DOJ Corporate Crackdown Begins - Read DOJ's Version of Events
Great detailed report on how the security team went way-way over the line

DOJ: Two Former eBay Executives Sentenced to Prison for Cyberstalking
BOSTON - The former Senior Director of Safety & Security at eBay, Inc. and the company's former Director of Global Resiliency were sentenced to prison today for their roles in a cyberstalking campaign targeting the editor and publisher of a newsletter that eBay executives viewed as critical of the company.

James Baugh, 47, of San Jose, Calif., was sentenced to 57 months in prison and two years of supervised release. Baugh was also ordered to pay a fine of $40,000. David Harville, 50, of Las Vegas, Nev., was sentenced to two years in prison and two years of supervised release. Harville was also ordered to pay a fine of $20,000. On April 25, 2022, Baugh pleaded guilty to one count of conspiracy to commit stalking through interstate travel and through facilities of interstate commerce, two counts of stalking through interstate travel, two counts of stalking through facilities of interstate commerce, two counts of witness tampering and two counts of destruction, alteration and falsification of records in a federal investigation. On May 12, 2022, Harville pleaded guilty to one count of conspiracy to commit stalking through interstate travel and through facilities of interstate commerce, two counts of stalking through interstate travel and two counts of stalking through facilities of interstate commerce.

"The internet is incredibly powerful. It brings community, information, and even merchandise right to our homes. Mr. Baugh and Mr. Harville used the internet's power to harass and intimidate a couple who did nothing-nothing-other than publish content that our First Amendment protects. The defendants' toxic brand of online and real-world harassment, threats, and stalking was outrageous, cruel and defies any explanation-all the more because these men were seasoned and highly paid security executives backed by the resources of a Fortune 500 corporation. Their behavior was reprehensible. The just sentences the Court imposed today will take Mr. Baugh and Mr. Harville offline and out of our community for some time. This should serve as a strong reminder to all that holding positions of wealth and privilege does not absolve or shield criminals from accountability and incarceration. The government's investigation continues," said United States Attorney Rachael S. Rollins.

Continue Reading Official Release and Public Record

NACS Survey: 41% of C-Stores Offering Self-Checkout in 2022
"The pandemic and the labor shortage is acting as a catalyst"

"Just Walk Out" Tech Popping Up at Airports - Becoming the "Norm" in C-Stores

Hudson's, Zippin, Grab0 & Fly, Camden Food Express have rolled out grab-and-go technology in DFW, JFK, Midway, and others.

Last year, both Kroger and Walmart pushed self-checkout even further and introduced 100% self-checkout test stores. The chains opted to forego traditional manned checkouts altogether:

Wawa started rolling out self-checkout last year to 60-plus stores and stated that all new stores will include self-checkout as an option. Royal Farms expanded its self-checkout solution to all 247 stores in 2021. And the Spinx Company plans to introduce the option in all of its 80-plus South Carolina stores this year. Parker's, Savannah, George, rolled it out in their 70 stores.

While autonomous formats are not yet part of the mainstream shopping culture today-in any retail outlet-it is something that c-stores are becoming more aware of as a potential opportunity.

"Self-checkout is probably the norm in the c-store industry today," he said when it comes to frictionless solutions. And another retailer said that he finds a correlation between understaffed stores and a greater use of frictionless checkout. "And long-term employees like the system because it greatly reduces a task that tends not to be the favorite," he said.

"Technologies like this will see significant market share from the top players over the next three years," Awalt said. "The combination of the pandemic and the labor shortage is acting as a catalyst for the industry as a whole. More c-store companies today have full innovation teams-they are ready for this." convenience.org

Retail Holiday Hiring Roundup
How retailers are hiring for the holidays in 2022

In preparation for demand, some companies are staffing for the season similarly to 2021 while others are reducing their efforts.

Walmart: The company's hiring for the 2022 season slowed to 40,000 additional associates, which is down about 75% from the 150,000 hired last year.

Target: Target is keeping its hiring plans steady this year, once again planning to bring on up to 100,000 seasonal employees to help out at its stores and supply chain facilities.

