Daniel Stori’s Turnoff.US: ‘Stranger Things – In The Sysadmin’s World’
via the inimitable Daniel Stori at Turnoff.US!
The post Daniel Stori’s Turnoff.US: ‘Stranger Things – In The Sysadmin’s World’ appeared first on Security Boulevard.
via the inimitable Daniel Stori at Turnoff.US!
The post Daniel Stori’s Turnoff.US: ‘Stranger Things – In The Sysadmin’s World’ appeared first on Security Boulevard.
In this episode, Paul Asadorian, Larry Pesce, and Evan Dornbush delve into the recent Sophos reports on threat actors, particularly focusing on the Pacific Rim case. They discuss the implications of the findings, including the tactics used by attackers, the vulnerabilities in network devices, and the challenges of securing appliances. The conversation also highlights the […]
The post BTS #41 - Pacific Rim appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.
The post BTS #41 – Pacific Rim appeared first on Security Boulevard.
That’s a lot of pain: $125,000 ransom seems small—but why do the scrotes want it paid in baguettes?
The post Schneider Electric Confirms Ransom Hack — Hellcat Demands French Bread as ‘Joke’ appeared first on Security Boulevard.
Building positive relationships, sharing knowledge effectively, and making security "cool" are some of the most worthwhile security pursuits.
The post Security Culture: The Best Tool Money Can’t Buy appeared first on Security Boulevard.
A new report by the former SafeBreach researcher Alon Leviev is raising alarms about the risks posed by downgrade attacks on Microsoft Windows. In a blog post, Leviev, who now works for Microsoft, explained that his latest bypass could allow a malicious actor to load unsigned kernel drivers on a fully patched Windows system. Those could then be used to disable security features, deploy and disguise malicious code and processes, and so on.
The post Downgrade attacks open patched systems to malware appeared first on Security Boulevard.
Interpol, other law enforcement agencies, and cybersecurity firms teamed up for Operation Synergia II, shutting down 22,000 malicious servers that supported ransomware, phishing, and other attacks and arresting 41 people connected to the cybercrime campaigns.
The post Interpol Operation Shuts Down 22,000 Malicious Servers appeared first on Security Boulevard.
Authors/Presenters: Romain Cayre, Damien Cauquil
Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.
The post DEF CON 32 – 1 for All, All For WHAD: Wireless Shenanigans Made Easy appeared first on Security Boulevard.
Holiday Shopping Readiness: How is Retail Data Security Holding Up?
madhav
Wed, 11/06/2024 - 05:30
The 2024 holiday season is here. Retailers have been prepping for this season all year and are ready to provide a safe, secure, and seamless customer shopping experience.
According to the National Retail Federation (NFR), retail sales during 2024 will grow between 2.5% and 3.5% from 2023 to between $5.23 trillion and $5.28 trillion. In preparation for fluctuating consumer demand and competitive pressures, retailers must continuously innovate to meet customers’ needs, provide exceptional shopping experiences, and drive customer engagement and retention.
Merchants are well aware that shoppers are becoming more intentional about their holiday spending and cautious about where they shop. Consumers are guarding their privacy more than ever. Any operational downtime or even worse data loss due to a data breach could significantly impact customer loyalty and their highly anticipated holiday season revenues.
During the holiday season, retailers experience a significant surge in transactions, both online and in-store. This flux creates a prime opportunity for cybercriminals to target sensitive customer information. Vendors’ attention is increasingly fragmented across various data-collecting and transactional platforms. As if things were not difficult enough, data collection in more states and countries is becoming stricter, with increased consumer protection laws leaving retailers applying tighter data privacy to their digital platforms.
To stay agile and maximize every sales opportunity, retailers rely on third-party cloud-managed computing environments and third-party SaaS services to enable real-time access to data, facilitate operational monitoring, and improve the efficiency of store management. Cloud technology has significantly transformed the retail industry, addressing various business needs such as reducing infrastructure costs, and managing resources. Cloud services offer security mechanisms to protect against cyber threats, however, data security challenges in the cloud remain relevant and require special attention. Retailers are very familiar with the risks and consequences of data breaches, with attacks occurring as far back as a decade ago and continuing to target retailers to this day.
According to a recent study, the average cost of a retail data breach in 2024 is reported to be $3.48 million, representing an 18% increase compared to the previous year in 2023. The 18% increase from 2023 is likely due to factors such as rising business disruption costs, post-breach response expenses, and regulatory fines.1
The industry is seeing data breaches becoming more common and severe, with attackers adopting approaches that maximize their impact, leading to higher recovery costs. Cybercriminals are using sophisticated tactics, including AI-driven attacks, to exploit weaknesses that necessitate businesses to invest in advanced protection mechanisms and incident response capabilities to counteract these threats.
