Senior LP & AP Jobs Market

Director of Asset Protection & Safety job posted for Duluth Trading Company in Mount Horeb, WI
The Director of Asset Protection and Safety is responsible for developing strategies, supporting initiatives, and creating a vibrant culture relating to all aspects of asset protection and safety throughout the organization. As the expert strategist and leader of asset protection and safety, this role applies broad knowledge and seasoned experience to address risks.  recruiting.ultipro.com

Associate Dir. of Physical Security & AP job posted for Savers (Remote role)
The Associate Director of Physical Security & Asset Protection's primary responsibility is to support organizational growth through collaboration and management of the company's physical security platforms and programs. Reporting to the Sr. Director of Risk and working collaboratively with company stakeholders/applicable vendors will support and achieve the successful completion of diverse physical security initiatives and other projects that instill a safe working environment across the organization. indeed.com
 

Millions of Customers Exposed in Retail Cyberattack
10M JD Sports Customers' Info Exposed in Data Breach

UK sportswear retailer asks exposed customers to stay "vigilant" against phishing attempts following cyberattack.

UK sportswear retailer JD Sports is warning some 10 million of its customers that their personal data - including name, billing address, delivery address, email address, phone number, order details, and last four payment card digits - might have been exposed in a recent cyberattack.

Affected customers placed online orders with JD Sports between November 2018 and October 2020 for items branded JD Sports, Size?, Millets, Blacks, Scotts, and MilletSport, the company said in a statement.

JD Sports said while it cannot definitively say whether the data was accessed, the system holding the data was, so as a precaution, JD Sports is notifying and advising impacted customers to remain on the lookout for social engineering scams.

JD Sports does not store full payment card details, the retailer said, and there is no evidence that account passwords were compromised.

Stolen Data Could Fuel Follow-on Cyberattacks

While disclosure is the right thing to do for the retailer, notes Lior Yaari, CEO of Grip Security, letting the public as well as potential threat actors know about the breach without first resetting account credentials might in itself attract the wrong kind of attention.

"Retailers should approach a breach of customer data similar to an internal breach of employees - requiring every customer to reset their account credentials," Yaari said in a statement provided to Dark Reading. "The official announcement from JD Sports and the news coverage sets the stage for the hackers to start sending out password reset phishing emails to the 10 million customers to harvest their credentials."

Yaari predicts additional attacks will be fueled by this breach. darkreading.com


Even The Dark Web is Facing a Hiring War
Cybercrime groups offer six-figure salaries, bonuses, paid time off to attract talent on dark web

Despite the obvious risks, tech jobs with hacking groups can be alluring for those who need the money or want to do the work.

Cybercrime is a booming business. So, like any other thriving market, the masterminds behind ransomware syndicates or online scam operations need workers, too. And they aren't just looking for other criminal hackers. Developers, administrators and designers are in high demand.

And just as the cybersecurity market is competing for the best talent, cybercriminals are also offering high salaries and perks to attract the best. Some ads boasted annual salaries as high as $1.2 million for the skilled hackers.

According to new analysis from the cybersecurity firm Kaspersky, it appears that developers are the most sought after within the cybercrime ecosystem. The company's researchers reviewed roughly 200,000 employment-related messages posted on 155 dark web forums between January 2020 and June 2022. The number of posts peaked in March 2022, possibly because of COVID-19-related lockdowns and income reductions in multiple countries. Nevertheless, job posts - both seeking employment and listing jobs - have exceeded 10,000 per quarter, the analysis found.

Other in-demand positions included attack specialists, reverse engineers, testers, analysts, administrators and designers. Even the most sophisticated hacking crews still need help, the researchers said.

Not all job listings are for roles performing illegal work - in fact, one "well-known Russian bank" sought to hire developers while others sought candidates to develop legal IT learning courses - but even the criminal work had the mundane sort of feel of typical employment ads. Test assignments were common, the researchers said, and included steps such as encrypting files, evading anti-virus detection and being generally professional and available online.

The analysis found that some people seeking jobs seemed to simply need the money, but for others the reasons may be harder to pin down. Either way, people seeking out this kind of work may not fully understand who they're getting involved with.  cyberscoop.com

   RELATED: Cybercrime Ecosystem Spawns Lucrative Underground Gig Economy


The Growing Insider Threat
Insider attacks becoming more frequent, more difficult to detect
Insider threats are a top concern at organizations of all kinds; only 3% of respondents surveyed are not concerned with insider risk, according to Gurucul.

The report found that organizations have never felt more vulnerable with three-quarters of respondents saying they feel moderately to extremely vulnerable to insider threats - an increase of 8% over the previous year.

This rise in perceived vulnerability coincides with a significant increase in insider attacks as 74% of organizations report that attacks have become more frequent (a 6% increase over last year), with 60% experiencing at least one attack and 25% experiencing more than six attacks.

Organizations are also struggling with insider threats in the cloud and often don't have the necessary technical capabilities in place to detect and prevent them.

87% of organizations consider unified visibility and control across all apps, devices, web destinations, on-premises resources, and infrastructure to be moderately to extremely important.

However, 48% monitor for unusual behavior across their cloud footprint and the web. Furthermore, over half of respondents said that detecting insider threats is harder in the cloud and that uptime and performance of tools like SASE and CASB is vital to success. helpnetsecurity.com


Balancing Cybersecurity Spending & Economic Changes
How organizations can keep themselves secure whilst cutting IT spending
It is the immediate natural reaction of most organizations to cut costs during an economic downturn. But the economy will return and cutting back too far can be damaging in the long term.

Complex situations such as a global recession often make criminals more motivated. Adversaries are banking on the fact that organizations are busy trying to ride this curve and might lose sight of their security protocols.

