Taking a Neighborhood Watch Approach to Retail Cybersecurity

Threatpost

Bugcrowd CTO Casey Ellis covers new cybersecurity challenges for online retailers.

Hobby Lobby Exposes Customer Data in Cloud Misconfiguration

Threatpost

The arts-and-crafts retailer left 138GB of sensitive information open to the public internet. Breach Cloud Security Privacy

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Breach at Cloud Solution Provider PCM Inc.

Krebs on Security

based cloud solution provider, allowed hackers to access email and file sharing systems for some of the company’s clients, KrebsOnSecurity has learned. Those sources say the attackers stole administrative credentials that PCM uses to manage client accounts within Office 365 , a cloud-based file and email sharing service run by Microsoft Corp. Data Breaches Cloud Hopper gift card fraud Insight Enterprises microsoft Office365 PCM Inc. A digital intrusion at PCM Inc. ,

Cloud 184

Retail has a multi-cloud problem…with sensitive data

Thales Cloud Protection & Licensing

Digital transformation (DX) is fundamentally impacting all aspects of the economy across every industry, and nowhere is this truer than in retail. DX technologies such as cloud, mobile payments, IoT, Big Data and others have fundamentally changed retailers’ business models, not only by opening new channels to reach customers, but also in how they communicate with, serve, and support them. Tools that reduce multi-cloud data security complexity are critical.

Managing HR in The Retail Sector in the COVID-19 World

InfoGoTo

A good example of implementing these changes can be found with HR in the retail sector. Traditional retailers, those with physical storefronts, had struggled before COVID-19. Then the pandemic hit and most retailers were declared non-essential and shut down.

Retailers Face Many Challenges, Data Security Doesn’t Have to be One of the Them

Thales Cloud Protection & Licensing

Retailers and shoppers are leveraging and enjoying many benefits data sharing brings: loyalty programs, personalized experiences, easier product location and ordering, online shopping, mobile access and the list goes on. Competition is one of many challenges retailers face and while that’s nothing new, the data-driven approach online and brick-and-mortar merchants use today is evolving quickly with transformative technology capabilities. Data security

4 Crucial Tips for Maintaining a Web Application Firewall for Retail

Daymark

Retailers are under intense competition to deliver personal, seamless and differentiated on-line shopping experiences to ensure customer loyalty and drive growth. And while a retailer’s website must be extremely responsive and meet high user expectations, it must also be highly secure. Here are 4 crucial tips for retailers who have implemented a WAF. Security Cloud Networking

Are Data Breaches the New Reality for Retail?

Thales Cloud Protection & Licensing

As digital transformation takes hold, the retail industry is under siege from cyber criminals and nation states attempting to steal consumers’ personal information, credit card data and banking information. While retailers digitally transform their businesses to better serve the higher demands of their customers, they’re being challenged with safeguarding personal data to protect customers, partners and suppliers’ critical information.

It’s time to think twice about retail loyalty programs

Thales Cloud Protection & Licensing

As I was starting to write this blog, yet another retail program data breach occurred, for Marriott’s Starwood loyalty program. What I’d originally planned to write about was a topic that directly applies – why retailers of all stripes are not investing in data security. To make a long story short – the top reason that they didn’t invest in data security was “lack of perceived need” at 52%. But none of these reasons rose to the top in retail. Data security

Oracle Tackles a Massive 405 Bugs for Its April Quarterly Patch Update

Threatpost

Oracle will detail 405 new security vulnerabilities Tuesday, part of its quarterly Critical Patch Update Advisory.

Reltio Cloud – A Data Platform Perfect For Google Anthos

Reltio

Many enterprises are moving from dependence on a single public cloud provider to a multi-cloud architecture. Also a multi-cloud strategy makes more sense for newer data-led enterprises that are permeating every industry sector. Increasingly complex requirements of businesses may need a multi-cloud solution that makes it simpler to aggregate, organize, analyze, and share data across the enterprise. Anastasia Zamyshlyaeva , Reltio.

MDM 63

The race for corporate banks to catch up with their retail peers

CGI

The race for corporate banks to catch up with their retail peers. Corporate and transaction banks (CTBs) face the challenge of delivering services equivalent to those offered by their retail bank peers. Over the last few years, there has been a big drive to digitize the retail bank; and, of course, across Europe, all banks have had to make their data available to third parties that offer bank consumer services in response to PSD2 and open banking.

The Future of Payments Security

Thales Cloud Protection & Licensing

The Future of Payments Security. The Verizon DBIR 2020 report indicates that financially motivated attacks against retailers have moved away from Point of Sale (POS) devices and controllers, towards web applications. Figure 1: Web application breaches in the Retail industry.

Retail 106

Key Developments in IoT Security

Thales Cloud Protection & Licensing

Key Developments in IoT Security. The rush to market for consumers to enjoy the modern conveniences offered by these devices shocked the security community. Security experts were concerned that these devices were built with no security in mind. Data security.