The human element risk cannot be understated.
In 2023, 74% of all breaches include the human element, meaning people were involved through mistakes, misuse of privileges, use of stolen credentials, or social engineering tactics. 83% of breaches involved external actors, and the primary motivation for attacks continues to be overwhelmingly financially driven, at 95% of breaches. source: 2023 Data Breach Investigations Report Retail Snapshot
Protecting credit card data
Retailers handling credit and debit card transactions must comply with the Payment Card Industry Data Security Standard (PCI DSS). This includes requirements for secure processing, storage, and transmission of cardholder data. Retailers must prioritize the protection of sensitive customer data, including credit card information, across all systems—from physical stores to back-end processing. Achieving PCI compliance is essential. This season, the motivation for enhancing data security and improving compliance is driven by the new requirements of PCI 4.0. Retailers may need to undergo additional audits and assessments to ensure compliance with data protection laws and regulations.
Supply chain attacks
Retailers are part of a complex global supply chain, where breaches at suppliers can also impact their operations. In these attacks, cyber criminals target vulnerable third-party suppliers or partners to gain access to a retailer’s systems. The supply chains can be thrown into chaos, leading to production delays and lost revenue during the peak shopping season. Since retailers often rely on a complex web of suppliers, a breach at one supplier can have a cascading effect across the entire shopping and supply line. If the supplier is temporarily unable to fulfill orders due to a breach, this can halt production and lead to stock shortages, impacting retailers’ ability to meet customer demand. Retailers may be prompted to reevaluate their supplier relationships, increasing scrutiny of their security practices to assess overall supply chain resilience.
Interconnectedness of systems
Interconnectedness makes the retail sector particularly susceptible to large-scale attacks. The increasing interconnectedness of systems due to the digitalized environment has greatly expanded the attack surface. IoT devices and connected systems allow for real-time monitoring and control, but they also introduce vulnerabilities if not properly secured. This blurring of the lines between IT and OT makes it easier for attackers to infiltrate systems and cause widespread disruption. This interconnected risk elevates overall costs as comprehensive security measures involve multiple stakeholders.
Organizations must prioritize understanding their interconnected systems. IT and security teams must regularly update security measures, conduct risk assessments, and adopt a proactive and layered security approach to minimize vulnerabilities. Retailers can better mitigate the potential impacts of data breaches by proactively addressing these risks through strong supplier management, effective communication, and security training.
Ransomware attacks
In today's hostile cybercrime environment, baseline security measures are not enough to guard your business against zero-day ransomware attacks. Retailers must safeguard their critical business assets with a multi-layered security approach that includes active monitoring, advanced data protection, and dependable remediation.
As reported in the 2024 Thales Data Threat Report, ransomware attacks are more common with 28% of survey takers experiencing an attack (up from 22% last year).
As cybercriminals adopt increasingly sophisticated tactics, it is essential to invest in advanced protection measures and incident response capabilities. This will help counteract threats effectively. Following a structured detection and response plan is crucial to mitigate damage and ensure a successful recovery.
Thales Data Security Solutions for RetailGain complete visibility
Thales data security solutions provide unified visibility into all data repositories that are part of the organization’s architecture. This includes legacy repositories deep in the architecture and new ones, in on-premises and cloud-managed environments. Even data repositories that you don’t know exist yet. When you have that level of visibility, you can evaluate vulnerabilities, figure out who should have privileged access to the repositories and why, and then optimize your detection and response process to deal with potential breaches.
Optimize staff and resource efficiency
Thales delivers the broadest support of data security for retail use cases with products designed to work together, a single line to global support, a proven track record protecting from evolving threats, and the largest ecosystem of data security partnerships in the industry. Thales solutions provide ease of use, APIs for automation, and responsive teams to support your staff quickly deploy, secure, and monitor the protection of your business. In addition, our Professional Services and partners are available for design, implementation, and training assistance to ensure fast and reliable implementations with the least amount of your staff’s time.
Reduce total cost of ownership
The Thales delivers a comprehensive set of data security solutions and capabilities that easily scale and expand into new use cases. With Thales, you can future-proof your investments while reducing operational costs and capital expenditures.
Fine-tuning data security capabilities
Thales enables retailers to improve competitive advantages by accelerating transformation while reducing risk of data breach, complexity, and cost.
