Sources: Target Investigating Data Breach

TheKid7 · Jan 14, 2014

Target is offering one year of Experian Credit Monitoring for $0.

https://creditmonitoring.target.com/

ronjor · Jan 15, 2014

A First Look at the Target Intrusion, Malware

Last weekend, Target finally disclosed at least one cause of the massive data breach that exposed personal and financial information on more than 110 million customers: Malicious software that infected point-of-sale systems at Target checkout counters. Today’s post includes new information about the malware apparently used in the attack, according to two sources with knowledge of the matter.
Click to expand...

http://krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/

Rmus · Jan 16, 2014

Thanks, Ron.

This commenter's question is also mine:

My only question was this a malware infection by way of spear phishing which then infected the server. Or did the point of sale device get physically compromised by malware by a employee , USB thumb-drive , clone. device or some other type of social engineering . which then spread by way of the VPN network to the server and other P.O.S in other stores?
Click to expand...

----
rich

lotuseclat79 · Jan 16, 2014

Point-of-sale malware infecting Target found hiding in plain sight.

KrebsOnSecurity's Brian Krebs uncovers "memory-scraping" malware on public site.
Click to expand...

-- Tom

siljaline · Jan 16, 2014

Target Confirms Point-of-Sale Malware Was Used in Attack

According to Target Chairman and CEO Gregg Steinhafel, point-of-sale (POS) malware was used in the recent attack that compromised millions of credit and debit card account numbers of customers across the country.
Click to expand...

http://www.securityweek.com/target-confirms-point-sale-malware-was-used-attack See also: U.S. government warns merchants on methods used by Target hackers

(Reuters) - The U.S. government has provided merchants with information gleaned from its confidential investigation into the massive data breach at Target Corp in an effort to help them thwart similar attacks. The Department of Homeland Security on Thursday privately released an analysis of advanced malicious software and techniques threatening merchants in a report titled "Indicators for Network Defenders."
Click to expand...

http://www.reuters.com/article/2014/01/16/us-target-databreach-warning-idUSBREA0F1N920140116

ronjor · Jan 16, 2014

A Closer Look at the Target Malware, Part II

siljaline · Jan 17, 2014

Target to testify before U.S. House of Representatives after hackers steal credit card info for up to 110M customers

siljaline · Jan 17, 2014

Researchers find new PoS malware written in VBScript

In the wake of a large-scale attack on point-of-sale (PoS) systems at retailer Target, new malware designed to steal payment card data from the sales systems was released earlier this month.

Security researchers from cybercrime intelligence firm IntelCrawler identified a PoS RAM (random access memory) scraping program dubbed Decebal that they believe was released on Jan. 3. The release shows that cybercriminals are increasingly interested in launching this type of attack.
Click to expand...

http://www.cso.com.au/article/536213/researchers_find_new_pos_malware_written_vbscript/

Dermot7 · Jan 17, 2014

IntelCrawler: "17-years-old teenager is the author of BlackPOS/Kaptoxa malware (Target), several other breaches may be revealed soon"

(Reuters) - The cyber security firm IntelCrawler said on Friday it has uncovered at least six ongoing attacks at merchants across the United States whose credit card processing systems are infected with the same type of malicious software used to steal data from some 40 million credit cards at Target Inc.
Click to expand...

http://www.reuters.com/article/2014/01/17/us-target-databreach-idUSBREA0G18P20140117

hawki · Jan 17, 2014

Target Got Hacked Hard in 2005. Here’s Why They Let It Happen Again

"A gang of shadowy hackers tears through the systems of big-box retailers, making off with millions of credit and debit card numbers in a matter of weeks and generating headlines around the country.

Target and Neiman Marcus last week? Nope. This oh-so-familiar attack occurred in 2005.

That’s when Albert Gonzalez and cohorts – including two Russian accomplices — launched a three-year digital rampage through the networks of Target, TJ Maxx, and about half a dozen other companies, absconding with data for more than 120 million credit and debit card accounts. Gonzalez and other members of his team eventually were caught; he’s serving two concurrent sentences for his role, amounting to 20 years and a day in prison, but the big-box breaches go on.

The latest string of hacks attacking Target, Neiman Marcus, and others raise an obvious question: How is it that nearly a decade after the Gonzalez gang pulled off its heists, little has changed in the protection of bank card data?

.......

But Target’s latest misfortune should surprise to no one — least of all Target. The security measures that Target and other companies implement to protect consumer data have long been known to be inadequate. Instead of overhauling a poor system that never worked, however, the card industry and retailers have colluded in perpetuating a myth that they’re doing something to protect customer data — all to stave off regulation and expensive fixes.\

“It’s a big failure of the whole industry,” says Gartner analyst Avivah Litan. “This is going to keep getting worse, and this was totally predictable a few years ago and no one did anything. Everyone got worked up, and no one did anything.”
Click to expand...

More Here:

http://www.wired.com/threatlevel/2014/01/target-hack/

...

ronjor · Jan 17, 2014

Everyone Thinks This Target Email Is A Scam

Hayley Peterson

Millions of people have gotten a suspicious email from Target in the last couple days informing them that their personal information may have been stolen in the recent data breach.

The email offers customers a year of free credit monitoring through Experian, which includes identity theft insurance.

That sounds great, except no one trusts that the email is actually from Target. Here's why:
Click to expand...

http://www.businessinsider.com/target-email-scam-2014-1

siljaline · Jan 17, 2014

Target breach notifications are a perfect example of what not to do

Hopefully your company will never be the victim of a massive data breach. If it is, though, and customer data is compromised, make sure you don’t follow Target’s lead when it comes to notifying customers. Target’s customer notification efforts are wrong on almost every level.

Customers are conditioned to not click on links in email messages. In the wake of a massive data breach like Target experienced, phishing scams often try to exploit the heightened awareness by sending out emails that look very legitimate.
Click to expand...

http://www.pcworld.com/article/2089...-are-a-perfect-example-of-what-not-to-do.html

siljaline · Jan 20, 2014

Target Got Hacked Hard in 2005. Here’s Why They Let It Happen Again
http://www.wired.com/threatlevel/2014/01/target-hack/

A gang of shadowy hackers tears through the systems of big-box retailers, making off with millions of credit and debit card numbers in a matter of weeks and generating headlines around the country.

Target and Neiman Marcus last week? Nope. This oh-so-familiar attack occurred in 2005.
Click to expand...

siljaline · Jan 20, 2014

Russian teen misidentified in Target breach, expert says.

A Russian teenager was incorrectly fingered as the source of malicious software used to steal 70 million Target customers' credit card numbers, security expert Brian Krebs told FoxNews.com -- but he may not be off the hook just yet.

Californian cyber security firm IntelCrawler identified a 17-year-old on Friday and said he had "roots" in St. Petersburg, Russia and goes by the online nickname "ree4." The name of the youth, Sergey Tarasov, was widely picked up in media reports. But in an update to its report released Monday, IntelCrawler said another author crafted the code.
Click to expand...

http://www.foxnews.com/tech/2014/01/20/russian-teen-misidentified-in-target-breach/

Cutting_Edgetech · Jan 20, 2014

Its can be expensive investing in solid security professionals, and innovative security software. That expense is nothing though compared to the expense malware can cause in damage control, and lawsuits! That's not to mention the PR nightmare of trying to rebuild your companies good name. It can take years to build a good name for one's self, and only a day to tear it down.

siljaline · Jan 24, 2014

Point of Sale Malware Campaigns Targeting Credit and Debit Cards | Inside Recent Point-of-Sale Malware Campaign Activities
http://www.arbornetworks.com/asert/...e-campaigns-targeting-credit-and-debit-cards/

-http://www.arbornetworks.com/asert/wp-content/uploads/2013/12/Dexter-and-Project-Hook-Break-the-Bank.pdf-

• Special thanks: ESET Bratislava for this.

ronjor · Jan 24, 2014

Target Breach Has Cost Credit Unions Nearly $30 Million: Association

By Mike Lennon on January 23, 2014

According to a preliminary report from the Credit Union National Association (CUNA), credit unions across the nation have so far incurred nearly $30 million in costs as a result of the massive data breach that hit Target Corp. between late November and mid-December.
Click to expand...

http://www.securityweek.com/target-breach-has-cost-credit-unions-nearly-30-million-association

siljaline · Jan 26, 2014

FBI warns retailers to prepare for more cyber-attacks in wake of Target breach
http://www.theguardian.com/world/2014/jan/23/fbi-warns-retailers-cyber-attacks-target-breach

Dermot7 · Jan 29, 2014

New Clues in the Target Breach

siljaline · Jan 31, 2014

Tor-enabled malware stole credit card data from PoS systems at dozens of retailers

Payment card data was stolen during the past three months from several dozen retailers that had their point-of-sale systems infected with a memory-scraping malware program called ChewBacca.