IoT 72

Claire's: Magecart E-Commerce Hackers Stole Card Data

Data Breach Today

Magecart Gangs Targeting Larger Organizations During Lockdown, Researcher Warns Jewelry retailer Claire's says Magecart attackers hits its e-commerce store, hosted on Salesforce Commerce Cloud, and stole an unspecified number of customers' payment card details.

Retail 212

IoT Devices a Huge Risk to Enterprises

eSecurity Planet

According to a pair of recent reports from cloud security vendor Zscaler, cybercriminals picked up on this, with the result being a significant surge in malware attacks against these devices. IoT device security has also been the target of a broad federal effort in recent months.

IoT 87

Security in 2020: Revisited

Schneier on Security

Ten years ago, I wrote an essay : "Security in 2020." Here's what I said back then: There's really no such thing as security in the abstract. Security can only be defined in relation to something else. You're secure from something or against something.

Security Affairs newsletter Round 291

Security Affairs

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 291 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived!

Claire’s Customers Targeted with Magecart Payment-Card Skimmer

Threatpost

The Magecart group targeted the tween accessories specialist starting the day after it shuttered its retail locations due to coronavirus. Breach Cloud Security Web Security claire's coronavirus COVID-19 credit card skimmer jewelry magecart payment card skimmer Salesforce

SHARED INTEL: IT pros gravitate to ‘passwordless’ authentication to improve security, boost agility

The Last Watchdog

That’s the upshot of a new report, The State of Passwordless Security 2021 , put out by HYPR , a New York City-based supplier of advanced authentication systems. HYPR polled 427 IT professionals and found a high level of awareness about passwordless authenticators — and not just for enhanced security. Threat actors now routinely bypass these second-layer security gates. Benefits beyond security. Passwordless authentication as a default parameter can’t arrive too soon.

Ephesoft Leads the Document Capture Industry to the Cloud with the First High- Performance Processing Hybrid Solution

Document Imaging Report

an industry leader in enterprise content capture and data discovery solutions, today announced the launch of its Ephesoft Cloud HyperExtender, the industry’s first hybrid solution that easily transitions the most resource-intensive processes into the cloud for peak performance, scalability and minimized upfront investment. Now, we can create a base system and offload much of the heavy lifting to the cloud to still meet the required SLA.”. Press Releases Cloud Capture

Seven Risks in the Beneficent Cloud

Positively RIM

U ser beware: amid the security and budgetary advantages of the Cloud, risks lurk, ready to sabotage the unprepared or unsuspecting. Records Management in the Cloud cries for Information Governance (IG). Theoretically, you can manage information in the Cloud with the same care and quality of locally stored records. Here’s the plus side: Cloud providers generally secure information better than local IT departments can.

Artificial intelligence in cyber security

IT Governance

Cyber security has become a major priority for every organisation. Such machine learning has been adopted in industries such as motoring, healthcare and retail. It will no doubt progress to many more, so what might this mean for cyber security? Security professionals are expected to spend more on tools that use AI and machine learning, which would help with the extra workload caused by the increasing risk of an attack, and improve defences. Cyber Security Audit.

Safely adopting technology in the hospitality industry

IT Governance

Management teams and front-of-house staff alike need to be familiar with the tools and their functions, as well as the associated information security landscape. Most technology providers now offer Cloud-based solutions that allow for easy integration with other providers. With so much personal data collected and used to inform business decisions, it’s vital that your team has the necessary understanding of cyber and information security. Information security.

Guest Blog: TalkingTrust. What’s driving the security of IoT?

Thales Cloud Protection & Licensing

What’s driving the security of IoT? The Urgency for Security in a Connected World. Imagine a world where the retail value of your car actually grows over time – that’s now becoming a reality. Device Security is Hard. Security isn’t static. Securing the IoT Stack.

Adapting to the new normal: Remote work and the IBM Z

Rocket Software

The connection will be a secure encrypted connection back to the hosting server. Securing the IBM Z. Within your work environment, you might have a private network and secure access to your buildings, so you feel comfortable with who is accessing your mainframe IT systems.

NEW TECH: Cequence Security launches platform to shield apps, APIs from malicious botnets

The Last Watchdog

And innovation is percolating among newer entrants, like PerimeterX, Shape Security and Signal Sciences. This week a new entrant in this field, Cequence Security , formally launched what it describes as a “game-changing” application security platform. Bad actors are standing up these virtual bots by the million, cheaply and stealthily, via Amazon Web Services, Microsoft Azure and Google Cloud. Shifting security challenge.

B2C 126

MY TAKE: Can ‘Network Traffic Analysis’ cure the security ills of digital transformation?

The Last Watchdog

If digital transformation, or DX , is to reach its full potential, there must be a security breakthrough that goes beyond legacy defenses to address the myriad new ways threat actors can insinuate themselves into complex digital systems. NTA refers to using advanced data mining and security analytics techniques to detect and investigate malicious activity in traffic moving between each device and on every critical system in a company network.

