SuperValu Food Stores Reports Network Intrusion

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

Kelly Jackson Higgins,
User Rank: Strategist
8/19/2014 | 2:41:07 PM

Re: betting on a breach

@Mike, that would definitely be the ideal scenario, but obviously not realistic to do overnight. There are Internet security efforts under way, of course, as well as secure software development initiatives. But it will always be a battle between good and evil.

That's not to say everyone can't raise the bar more, though. It is frustrating to see the same old, same old, breaches again and again.

mschelin917,
User Rank: Apprentice
8/19/2014 | 2:22:16 PM

Re: betting on a breach

Hello, This is my first time commenting. What do we expect. As an avid reader I see every industry being attacked and breached. Target didn't start this as attacks have been going on for years. Folks, my two cents are the following. It's time to start over. The internet, software, everything with Security baked in from the ground up. It's to easy to now and patches won't cut it. I know it's a radical idea but somethings got to change to make it harder for the bad guys. I'm sure there is going to be some of you that will flame me but do you have a better idea?

Mike

voltagesecurity,
User Rank: Apprentice
8/18/2014 | 3:12:09 PM

VP Mark Bower's solution to neutralise the risk of malware

As VP Product Management Mark Bower stated, "By now, every retailer is aware of the risks of malware in the POS, the impact, and the simple fact being compliant to PCI doesn't equate to mitigating advanced threats that no doubt again stole the gold in this case. The only way to neutralise the risk of malware in the point of sale (POS) systems is to avoid any sensitive data passing in and through the vulnerable POS or retail IT. Hundreds of thousands of merchants already do this today with proven approaches using the latest innovations in data-centric security and are able to brush off such attacks like water off a duck's back. These risks are totally avoidable – and at a fraction of the cost of the fallout from dealing with the consequences." – Voltage Security

ShermanK906,
User Rank: Apprentice
8/18/2014 | 2:25:48 PM

Re: another day...

My reaction was, "Wow, only a month had gone by before reporting it." Most companies seem to wait several months, if they ever report a breach. But that's a lot of people affected by that breach.

Kelly Jackson Higgins,
User Rank: Strategist
8/18/2014 | 9:24:07 AM

Re: another day...

We are continuing to report on this as SuperValu investigates what was exposed or stolen. Stay tuned for more coverage of this latest retail hack.

Bprince,
User Rank: Ninja
8/15/2014 | 8:54:45 PM

another day...

another breach. Interesting that a month goes by between the incident and the notification. I wonder when they found out about it and how?

BP

progman2000,
User Rank: Apprentice
8/15/2014 | 4:35:53 PM

Re: betting on a breach

Wow, glad I never stepped foot in a SuperValu. I have not interest in having to change all of my auto bill pay accounts again because some crummy hacker somewhere may have gotten my Visa number (thank you Target)...

Kelly Jackson Higgins,
User Rank: Strategist
8/15/2014 | 3:29:07 PM

betting on a breach

I would be shocked if there wasn't a breach of debit and credit-card data here. Not clear why they are being so cagey and cautious unless they were at risk of being outed about the intrusion, and wanted to get on top of the story. Either way, it's smart for SuperValu to start offering credit monitoring from the get-go.

Editors' Choice

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP, 7/9/2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Robert Lemos, Contributing Writer, 7/7/2021

It's in the Game (but It Shouldn't Be)

Tal Memran, Cybersecurity Expert, CYE, 7/9/2021

Live Events

Webinars

Black Hat USA - August 5-10 - Learn More

Black Hat Asia - May 9-12 - Learn More

More Informa Tech Live Events

White Papers

The Relationship Between Security Maturity and Business Enablement

Causes and Consequences of IT and OT Convergence

IT/OT Convergence Enables Security Operations Synergies

Cloud Journey Migration Stage: Adaptive Cloud Security

Cloud Incident Response Datasheet

More White Papers

Cartoon

Latest Comment: I've heard of people walking right out the front door with entire servers...

Cartoon Archive

Current Issue

The 10 Most Impactful Types of Vulnerabilities for Enterprises Today

Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Incident Readiness and Building Response Playbook

In this special report, learn the Xs and Os of any good security incident readiness and response playbook.

Download Now!

Battle for the Endpoint

0 comments

How Enterprises are Developing Secure Applications

0 comments

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2023-1142
PUBLISHED: 2023-03-27

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.

CVE-2023-1143
PUBLISHED: 2023-03-27

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.

CVE-2023-1144
PUBLISHED: 2023-03-27

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.

CVE-2023-1145
PUBLISHED: 2023-03-27

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.

CVE-2023-1655
PUBLISHED: 2023-03-27

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]