SuperValu Food Stores Reports Network Intrusion

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

Kelly Jackson Higgins,
User Rank: Strategist
8/19/2014 | 2:41:07 PM

Re: betting on a breach

@Mike, that would definitely be the ideal scenario, but obviously not realistic to do overnight. There are Internet security efforts under way, of course, as well as secure software development initiatives. But it will always be a battle between good and evil.

That's not to say everyone can't raise the bar more, though. It is frustrating to see the same old, same old, breaches again and again.

Reply | Post Message | Messages List | Start a Board

mschelin917,
User Rank: Apprentice
8/19/2014 | 2:22:16 PM

Re: betting on a breach

Hello, This is my first time commenting. What do we expect. As an avid reader I see every industry being attacked and breached. Target didn't start this as attacks have been going on for years. Folks, my two cents are the following. It's time to start over. The internet, software, everything with Security baked in from the ground up. It's to easy to now and patches won't cut it. I know it's a radical idea but somethings got to change to make it harder for the bad guys. I'm sure there is going to be some of you that will flame me but do you have a better idea?

Mike

Reply | Post Message | Messages List | Start a Board

voltagesecurity,
User Rank: Apprentice
8/18/2014 | 3:12:09 PM

VP Mark Bower's solution to neutralise the risk of malware

As VP Product Management Mark Bower stated, "By now, every retailer is aware of the risks of malware in the POS, the impact, and the simple fact being compliant to PCI doesn't equate to mitigating advanced threats that no doubt again stole the gold in this case. The only way to neutralise the risk of malware in the point of sale (POS) systems is to avoid any sensitive data passing in and through the vulnerable POS or retail IT. Hundreds of thousands of merchants already do this today with proven approaches using the latest innovations in data-centric security and are able to brush off such attacks like water off a duck's back. These risks are totally avoidable – and at a fraction of the cost of the fallout from dealing with the consequences." – Voltage Security

Reply | Post Message | Messages List | Start a Board

ShermanK906,
User Rank: Apprentice
8/18/2014 | 2:25:48 PM

Re: another day...

My reaction was, "Wow, only a month had gone by before reporting it." Most companies seem to wait several months, if they ever report a breach. But that's a lot of people affected by that breach.

Reply | Post Message | Messages List | Start a Board

Kelly Jackson Higgins,
User Rank: Strategist
8/18/2014 | 9:24:07 AM

Re: another day...

We are continuing to report on this as SuperValu investigates what was exposed or stolen. Stay tuned for more coverage of this latest retail hack.

Reply | Post Message | Messages List | Start a Board

Bprince,
User Rank: Ninja
8/15/2014 | 8:54:45 PM

another day...

another breach. Interesting that a month goes by between the incident and the notification. I wonder when they found out about it and how?

BP

Reply | Post Message | Messages List | Start a Board

progman2000,
User Rank: Apprentice
8/15/2014 | 4:35:53 PM

Re: betting on a breach

Wow, glad I never stepped foot in a SuperValu. I have not interest in having to change all of my auto bill pay accounts again because some crummy hacker somewhere may have gotten my Visa number (thank you Target)...

Reply | Post Message | Messages List | Start a Board

Kelly Jackson Higgins,
User Rank: Strategist
8/15/2014 | 3:29:07 PM

betting on a breach

I would be shocked if there wasn't a breach of debit and credit-card data here. Not clear why they are being so cagey and cautious unless they were at risk of being outed about the intrusion, and wanted to get on top of the story. Either way, it's smart for SuperValu to start offering credit monitoring from the get-go.

Reply | Post Message | Messages List | Start a Board

Editors' Choice

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP, 7/9/2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Robert Lemos, Contributing Writer, 7/7/2021

It's in the Game (but It Shouldn't Be)

Tal Memran, Cybersecurity Expert, CYE, 7/9/2021

Live Events

Webinars

Black Hat Europe - December 5-8 - Learn More

Black Hat Middle East & Africa - November 15-17 - Learn More

SecTor - Canada's IT Security Conference Oct 1-6 - Learn More

More Informa Tech Live Events

White Papers

Implementing Zero Trust In Your Enterprise: How to Get Started

Incorporating a Prevention Mindset into Threat Detection and Response

Eight Best Practices for a Data-Driven Approach to Cloud Migration

Gartner, Quick Answer: How Can Organizations Use DNS to Improve Their Security Posture?

The Many Risks of Modern Application Development

More White Papers

Cartoon

Latest Comment: I've heard of people walking right out the front door with entire servers...

Cartoon Archive

Current Issue

Black Hat USA 2022 Attendee Report

Black Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Incident Readiness and Building Response Playbook

In this special report, learn the Xs and Os of any good security incident readiness and response playbook.

Download Now!

Battle for the Endpoint

0 comments

How Enterprises are Developing Secure Applications

0 comments

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2022-38193
PUBLISHED: 2022-08-16

There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution in a victims browser.

CVE-2022-38194
PUBLISHED: 2022-08-16

In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file.

CVE-2022-38192
PUBLISHED: 2022-08-16

A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the userÃ¢â&sbquo;¬â&b...

CVE-2022-38362
PUBLISHED: 2022-08-16

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.

CVE-2022-30264
PUBLISHED: 2022-08-16

The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol (4000/TCP, 5000/TCP) for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer files to and from the fl...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]