CCTV and the GDPR – an overview for small businesses

IT Governance

If your business uses CCTV – whether for security or employee monitoring purposes – and you’re unsure about your obligations under the new law and how they differ from those of the DPA (Data Protection Act) 1998, this blog outlines some of the areas you need to consider. Processed securely. The international standard for information security management, ISO 27001, is an excellent starting point for implementing the technical and organisational measures necessary under the GDPR.

GDPR 78

Securing Your Business with an AI-Driven Network

Adapture

As we continue to work through these challenging times, businesses need to rely on secure cloud services to support the health and safety of individuals using or visiting customers’ facilities. The post Securing Your Business with an AI-Driven Network appeared first on ADAPTURE.

Does artificial intelligence mean artificial security?

Thales Cloud Protection & Licensing

The price you pay for this breakfast increases radically with poor security. You may be a retailer predicting the mood of a potential buyer using deep learning for sentiment analysis, or maybe you run an aircraft lease company consuming diagnostics to make critical decisions about engine component failures. It is critical that you plan for data security that upholds your security posture in all geographies. How will you secure AI data in the cloud?

Security Affairs newsletter Round 181 – News of the week

Security Affairs

The best news of the week with Security Affairs. Feedify cloud service architecture compromised by MageCart crime gang. Flaw in Western Digital My Cloud exposes the content to hackers. Magecart cybercrime group stole customers credit cards from Newegg electronics retailer. Security Affairs – Newsletter ). The post Security Affairs newsletter Round 181 – News of the week appeared first on Security Affairs.

The John Lewis Partnership creates new cloud-based business archive with Preservica

Preservica

Preservica’s cloud-hosted active digital preservation platform will future-proof tens of thousands of unique heritage, brand, product design and corporate assets. Oxford, UK and Boston, MA: April 11 2018: The John Lewis Partnership, one of the UK’s leading retail businesses, has selected digital preservation specialist Preservica to build a secure cloud-based business archive.

Is Your Customer Experience Future-Ready?

Reltio

How do you ensure security and privacy while personalizing the customer experience? Do you have fail-safe processes to guarantee security of customer data? White Paper: The Golden Path to B2C Customer 360 – What We Learned from World’s Largest Retail & Consumer Brands. appeared first on Reltio Cloud. Ankur Gupta, Sr. Product Marketing Manager, Reltio. Are your customers demanding and want only the best? I guess the question is redundant.

What’s your Data Confidence Number?

Reltio

Reltio’s latest release offers a breakthrough data confidence capability to cross this chasm of trust for enterprises that use Reltio Cloud for their analytics and operations. Reltio Data Quality Confidence Indicators are continuously calculated for all profiles in Reltio Cloud and presented to the user as actionable metrics. Data organized in Reltio Cloud is now the only data available to business users with a confidence indicator. appeared first on Reltio Cloud.

REvil gang exploited a zero-day in the Kaseya supply chain attack

Security Affairs

A new supply chain attack made the headlines, on Friday the REvil ransomware gang hit the Kaseya cloud-based MSP platform impacting MSPs and their customers. The post REvil gang exploited a zero-day in the Kaseya supply chain attack appeared first on Security Affairs.

The Sainsbury Archive chooses Preservica to create new cloud-based digital archive

Preservica

Preservica’s active digital preservation platform selected to future-proof unique digital assets that document nearly 150 years of corporate, brand and retail history. Oxford, London UK and Boston MA, March 14 2018: The Sainsbury Archive, which charts the growth and history of one of the UK’s largest supermarkets, has chosen Preservica’s AWS cloud-hosted digital preservation platform to actively preserve invaluable digital assets relating to the company’s operations.

MY TAKE: Agile cryptography is coming, now that ‘attribute-based encryption’ is ready for prime time

The Last Watchdog

I had the chance to learn more about ABE from Brent Waters, a distinguished scientist in the Cryptography & Information Security (CIS) Lab at NTT Research. That said, it may not be well-suited, in its current form, to achieve the level of security needed in an environment where companies rely on multi-cloud and hybrid cloud networks and wide-open software development. In this frenetic environment, PKI is holding together an acceptable level of security.

Reltio Advances in Gartner Magic Quadrant for MDM Solutions

Reltio

Reltio Connected Data Platform is the only cloud-native, multi-tenant, multi-domain MDM software as a service ( SaaS ) platform on the market. Gartner points to Reltio’s “market momentum,” “real-time B2B and B2C,” and a “mature cloud offering” as Strengths. Cloud Matters.

MDM 67

Modern, Open, and Smart Data Management for Db2 Leaders

Rocket Software

Hybrid Cloud. It’s the only infrastructure that can offer low latency, high performance, and reduced complexity and resiliency, all within a security-rich environment. What issues come about from hybrid cloud architecture?