Dick's Sporting Goods: Dick's Sporting Goods plans to hire up to 9,000 seasonal associates this year, according to a company press release

Macy's: The department store this week said it's working to fill more than 41,000 full- and part-time seasonal positions at its Macy's, Bloomingdale's and Bluemercury stores, supply chain locations and call centers.

Kohl's: Although the company wouldn't say exactly how many employees it would bring on, a spokesperson told the Milwaukee Business Journal that the number would be comparable to last year's number of 90,000.

UPS: UPS announced in September that it plans to hire more than 100,000 seasonal employees in time for the holiday rush.

Party City: Party City said it will hire 20,000 employees in time for the holidays.

Michaels: Arts and crafts retailer Michaels announced it will hire 15,000 seasonal employees in the U.S. and Canada ahead of the 2022 holiday season. retaildive.com

Deadliest Hurricane in History?
Biden: Hurricane Ian 'could be the deadliest' in Florida's history
President Biden on Thursday warned Hurricane Ian could prove to be the deadliest storm in Florida's history as it punished swaths of the state with flooding rains and damaging winds.

"This could be the deadliest hurricane in Florida's history. The numbers are still unclear, but we're hearing early reports of what may be substantial loss of life," Biden said during a visit to Federal Emergency Management Agency headquarters for a briefing on the hurricane response.

Hurricane Ian made landfall on Wednesday as a Category 4 storm, lashing the western coast of the state in particular. But the size of the storm meant that other parts of the state also faced flooding and power outages. thehill.com

At Least 19 Deaths Reported So Far
After slamming Florida, Hurricane Ian barrels toward South Carolina
Storm system Ian has intensified to a Category 1 hurricane, and it's expected to make landfall in South Carolina midday today, according to the National Weather Service. The storm made landfall along the southwestern coast of Florida as a powerful Category 4 hurricane Wednesday.

At least 19 people have been reported dead so far due to the storm. Search and rescue efforts are underway in the worst-hit areas of Florida. cnn.com

144 Walmart & Sam's Club Stores Still Closed From Hurricane Ian

Walmart, Sam's Club and the Walmart Foundation are committing up to $6 million to recovery and relief efforts.

As part of this commitment, we will help maximize their impact by matching contributions 1:1 when they donate at our registers (up to $2.5 million) or through our associate giving program. walmart.com

Why stores start selling Christmas stuff in September
This year, there are new incentives for holiday creep. Higher prices are factoring into purchasing decisions this year, and these early promotional deals allow shoppers to stretch their budgets over a longer period of time

McDonald's is coming out with Happy Meals for adults
 

Senior LP & AP Jobs Market

Director, Investigations - Workplace Investigations job posted for Walmart in Bentonville, AR
Walmart is seeking a Director for Workplace investigations who has a strong knowledge base of overseeing, conducting and/or managing internal investigations. The Director of Workplace investigations will need to be a motivated team player with a keen ability to effectively manage a team of investigators and managers. Our Global Investigations team is assigned to investigate a broad range of sensitive and complex matters for the company. The team is tasked to conduct and examine issues objectively and leverage investigative techniques and advanced analytics to appropriately report the facts. careers.walmart.com
 

Cybersecurity Awareness Month 2022 Starts Tomorrow!
The Final Countdown to Cybersecurity Awareness Month 2022: "It's easy to stay safe online!"
Today's blog will jumpstart NIST's celebration of Cybersecurity Awareness Month 2022! We have a lot in store for October and are looking forward to sharing our work, progress, events, and news with you. This year's theme is "It's easy to stay safe online" and will cover four key behaviors:

1. Enabling multi-factor authentication
2. Using strong passwords and a password manager
3. Updating software
4. Recognizing and reporting phishing

As a repeat Cybersecurity Awareness Month Champion, NIST is dedicated to promoting a safer online environment and helping others learn and understand the complex world of cybersecurity. We plan to post a series of blogs each week in October that will feature our NIST experts explaining ways to use the four above behaviors to keep people and businesses more secure online. We will also be using our @NISTcyber Twitter account as a vehicle to spread the word about our various cybersecurity and privacy resources (think videos, publications, infographics, fact sheets, websites, and more). nist.gov