Most organizations find it impossible to balance the threats as well as the economic changes, and threat actors are counting on organizations to reduce costs that might impact their security posture, as well as having a complex environment that is in desperate need of a clean-up.

We are in a unique time of change in IT as organizations navigate the ongoing digital transformation, a continued migration to the cloud and the movement towards zero trust. helpnetsecurity.com


ChatGPT is a bigger threat to cybersecurity than most realize

Russia's Sandworm hackers blamed in fresh Ukraine malware attack

Falls Church, VA: Smash-and-grab thieves steal $100K worth of jewelry
Detectives from the Falls Church Police Department are searching for three suspects who they say stole $100,000 worth of jewelry from a store in the Eden Center shopping mall. Police said the three suspects entered Princess Diamonds around noon on Friday. One of the bandits pointed a gun at an employee, while another used a hammer to shatter display cases to access the jewelry. Authorities believe the robbers, who each wore ski masks that covered most of their faces, fled in a black Mercedes-Benz. Two of them were last seen wearing black winter coats, and one of the suspects wore a gray winter coat with red and blue stripes across the chest.   fox5dc.com


Bakersfield, CA: CHP conduct 'Blitz' retail operation, recover over $8k at TJ Maxx, Marshalls
California Highway Patrol conducted a retail "Blitz" operation at two Ming Avenue retail locations over the weekend, recovering $8,403.99 worth of items. From Saturday, Jan. 28-Jan. 29, detectives and investigators with CHP's Organized Retail Crime Taskforce conducted the operation at TJ Maxx and Marshalls, located on Ming Avenue. A total of 285 items were recovered. Officers arrested 33 suspects for their crimes related to the operation. CHP, loss prevention professionals and security collaborated to conduct the investigation. CHP said a number of the suspects also had unrelated outstanding felony and misdemeanor warrants for various charges, including assault, failing to appear and failing to check in with their parole/probation officer.  bakersfieldnow.com


Houston, TX: Eyewear Store Owner takes on Thieves that stole Thousands over last 6 Weeks
A robbery in progress was stopped when a store owner took matters into his own hands in the Heights, and it was all caught on surveillance video. Nate Gorman and his wife are small business owners at Pearle Vision in the 3000 block of Yale street near IH-610. Gorman told ABC13 that their shop had been a target once or twice a week for six weeks. They want the men responsible to be held accountable. On Thursday, Dec. 29, 2022 at about 5:20 p.m., two suspects were seen on surveillance video entering the store. Gorman said one of the suspects, shown in the white cap, was familiar with the store workers. "I told them I was sick of them robbing us, and they needed to go," Gorman said. Gorman reportedly told police the man with the white cap had been stealing from their business for several weeks, costing them several thousands of dollars in losses. "I was kind of sick of it. So I helped escort him to the front door. He grabbed a bunch of Gucci's, and you see on the video the altercation happened," Gorman said. He said the suspect in the black beanie didn't get away with those glasses, but he punched Gorman in the face while being pushed out of the store. abc13.com


Louisville, KY: 2 adults, 3 juveniles accused of stealing $4K+ in LEGO from Target
St. Matthews Police arrested multiple people on Sunday night after being accused of stealing more than $4,000 in LEGO sets from the Target on Westport Road. Two adults, 35-year-old Sierra Alexander, also known as Sierra D. Davidson, and 19-year-old Je'Vaeh I. Kenslow were charged with shoplifting and unlawful transaction with a minor in connection to the incident on Sunday night. Three other juveniles were also listed as accomplices in the theft, police said. According to an arrest report, officers were called to the Target store on Westport Road by a loss prevention team who saw the listed subjects shoplifting. Police were told the subjects had baskets full of LEGO sets, went past cashiers and left the store without paying. The LEGO sets were then loaded into a vehicle and the individuals attempted to leave the store. Loss prevention staff at Target told police the subjects had taken 23 LEGO sets worth around $4,853.45. Officers arrived and found Alexander as the driver of the listed vehicle, which was boxed in on the side of the store.  kwtx.com


Simi Valley, CA: 3 Arrested in $3,000 CVS theft at multiple locations
For the second day in a row, an organized retail theft crew was apprehended in connection with thefts from local drugstores in the city, police said. Simi Valley police said they arrested three individuals on suspicion of conspiracy to commit a crime, organized retail theft and grand theft on Sunday. The previous day on Saturday, police arrested two Los Angeles women on suspicion of the same offenses. The latest arrests followed a report from an employee at a CVS store at 591 Country Club Drive, who said three individuals took more than $1,000 worth of cosmetics Sunday afternoon. The employee provided a description of their vehicle and a license plate number, police said. Aware that organized retail theft crews often steal from multiple locations, an officer checked other CVS stores and located the vehicle at the CVS at 2825 Cochran St. Officers apprehended the three individuals and located more than $3,000 in merchandise, officers said. vcstar.com


Saginaw Township, MI: Pickup truck backs into Saginaw Township store to break in
Police say a pickup truck crashed through the front doors of a clothing store in Saginaw Township to break in last week. The Saginaw Township Police Department says a thief used a Chevrolet Silverado to back through and shatter the front doors of DXL at 4434 Bay Road around 5:30 a.m. Thursday. Once they got access inside, investigators say the suspect began stealing clothing off the racks. Surveillance video from inside the store shows the suspect going inside three times and removing $2,700 worth of clothes.  abc12.com


Chicago, IL: Smash-and-grab robbers hit Canada Goose on Mag Mile; 3 suspects sought

Gainesville, FL: Man who allegedly took $1,137 in items from Walmart arrested after foot chase

Berks County, PA: Man arrested for false returns at Lowe's and Home Depot, outstanding warrants and long history of priors