Brian Krebs reports: The breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation. Read more on KrebsOnSecurity.com
Category: Malware
Statement on Target data breach by HVAC vendor Fazio Mechanical Services
Statement on Target data breach Fazio Mechanical Services, Inc. places paramount importance on assuring the security of confidential customer data and information. While we cannot comment on the on-going federal investigation into the technical causes of the breach, we want to clarify important facts relating to this matter: Fazio Mechanical does not perform remote monitoring…
NC: Cryptolocker scambles US law firm’s entire cache of legal files
John E. Dunn reports: A small US law firm has bravely admitted losing its entire cache of legal documents to the Cryptolocker Trojan despite attempting to pay the $300 (£180) ransom in a bid to have them unscrambled. According to TV reports, Goodson’s law firm in the North Carolina state capital Charlotte [The Law Offices of Paul M. Goodson, P.C.] became the…
Target’s “Second-Rate” Fix for Hacking Victims May Leave Customers Vulnerable
Dana Liebelson discusses a concern that has been raised here and elsewhere – that Target negotiated a credit-monitoring deal with Experian that only includes Experian’s own database and not the Equifax and TransUnion databases as well. Read her report on Mother Jones.
Hundreds of Canadian credit cards hacked by infected terminals, firm warns
Tu Thanh Ha reports: A new strain of computer malware infecting payment card terminals in restaurant and gas station has compromised nearly 700 credit cards in Canada, a computer security firm says. The viral code, JackPOS, infects point-of-sales terminals, a security breach similar to other highly publicized recent cases that struck victims such as the…
Target breach happened because of a basic network segmentation error
Following up on Brian Kreb’s report that attackers were able to get to Target’s payment card system after compromising the login credentials of HVAC contractor Fazio Mechanical Services,, Jaikumar Vijayan gets responses and comments from several experts on what appears to be Target’s failure to properly segment its network. You can read his article on Computerworld.