In-Store Cybersecurity Should be a Top Priority
Why retail stores are more vulnerable than ever to cybercrime

Dakota Murphey explains why store owners and security managers need to protect their physical locations from the cyber threat

Figures from SonicWall's Biannual Report revealed that ecommerce and online retail businesses saw a 264% surge in the past 12 months in ransomware attacks alone. These kinds of statistics are extremely worrying for retail businesses, so it is unsurprising that websites and digital security are at the forefront of retailers' minds.

However, for those retailers that have a physical store as well as an online presence, there might be an assumption that the cyber security in-store doesn't need to be considered as a top priority. Well, doing so could be a big mistake.

Security is weaker

Increasingly, as retail stores are less well protected they are being seen as an easy way into the computer system of a company. Perhaps the lesson that needs to be learned here is that you should never assume that you won't or can't be attacked. Cybercriminals are far more sophisticated than they've ever been. If there are gaps in security, they can identify and tap into them.

Stores and websites are intrinsically linked

For the majority of businesses, the physical store is actually just as dependent on your IT system as the site online. This presents a potential problem. If your physical retail store can potentially allow access to your whole IT system, cybercriminals can use nefarious methods in your physical premises.

The rise of the Internet of Things

Physical stores are increasingly reliant on Internet of Things devices. This might include stock checkers, smart shelves, predictive maintenance equipment and much more. Physical security devices such as CCTV, video surveillance and alarm systems are often connected to the internet and can also be a vulnerability for targeted cyber attacks.  ifsecglobal.com

The Greatest Security Risk is in the Cloud
More Than Half of Security Pros Say Risks Higher in Cloud Than On Premise

Report shows that forty-five percent of companies have had four or more cloud incidents in the last year

Venafi surveyed 1,101 security decision makers (SDMs) in firms with more than 1,000 employees and found that eighty-one percent of companies have experienced a cloud security incident in the last year. Forty-five percent have suffered at least four security incidents in the same period. More than half of security decision makers believe that security risks are higher in the cloud than on-premise.

Most of the firms surveyed believe the underlying issue is the increasing complexity of their cloud deployments. Since these companies already host 41% of their applications in the cloud, and expect to increase this to 57% over the next 18 months, the problem is only likely to worsen in the future.

Kevin Bocek, VP of security strategy and threat intelligence at Venafi, believes, "The ripest target of attack in the cloud is identity management, especially machine identities.

Respondents reported that the most common cloud incidents are security incidents during runtime (34%), unauthorized access (33%), misconfigurations (32%), vulnerabilities that have not been remediated (24%), and failed audits (19%).

Their primary operational concerns are hijacking of accounts, services or traffic (35%), malware or ransomware (31%), privacy/data access issues, such as those from GDPR (31%), unauthorized access (28%), and nation state attacks (26%).

The real problem lies with the often-difficult relationship between developers and security teams. Developers are required to work at speed, and security teams often have little visibility into their work. Containers are now the primary machine context in cloud native systems, using resources that don't need to be hosted in a single location. securityweek.com

Retailers are a Top Global Target in Cyberattacks
The cybersecurity problems threatening Australian retail
In a recent global report, Thales Cloud Security surveyed 2,767 organisations in critical infrastructure to determine the prevalence of the cyber threat and the status of responses. Such examples of critical infrastructure include those in healthcare, financial services, telecommunications and, increasingly, retail.

"The pandemic has reshaped and extended what Australians view as 'critical'," says Grant, "Retailers and logistics providers have proved to be just as vital as utility companies and telcos."

Of respondents to its survey, Thales reported that as many as 44 percent disclosed increases in volume, severity and/or scope of cyberattacks within the last 12 months, with more than a third having experienced a security breach within the same period. And the problem is far from one of relevance to only bigger organisations, with SMEs and sole traders also warned to take the problem seriously.

