SuperValu Food Stores Reports Network Intrusion

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

Kelly Jackson Higgins,
User Rank: Strategist
8/19/2014 | 2:41:07 PM

Re: betting on a breach

@Mike, that would definitely be the ideal scenario, but obviously not realistic to do overnight. There are Internet security efforts under way, of course, as well as secure software development initiatives. But it will always be a battle between good and evil.

That's not to say everyone can't raise the bar more, though. It is frustrating to see the same old, same old, breaches again and again.

mschelin917,
User Rank: Apprentice
8/19/2014 | 2:22:16 PM

Re: betting on a breach

Hello, This is my first time commenting. What do we expect. As an avid reader I see every industry being attacked and breached. Target didn't start this as attacks have been going on for years. Folks, my two cents are the following. It's time to start over. The internet, software, everything with Security baked in from the ground up. It's to easy to now and patches won't cut it. I know it's a radical idea but somethings got to change to make it harder for the bad guys. I'm sure there is going to be some of you that will flame me but do you have a better idea?

Mike

voltagesecurity,
User Rank: Apprentice
8/18/2014 | 3:12:09 PM

VP Mark Bower's solution to neutralise the risk of malware

As VP Product Management Mark Bower stated, "By now, every retailer is aware of the risks of malware in the POS, the impact, and the simple fact being compliant to PCI doesn't equate to mitigating advanced threats that no doubt again stole the gold in this case. The only way to neutralise the risk of malware in the point of sale (POS) systems is to avoid any sensitive data passing in and through the vulnerable POS or retail IT. Hundreds of thousands of merchants already do this today with proven approaches using the latest innovations in data-centric security and are able to brush off such attacks like water off a duck's back. These risks are totally avoidable – and at a fraction of the cost of the fallout from dealing with the consequences." – Voltage Security

ShermanK906,
User Rank: Apprentice
8/18/2014 | 2:25:48 PM

Re: another day...

My reaction was, "Wow, only a month had gone by before reporting it." Most companies seem to wait several months, if they ever report a breach. But that's a lot of people affected by that breach.

Kelly Jackson Higgins,
User Rank: Strategist
8/18/2014 | 9:24:07 AM

Re: another day...

We are continuing to report on this as SuperValu investigates what was exposed or stolen. Stay tuned for more coverage of this latest retail hack.

Bprince,
User Rank: Ninja
8/15/2014 | 8:54:45 PM

another day...

another breach. Interesting that a month goes by between the incident and the notification. I wonder when they found out about it and how?

BP

progman2000,
User Rank: Apprentice
8/15/2014 | 4:35:53 PM

Re: betting on a breach

Wow, glad I never stepped foot in a SuperValu. I have not interest in having to change all of my auto bill pay accounts again because some crummy hacker somewhere may have gotten my Visa number (thank you Target)...

Kelly Jackson Higgins,
User Rank: Strategist
8/15/2014 | 3:29:07 PM

betting on a breach

I would be shocked if there wasn't a breach of debit and credit-card data here. Not clear why they are being so cagey and cautious unless they were at risk of being outed about the intrusion, and wanted to get on top of the story. Either way, it's smart for SuperValu to start offering credit monitoring from the get-go.

Editors' Choice

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP, 7/9/2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Robert Lemos, Contributing Writer, 7/7/2021

It's in the Game (but It Shouldn't Be)

Tal Memran, Cybersecurity Expert, CYE, 7/9/2021

Live Events

Webinars

SecTor - Canada's IT Security Conference Oct 23-26 - Learn More

Anatomy of a Data Breach - A Dark Reading June 22 Event

Black Hat USA - August 5-10 - Learn More

More Informa Tech Live Events

White Papers

Invicti AppSec Indicator: Tuning Out the AppSec Noise is All About DAST

Proof-Based Scanning: No noise, just facts

AppSec Best Practices: Where Speed, Security, and Innovation Meet in the Middle

A Buyer's Guide to Securing Privileged Access

2023 Global Future of Cyber Report

More White Papers

Cartoon

Latest Comment: I've heard of people walking right out the front door with entire servers...

Cartoon Archive

Current Issue

Everything You Need to Know About DNS Attacks

It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Incident Readiness and Building Response Playbook

In this special report, learn the Xs and Os of any good security incident readiness and response playbook.

Download Now!

Battle for the Endpoint

0 comments

How Enterprises are Developing Secure Applications

0 comments

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2023-33196
PUBLISHED: 2023-05-26

Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.

CVE-2023-33185
PUBLISHED: 2023-05-26

Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...

CVE-2023-33187
PUBLISHED: 2023-05-26

Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...

CVE-2023-33194
PUBLISHED: 2023-05-26

Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didnâ€™t fix it when clicking save. This issue was...

CVE-2023-2879
PUBLISHED: 2023-05-26

GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]