New details about Target breach come to light
Posted on 30 January 2014.
As data dumps of cards stolen in the Target breach continue to be sold on underground cybercrime forums, and the stolen information is being used to perform unauthorised payments, US Attorney General Eric Holder has stated the Department of Justice is "committed to working to find not only the perpetrators of these sorts of data breaches – but also any individuals and groups who exploit that data via credit card fraud."


The investigation of the Target breach is still ongoing, and the company has understandably tight-lipped about the details of the attack, but they shared that the hackers have been able to enter the company's system by leveraging credentials stolen from a vendor.

Naturally, they haven't mentioned the name of the vendor in question, and they didn't say for which portal the credentials were for, but it's probably not a coincidence that Target limited access to the suppliers' database (Info Retriever) and their human resources website (eHR) last week.

In the meantime, Brian Krebs has been doing some sleuthing and has been patching together clues, and believes that the attackers probably discovered that Target used a particular piece of software that had an administrator-level user account with a default password know to them, and misused it to set up a control server within Target’s internal network so that the stolen card data could be collected in one place before getting exfiltrated.

He reports that the Dell SecureWorks' Counter Threat Unit has also discovered that one component of the malware installed itself as a service called “BladeLogic." The name was obviously chosen to mimic the name of an automation software created by BMC, the same company that sells the IT management software suite mentioned in the paragraph above.

While BMC has declined to say whether Target uses its software, a trusted source confirmed to Krebs that many US retailers do.










Spotlight

Almost 1 in 10 Android apps are now malware

Posted on 28 July 2014.  |  Cheetah Mobile Threat Research Labs analyzed trends in mobile viruses for Q1 and Q2 of 2014. Pulling 24.4 million sample files they found that 2.2 million files had viruses. This is a 153% increase from the number of infected files in 2013.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Jul 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //