Top Stories

Update: Retail Breaches Spread. Point of Sale Malware A Suspect.

Reuters is reporting on Monday that the recently disclosed hack of box store retailer Target Inc. was just one of a series of attacks against U.S. retailers, including Target, the luxury department store Neiman Marcus and other, as-yet-unnamed companies.* The story adds to other, recent revelations, including the breach at Neiman Marcus, which was first disclosed by the security blog Krebsonsecurity.com on Friday. Also on Monday, Target CEO Gregg Steinhafel confirmed that his company was the victim of malicious software installed on point of sale (PoS) systems at the store. According to the Reuters report, Target Corp and Neiman Marcus are just two retailers whose networks were breached over the holiday shopping season. The story cites unnamed sources “familiar with attacks,” which have yet to be publicly disclosed. Breaches of “at least three other well-known U.S. retailers took place and were conducted using similar techniques as the one on Target,” according […]

Continue Reading

Week In Security: More Target Woes and CES

It was another eventful week in security, with another big revelation in the story of a hack of box retailer Target Inc. That update – which accompanied Target’s fourth quarter earnings guidance – nearly doubled the number of known victims of that attack. It also revealed that credit card data was not the only information stolen by hackers, who also made off with customer names, mailing addresses and emails. In this latest installment of Security Ledger’s Security Week in Review, we spoke with Jody Brazil, the President of the security firm FireMon about the week’s events. Jody is a seasoned security professional who works day-in-day-out with companies that are trying to manage their risk. He said that even large companies like Target can fall victim to sophisticated attacks, but the IT security may be too quick to give up on traditional defensive technologies. Jody and I had an interesting chat about […]

Continue Reading

Target: Hack Exposed Data On 70 Million

Target provided some guidance on its fourth quarter earnings on Friday and, not incidentally, dropped another bombshell in the long-running story about the November data breach that exposed credit card information on some 40 million customers. It turns out that the credit card numbers were just the tip of a much larger iceberg. The box store retailer now claims that its investigation of that incident revealed that data on around 70 million customers was exposed, including e-mail addresses, phone numbers, mailing addresses and more. In a statement, Target said that much of the stolen data was “partial in nature,” but that it will reach out to customers whose e-mail addresses were stolen to warn them about potential fraud, including “phishing” e-mails that purport to come from Target. “I know that it is frustrating for our guests to learn that this information was taken and we are truly sorry they are […]

Continue Reading

Wolfram Floats Common Language For Internet Of Things

Amid all the “connected device” hoopla coming out of the Consumer Electronics Show (CES) this week, one of the most interesting announcements came from an unexpected corner: Wolfram Research, a maker of high-end software that is used in scientific research. On Monday, the company’s CEO, Stephen Wolfram, announced The Wolfram Connected Devices Project – an initiative that will comprise both a common catalog of connected devices and a common language to connect them. “Connected devices are central to our long-term strategy of injecting sophisticated computation and knowledge into everything,” Wolfram said. “With the Wolfram Language we now have a way to describe and compute about things in the world. Connected devices are what we need to measure and interface with those things.” Wolfram’s short-term goal is to begin cataloging IoT devices and making those devices ‘searchable’ via its Wolfram Alpha web portal – what the company describes as a ‘computational […]

Continue Reading

Siemens Patches Holes In Industrial Control Switch

A security researcher discovered two, serious security holes in a switch by Siemens that could allow an attacker to hijack industrial control system hardware that is heavily used by energy and transportation firms, among others. IOActive, a security consulting firm in Seattle, Washington, said on Thursday that Eireann Leverett, a senior security consultant, discovered two vulnerabilities in Siemens’ SCALANCE X-200 Switches. The vulnerabilities were in a web server component that provided administrators with access to features needed to configure the switches. If exploited, they would have allowed an attacker who had access to the same network as the SCALANCE switch to perform administrative actions on the devices, including updating the switch firmware and hijack active web sessions – all without needing to first log in to the device. SCALANCE is a family of Ethernet switches that connect to industrial control system (ICS) devices including programmable logic controllers (PLCs) and Human […]

Continue Reading
1 213 214 215 216