"This is not something that just impacts major organisations, cybercrime costs are expected to increase by 15% per year up until 2025, reaching an eye-watering $10.5 trillion annually, according to Cybersecurity Ventures," Skye Theodorou, co-founder of insurtech company Upcover, tells Power Retail, "This is big business for criminals - and is expected to outstrip the global trade of all major illegal drugs combined." powerretail.com.au

Cybersecurity salaries revealed: Talent shortage - Firms paying top talent base salaries as high as $220,000
According to data-tracker CyberSeek, it takes 21% longer to fill cybersecurity roles than any other IT job, with more than 700,000 openings in the US currently. There were also more than 500,000 roles needing people with cyber-security-related skills, but employers are struggling to find adequately qualified people.

US firms such as Palo Alto, McAfee, and Cloudflare are known to pay six-figure base salaries. European firms such as Sophos, Kaseya, and Bitdefender are likewise willing to compensate senior talent generously. businessinsider.com

3 types of attack paths in Microsoft Active Directory environments

Walmart Global Investigations Team Recognized By U.S. Secret Service

Chinese Fraud Crew & U.S. Foreign Co-conspirators Hit Walmart Stores Nationwide
DOJ: Two Defendants Plead Guilty Resulting from Separate Investigations into Complex Wal-Mart Gift Card Schemes Involving Hundreds of Fraud Victims

"The strong relationship between the United States Secret Service and Walmart Global Investigations prevented additional victims in this fraud scheme."

ALBANY, Ga.: Yao Lin, 51, of Ruther Glen, Virginia, and Wen Xue Lin, 39, of Philadelphia, Pennsylvania, each pleaded guilty to one count of wire fraud today and face a maximum of 20 years imprisonment to be followed by three years of supervised release and a $1,000,000 fine. Sentencing within 90 days as determined by the Court.

"These investigations clearly show how foreign actors pray on American victims. The international fraudsters operated numerous fraud schemes to convince American victims to purchase gift cards. The international actors utilized their foreign connections within the United States to 'cash out' the gift cards purchased by victims of fraud.

According to court documents, Yao Lin and Wen Lin, acting apart from each other, traveled at different times to Walmart stores located in the southern United States to purchase various gift cards using electronic Walmart gift cards on their smart phones which were obtained by unnamed individuals through multiple scams inflicted on victims across the country.

Wen Lin told agents that he would receive a gift card number from sources in China through an app on his smart phone. Once the gift card number was loaded onto his phone, Wen Lin would go to a Walmart and purchase other kinds of gift cards and send those gift cards back to China.

Wen Lin was taken into custody on Sept. 26, 2019, at a Walmart store in Hazlehurst, Georgia, after making illicit purchases at Walmart stores over a three-day period within the Middle District of Georgia including Tifton, Winder, Athens, Madison, Forsyth, Macon, Warner Robins, Perry, Cordele, Americus and Albany. A search of Wen Lin's vehicle recovered 1,298 Walmart Vanilla Mastercard and American Express gift cards with a face value totaling $229,100. There was approximately $40,000 in unused value remaining on those cards. The gift cards were used to purchase other cards in the amount of $287,335.34.

Yao Lin was connected to 1,649 different transactions using 1,271 different Walmart gift cards between Feb. 19 - March 29, 2021, totaling $533,341.75. The Walmart gift cards attributed to Yao Lin were purchased by over 370 different victims located in all 50 United States and Puerto Rico. Yao Lin was taken into custody in the Middle District of Georgia on March 29, 2021, in Valdosta, Georgia, after making fraudulent transactions at Walmart stores in the Middle District of Georgia including Macon, Warner Robins, Tifton, Adel and south into Valdosta. A search of Yao Lin's vehicle recovered 128 Google Play, Steam and Apple gift cards, valued at approximately $9,300.