1. Improve security and resilience: Automate and streamline data protection and key management across cloud, hybrid, and on-premises systems.
2. Reduce risk, complexity, and cost: Simplify compliance and minimize reputational and operational risk with centralized data security governance.
3. Accelerate digital transformation: Increase customer satisfaction by adopting innovations, such as IoT, cloud, and Big Data, faster with a framework for a zero-trust world
4. Strengthen security and compliance: Thales data security products and solutions address the demands of a range of security and privacy mandates, including the electronic IDentification, Authentication and trust Services (eIDAS) regulation, Payment Card Industry Data Security Standard (PCI DSS), the General Data Protection Regulation (GDPR), and more.
5. Protect credit card data: Thales Data Security Platforms – CipherTrust and Data Security Fabric –protect credit card data captured at stores, as well as in data centers and databases in the back-end. Ciphertrust Transparent Encryption with centralized key management for third-party security solutions across cloud, hybrid, and on-premises environments. Data Security Fabric helps retailers monitor access to sensitive data and block unauthorized access.
6. Efficient transaction security: For retail payment processing environments, payment applications and PIN processing is accomplished with payShield payment HSMs.
7. Root-of-trust: Thales Luna Hardware Security Modules provided root-of-trust for encryption keys and PKI-based use cases.
8. Minimize the threat of data breach: De-identifying all sensitive data in all new environments and legacy platforms, including partners and suppliers Centralize access management and multi-factor authentication with single sign-on to all IaaS, PaaS, SaaS, and on-premises platforms
9. Continuously performing data discovery and classification: Locating sensitive personal data is a great way to maintain an enterprise-grade data security strategy and eliminate bad practices inside on-premises, hybrid, and cloud-managed environments.
10. Automate data protection with centralized policy-based enforcement: from a single pane of glass for structured, semi-structured, and unstructured data.
11. Transform your ransomware protection plan: Maintain an active security posture and create the ultimate line of defense for your business-critical data with CipherTrust Transparent Encryption Ransomware Protection.
12. Detect suspicious activity in real-time: Prevent attacks with real-time data activity and I/O monitoring, data-at-rest encryption, fine-grained access control, and trusted application list capabilities. With Data Security Fabric’s data risk analytics capabilities, staff can leverage machine learning/AI-driven advance threat detection to identify suspicious data access and prioritize threats, enabling staff to focus on high-risk incidents.
Shop Securely this Holiday Season
The combination of regulatory pressures, technological advancements, and a challenging threat landscape significantly increases the costs for retailers to prevent data breaches. To manage these expenses, retailers need to take a proactive approach to cybersecurity, focusing on data visibility, threat prevention, and risk management. This holiday season, keep in mind that improving your data security can enhance the post-holiday purchasing experience, leading to better customer retention, repeat business, and brand advocacy.
1 2024 IBM "Cost of a Data Breach Report
Data Security Compliance Access Control Cloud Security Regulation and compliance Lynne Murray | Director of Product Marketing for Data Security
More About This Author >
Schema
{
"@context": "https://schema.org",
"@type": "BlogPosting",
"headline": "Holiday Shopping Readiness: How is Retail Data Security Holding Up?",
"description": "Explore the data security challenges faced by retailers during the holiday season and learn about essential strategies to protect sensitive customer information, ensure compliance, and manage risks in the retail environment.",
"datePublished": "2024-11-06",
"author": {
"@type": "Person",
"name": "Lynne Murray",
"url": "https://cpl.thalesgroup.com/blog/author/lmurray"
},
"publisher": {
"@type": "Organization",
"name": "Thales Group",
"description": "The world relies on Thales to protect and secure access to your most sensitive data and software wherever it is created, shared, or stored. Whether building an encryption strategy, licensing software, providing trusted access to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.",
"url": "https://cpl.thalesgroup.com",
"logo": "https://cpl.thalesgroup.com/sites/default/files/content/footer/thaleslogo-white.png",
"sameAs": [
"https://www.facebook.com/ThalesCloudSec",
"https://www.twitter.com/ThalesCloudSec",
"https://www.linkedin.com/company/thalescloudsec",
"https://www.youtube.com/ThalesCloudSec"
]
},
"mainEntityOfPage": "https://cpl.thalesgroup.com/blog/data-security/retail-data-security-holiday-readiness"
}
The post Holiday Shopping Readiness: How is Retail Data Security Holding Up? appeared first on Security Boulevard.
