SuperValu Food Stores Reports Network Intrusion

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

Kelly Jackson Higgins,
User Rank: Strategist
8/19/2014 | 2:41:07 PM

Re: betting on a breach

@Mike, that would definitely be the ideal scenario, but obviously not realistic to do overnight. There are Internet security efforts under way, of course, as well as secure software development initiatives. But it will always be a battle between good and evil.

That's not to say everyone can't raise the bar more, though. It is frustrating to see the same old, same old, breaches again and again.

Reply | Post Message | Messages List | Start a Board

mschelin917,
User Rank: Apprentice
8/19/2014 | 2:22:16 PM

Re: betting on a breach

Hello, This is my first time commenting. What do we expect. As an avid reader I see every industry being attacked and breached. Target didn't start this as attacks have been going on for years. Folks, my two cents are the following. It's time to start over. The internet, software, everything with Security baked in from the ground up. It's to easy to now and patches won't cut it. I know it's a radical idea but somethings got to change to make it harder for the bad guys. I'm sure there is going to be some of you that will flame me but do you have a better idea?

Mike

Reply | Post Message | Messages List | Start a Board

voltagesecurity,
User Rank: Apprentice
8/18/2014 | 3:12:09 PM

VP Mark Bower's solution to neutralise the risk of malware

As VP Product Management Mark Bower stated, "By now, every retailer is aware of the risks of malware in the POS, the impact, and the simple fact being compliant to PCI doesn't equate to mitigating advanced threats that no doubt again stole the gold in this case. The only way to neutralise the risk of malware in the point of sale (POS) systems is to avoid any sensitive data passing in and through the vulnerable POS or retail IT. Hundreds of thousands of merchants already do this today with proven approaches using the latest innovations in data-centric security and are able to brush off such attacks like water off a duck's back. These risks are totally avoidable – and at a fraction of the cost of the fallout from dealing with the consequences." – Voltage Security

Reply | Post Message | Messages List | Start a Board

ShermanK906,
User Rank: Apprentice
8/18/2014 | 2:25:48 PM

Re: another day...

My reaction was, "Wow, only a month had gone by before reporting it." Most companies seem to wait several months, if they ever report a breach. But that's a lot of people affected by that breach.

Reply | Post Message | Messages List | Start a Board

Kelly Jackson Higgins,
User Rank: Strategist
8/18/2014 | 9:24:07 AM

Re: another day...

We are continuing to report on this as SuperValu investigates what was exposed or stolen. Stay tuned for more coverage of this latest retail hack.

Reply | Post Message | Messages List | Start a Board

Bprince,
User Rank: Ninja
8/15/2014 | 8:54:45 PM

another day...

another breach. Interesting that a month goes by between the incident and the notification. I wonder when they found out about it and how?

BP

Reply | Post Message | Messages List | Start a Board

progman2000,
User Rank: Apprentice
8/15/2014 | 4:35:53 PM

Re: betting on a breach

Wow, glad I never stepped foot in a SuperValu. I have not interest in having to change all of my auto bill pay accounts again because some crummy hacker somewhere may have gotten my Visa number (thank you Target)...

Reply | Post Message | Messages List | Start a Board

Kelly Jackson Higgins,
User Rank: Strategist
8/15/2014 | 3:29:07 PM

betting on a breach

I would be shocked if there wasn't a breach of debit and credit-card data here. Not clear why they are being so cagey and cautious unless they were at risk of being outed about the intrusion, and wanted to get on top of the story. Either way, it's smart for SuperValu to start offering credit monitoring from the get-go.

Reply | Post Message | Messages List | Start a Board

Editors' Choice

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP, 7/9/2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Robert Lemos, Contributing Writer, 7/7/2021

It's in the Game (but It Shouldn't Be)

Tal Memran, Cybersecurity Expert, CYE, 7/9/2021

Live Events

Webinars

Emerging Cybersecurity Technologies - A Dark Reading Mar 23 Event

Black Hat USA - August 5-10 - Learn More

Black Hat Asia - May 9-12 - Learn More

More Informa Tech Live Events

White Papers

How Machine Learning, AI & Deep Learning Improve Cybersecurity

State of Email Security

Ransomware Resilience and Response: The Next-Generation

State of Ransomware Readiness: Facing the Reality Gap

How Hybrid Work Fuels Ransomware Attacks

More White Papers

Cartoon

Latest Comment: I've heard of people walking right out the front door with entire servers...

Cartoon Archive

Current Issue

The Promise and Reality of Cloud Security

Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Incident Readiness and Building Response Playbook

In this special report, learn the Xs and Os of any good security incident readiness and response playbook.

Download Now!

Battle for the Endpoint

0 comments

How Enterprises are Developing Secure Applications

0 comments

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2023-0534
PUBLISHED: 2023-01-27

A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file admin/expense_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to initiate the attack r...

CVE-2023-0529
PUBLISHED: 2023-01-27

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/add_payment.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely....

CVE-2023-0530
PUBLISHED: 2023-01-27

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/approve_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely...

CVE-2023-0531
PUBLISHED: 2023-01-27

A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/booking_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to launch the attack remotel...

CVE-2023-0532
PUBLISHED: 2023-01-27

A vulnerability classified as critical was found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/disapprove_user.php. The manipulation of the argument id leads to sql injection. The attack can be launche...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]