Both Wen Lin and Yao Lin admitted to participating with unnamed co-conspirators in this scheme and receiving 3% of the total funds converted from Walmart gift cards as payment for their criminal efforts. They say they did not know the electronic gift cards were obtained by defrauding people and assert they did not know of any other victim than Walmart. It is not known whether the unnamed co-conspirators from either case are acting together or separately. justice.gov

NYC & N.J. CC Fraud Crew Sets Up Luxury Goods Online Resale Shop
DOJ: Multiple U.S. Postal Service Employees & Others (Nine) Arrested For $1.3 Million Fraud & Identity Theft Scheme
Announced today the unsealing of an indictment charging JOHNNY DAMUS, a/k/a "Ace," RASHAAN RICHARDS, a/k/a "Jay Dee," a/k/a "JD," a/k/a "Payso," DEVON RICHARDS, a/k/a "Dev," CONRAD HERON, a/k/a "Conny Cash," LOUIS JEUNE VERLY, a/k/a "Luis Jesus Virola," KAREEM SHEPHERD, a/k/a "Reem," a/k/a "Marcus Ford," a/k/a "Frank James," FABIOLA MOMPOINT, a/k/a "Lady Fab," NATHANAEL FOUCAULT, and JOHNATHAN PERSAUD, a/k/a "Junzie-J," in connection with their theft and unauthorized use of credit cards to defraud several national financial institutions, credit card companies, and major retailers, resulting in more than $1.3 million in intended losses as well as the theft of hundreds of identities. As alleged, the defendants conspired to steal credit cards from the mail; use those stolen credit cards at a variety of stores, including high-end retailers; and sell some of the merchandise purchased with the stolen cards on the website LuxurySnob.com ("LuxurySnob").

Members of the conspiracy, "the Shoppers", and others known and unknown, then used the stolen cards to purchase luxury goods-including items manufactured by, among others, Chanel, Fendi, Hermes, and Dior-from high-end retailers, including major department stores in, among other places Manhattan, Brooklyn, and New Jersey. Often, JOHNNY DAMUS, instructed the Shoppers to purchase particular luxury items in specific quantities. Working together with a close associate ("CC-1"), DAMUS functionally operated LuxurySnob.com, on which many of these fraudulently obtained luxury items were sold. LuxurySnob purports to be an "online consignment and personal shopping company" specializing in "pre-owned luxury items," but, in fact, many of the items it sells were purchased using stolen credit cards.

U.S. Attorney Damian Williams said: "As alleged, the defendants engaged in a years-long scheme to manipulate credit card companies and major retailers across New York and New Jersey by stealing credit cards and using those cards to purchase, and subsequently sell, luxury goods. justice.gov

Indianapolis, IN: Indy woman who called herself a 'crackhead' had 73 stolen credit cards, dozens of government IDs
State troopers found a trove of stolen credit cards, government identifications, passports, checkbooks and more after pulling over an Indianapolis woman who was driving with an expired temporary license plate. Angela Cook, 47, was arrested for a slew of charges that include identity deception, driving while suspended and possession of cocaine. At the time of the traffic stop, troopers discovered Cook had three active felony warrants, including two in Hamilton County and a third in Hendricks County, a probable cause affidavit showed. In total, a search of Cook's vehicle revealed she had 40 government-issued identifications, 73 credit cards, three passports, eight social security cards and seven checkbooks - all belonging to various people. fox59.com

Broward County, FL: Cross-Dressing Serial Shoplifter Behind Bars in Broward
A Miami Gardens man, who sometimes dresses as a woman to shoplift, is looking at a growing list of charges after being suspected of grand theft at stores from Miami to Altamonte Springs, court records show. According to several arrest reports, Jamarian Ashford Brooks, who turned 20 Wednesday, entered a Bath and Body Works store in Pembroke Pines on June 25, 2021, with two women and stole scented candles and fragrances. He entered a Bath and Body Works store in Deerfield Beach with two alleged accomplices July 5, 2021, and stole nearly $2,700 worth of scented candles and wallflower heater fragrances. The trio did it again at a Bath and Body Works store in Hollywood July 14, 2021, stealing more than $2,000 worth of candles and fragrances. The same day, the group stole 31 bottles of tequila worth a total of $1,925 from a Total Wine store in Coral Springs. Brooks and an alleged accomplice pepper sprayed and hit a 71-year-old clerk to steal a $100 bottle of Hennessey and other items from a Walgreen's in Pembroke Pines July 25. Two days later, Brooks and three alleged accomplices pepper sprayed and struck a Walgreen's clerk to steal a bottle of Patron tequila in Davie. Also on July 27, Brooks and the other suspects stole merchandise worth $225 from a Hobby Lobby store in Davie then pepper sprayed and struck the manager's head with a basket before fleeing in a car. Brooks was caught in Miami after shoplifting at a BJ's Wholesale Warehouse, police said. nbcmiami.com