A Canadian resident, Alexander “Connor” Moucka, was arrested by Canadian law enforcement at the request of the United States for allegedly stealing sensitive data of myriad corporations like AT&T and Santander Bank that were stored in Snowflake's cloud systems and exposed during a breach.
The post Canadian Man Accused of Snowflake Data Breach Arrested appeared first on Security Boulevard.
Overview Assura, Inc. has been made aware of this attack pattern, has taken steps to detect it in our managed services, and is following the attack in the blogs of security researchers who found this campaign. A recent phishing attack campaign has attackers installing a virtual machine (VM) on your Windows system, prebuilt with backdoors… Continue reading Phishing Campaign Installs Backdoor-Loaded VM to Evade Antivirus and Harvest Credentials
The post Phishing Campaign Installs Backdoor-Loaded VM to Evade Antivirus and Harvest Credentials appeared first on Assura, Inc..
The post Phishing Campaign Installs Backdoor-Loaded VM to Evade Antivirus and Harvest Credentials appeared first on Security Boulevard.
From startups to global enterprises, every organization is a potential cyberattack target in today’s interconnected business environment. According to Verizon’s 2024 Data Breach Report, in 2024, vulnerability exploitation experienced 180% growth vs 2023. Finding a comprehensive cybersecurity checklist to address these growing needs can feel like a daunting task. The fallout of a cyber incident...
The post The Ultimate Cybersecurity Checklist for Protecting Your Business appeared first on Hyperproof.
The post The Ultimate Cybersecurity Checklist for Protecting Your Business appeared first on Security Boulevard.
Authors/Presenters: Dennis Giese, braelynn
Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.
The post DEF CON 32 – Open Sesame: How Vulnerable Is Your Stuff In Electronic Lockers appeared first on Security Boulevard.
As part of Team Cymru's mission to Save and Improve Human Lives, we were honored to be invited again to support INTERPOL with Operation...
The post Team Cymru Supports INTERPOL’s Operation Synergia II to Dismantle 22,000 Cybercrime Servers appeared first on Security Boulevard.
AI in SaaS is unavoidable. The top half of ServiceNow’s homepage is dedicated to putting AI to work. Salesforce has 17 mentions of AI or Einstein on its homepage. Copilot dominates the homepage banner for Microsoft, while GitHub touts itself as “the world’s leading AI-powered developer platform. Make no mistake; AI is transformative. Its […]
The post CISA Unveils Guidelines to Combat AI-Driven Cyber Threats appeared first on Adaptive Shield.
The post CISA Unveils Guidelines to Combat AI-Driven Cyber Threats appeared first on Security Boulevard.
via the comic humor & dry wit of Randall Munroe, creator of XKCD
The post Randall Munroe’s XKCD ‘Demons’ appeared first on Security Boulevard.
Fortinet has added a data loss prevention (DLP) platform to its portfolio that is based on the technology it gained with the acquisition of Next DLP earlier this year.
The post Fortinet Adds Data Loss Prevention Capability Following Acquisition of Next DLP appeared first on Security Boulevard.
As the 2024 U.S. presidential election takes place, cybersecurity analysts are on high alert, warning of voter database leaks. They are warning of an increasingly complex landscape that could jeopardize voter data security and election integrity due to voter database leaks. The face-off between Kamala Harris and Donald Trump has intensified the focus on ensuring …
The post Potential Cybersecurity Threats to the 2024 U.S. Election: Voter Database Leaks appeared first on Security Boulevard.
In today’s digital landscape, protecting your identity from real-time threats is more critical than ever. As a cybersecurity expert, I’ve seen an evolving spectrum of threats that go far beyond traditional identity theft. From classic dark web doxing to the advent of fullz—full identity kits sold for a few dollars—threat actors are leveraging these methods …
The post The Future of Identity Protection: Real-Time Threats and Scams appeared first on Security Boulevard.
Google researchers behind the vendor's Big Sleep project used the LLM-based AI agent to detect a security flaw in SQLite, illustrating the value the emerging technology can have in discovering vulnerabilities that techniques like fuzzing can't.
The post Google Uses Its Big Sleep AI Agent to Find SQLite Security Flaw appeared first on Security Boulevard.
Private PKI (Public Key Infrastructure) is critical for trusted authentication and secure communication among internal applications, devices, workloads, machines, and services. While most organizations understand its importance, managing it effectively is still a struggle for many. Traditionally, organizations manage private PKI on-premises for greater control, security, and customization. However, as new use cases emerge and […]
The post Why PKIaaS is a Smarter and Secure Alternative to On-Premises PKI appeared first on Security Boulevard.