The cybercriminal operation was investigated by antifraud researchers from RSA, the security division of EMC, who analyzed the malware and its command-and-control infrastructure.
Click to expand...

http://www.pcworld.com/article/2093...-from-pos-systems-at-dozens-of-retailers.html

Dermot7 · Jan 31, 2014

The breach at Target stores that may have affected as many as 40 million credit and debit card account holders is a watershed moment that could greatly raise awareness of cybersecurity risks, says privacy attorney David Navetta.

"It's a watershed moment because of the high-profile nature of the Target and the size of the breach," says Navetta, a partner at the Information Law Group. "... It will raise [breach] awareness because people often think of hacking situations online or losing your credit card information at e-commerce sites. But now, here we have a situation where people are physically going into the store, using their card ... and their data is being taken."
Click to expand...

http://www.bankinfosecurity.com/target-breach-watershed-event-a-6459

lotuseclat79 · Feb 1, 2014

How Difficult Is Your Maze? How To Be A 'Hard Target'.

-- Tom

TheKid7 · Feb 2, 2014

Another article on the ‘ChewBacca’ Trojan:

Star Wars’ most loyal copilot has gone to the dark side on our side of the galaxy, as Malware operating under the name ‘ChewBacca’ has stolen data on 49,000 payment cards from 45 retailers in 11 countries over a two month span...........
Click to expand...

http://rt.com/news/us-chewbacca-trojan-victims-522/

siljaline · Feb 4, 2014

Senators Introduce Bill to Protect Against Data Breaches

Following the recent major breaches at numerous US retail companies, four leading Democrat senators have introduced new legislation, the Data Security and Breach Notification Act, designed to charge the FTC with developing 'robust but flexible' security rules that would be required of all businesses that hold consumers' personal information.
Click to expand...

http://www.infosecurity-magazine.co...roduce-bill-to-protect-against-data-breaches/

Dermot7 · Feb 4, 2014

Ever since news broke that thieves stole more than 40 million debit and credit card accounts from Target using a strain of Point-Of-Sale malware known as BlackPOS, much speculation has swirled around unanswered questions, such as how this malware was introduced into the network, and what mechanisms were used to infect thousands of Target’s cash registers.
Click to expand...

https://krebsonsecurity.com/2014/02/these-guys-battled-blackpos-at-a-retailer/

Log in or Sign up

Sources: Target Investigating Data Breach

TheKid7 Registered Member

ronjor Global Moderator

Rmus Exploit Analyst

lotuseclat79 Registered Member

siljaline Registered Member

ronjor Global Moderator

siljaline Registered Member

siljaline Registered Member

Dermot7 Registered Member

hawki Registered Member

ronjor Global Moderator

siljaline Registered Member

siljaline Registered Member

siljaline Registered Member

Cutting_Edgetech Registered Member

siljaline Registered Member

ronjor Global Moderator

siljaline Registered Member

Dermot7 Registered Member

siljaline Registered Member

Dermot7 Registered Member

lotuseclat79 Registered Member

TheKid7 Registered Member

siljaline Registered Member

Dermot7 Registered Member

Log in or Sign up

Sources: Target Investigating Data Breach

TheKid7 Registered Member

ronjor Global Moderator

Rmus Exploit Analyst

lotuseclat79 Registered Member

siljaline Registered Member

ronjor Global Moderator

siljaline Registered Member

siljaline Registered Member

Dermot7 Registered Member

hawki Registered Member

ronjor Global Moderator

siljaline Registered Member

siljaline Registered Member

siljaline Registered Member

Cutting_Edgetech Registered Member

siljaline Registered Member

ronjor Global Moderator

siljaline Registered Member

Dermot7 Registered Member

siljaline Registered Member

Dermot7 Registered Member

lotuseclat79 Registered Member

TheKid7 Registered Member

siljaline Registered Member

Dermot7 Registered Member

Useful Searches