Colorado Springs, CO: 4 suspects at large after shoplifting, hit-and-run at Big R; employee injured
Deputies are looking for four suspects in a robbery and hit-and-run Thursday afternoon at Big R on Fontaine Boulevard in Security-Widefield, according to El Paso County Sheriff's Office. The suspects, two males and two females, attempted to flee after shoplifting when citizens intervened, blocking the suspects' vehicle. The driver, who deputies say has face tattoos, began ramming his car into the vehicles around him to get out of the parking spot. The driver proceeded to run over a Big R employee before fleeing. Deputies arrived at the scene at 3:50 p.m. gazette.com

Staten Island, NY: Gunpoint robbery reported at store on Forest Avenue; $13K in cell phones, smart watches stolen
A cell-phone store on Forest Avenue in Mariners Harbor reportedly was robbed at gunpoint on Wednesday evening, according to police. The incident occurred around 5:45 p.m. at the T-Mobile store at 2031 Forest Ave. near Maple Parkway, according to a spokesman for the NYPD's Deputy Commissioner of Public Information. Workers said that the terrifying episode began when two unknown men entered the store and brandished guns. One of the suspects forced an employee to take him to the safe. The workers were forced at gunpoint to lie on the floor while the suspects looted the store, according to the police spokesman. The suspects stole about $240 in cash, numerous cell phones and other electronics, including smart watches. The total value of the stolen merchandise was estimated to be about $13,000, the police spokesman said.  silive.com

Saginaw, MI: Collectible sneaker store loses thousands in burglary
A store that sells high-value collectible sneakers is back open days after it was burglarized. "A lot of these items, they're not cheap one, and two, they're very difficult to get," said owner of Kingdom Kicks Don Evans, Jr. $8,000 worth of merchandise was taken in the snatch and grab robbery in Saginaw Township. Police responded to an alarm early Sunday at Kingdom of Kicks on Bay Road just south of Tittabawassee. The burglars used a sledgehammer to break in through the front door. Evans says they weren't able to get their hands on much, but the items they did grab were high value. wnem.com

Woodbridge, VA: Woman arrested for robbing beauty store in Prince William County
A woman is in custody accused of robbing a beauty supply store in Prince William County, as police continue the search for two other suspects in the case. According to Prince William County Police, the incident happened at the Beauty 4 U store located at 2542 Prince William Parkway in Woodbridge on June 15. Police say three suspects entered the store, and began taking items off the store's shelves. The suspects then were confronted by a store employee as they tried to flee the store. During the confrontation, police say, one of the suspects pepper sprayed the employee. The employee was treated at a hospital for non-life-threatening injuries. fox5dc.com

DOJ: Albany, NY: RGIS /WIS employees stole drugs from NY stores: $158,000 in restitution
RGIS LLC (RGIS) and its affiliated company, Retail Services WIS Corporation (WIS), agreed to pay $158,760 to resolve allegations that they caused violations of the Controlled Substances Act. RGIS and WIS employees were accused of stealing controlled substances from pharmacies in upstate New York and throughout the United States. As part of the settlement, the two companies are changing their policies to require a more thorough vetting of employees assigned to inventory pharmacies nationwide. The announcement came Thursday from Carla B. Freedman, the United States Attorney for the Northern District of New York, and Frank A. Tarentino III, Special Agent in Charge of the U.S. Drug Enforcement Administration (DEA), New York Division. news10.com

Moore, OK: Woman uses fraudulent credit card, spends $2,000 on products in Best Buy