail hacking this holiday season? You're not too late..
Check out the radio broacast archive and chat transcript (including surpsise guest appearances in the chat room by Sean Mason, VP, Incident Response, Resolution1 Security  & Pat Carrol, Founder and Executive Chiarman of ValidSoft. I can guarantee you won't be disappointed! Here's the link: http://www.darkreading.com/radio.asp?webinar_id=162
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I can't find the back door.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21275
PUBLISHED: 2021-01-25
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of Medi...
CVE-2021-21272
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the ...
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting