New details about Target breach come to light
Posted on 30 January 2014.
As data dumps of cards stolen in the Target breach continue to be sold on underground cybercrime forums, and the stolen information is being used to perform unauthorised payments, US Attorney General Eric Holder has stated the Department of Justice is "committed to working to find not only the perpetrators of these sorts of data breaches – but also any individuals and groups who exploit that data via credit card fraud."


The investigation of the Target breach is still ongoing, and the company has understandably tight-lipped about the details of the attack, but they shared that the hackers have been able to enter the company's system by leveraging credentials stolen from a vendor.

Naturally, they haven't mentioned the name of the vendor in question, and they didn't say for which portal the credentials were for, but it's probably not a coincidence that Target limited access to the suppliers' database (Info Retriever) and their human resources website (eHR) last week.

In the meantime, Brian Krebs has been doing some sleuthing and has been patching together clues, and believes that the attackers probably discovered that Target used a particular piece of software that had an administrator-level user account with a default password know to them, and misused it to set up a control server within Target’s internal network so that the stolen card data could be collected in one place before getting exfiltrated.

He reports that the Dell SecureWorks' Counter Threat Unit has also discovered that one component of the malware installed itself as a service called “BladeLogic." The name was obviously chosen to mimic the name of an automation software created by BMC, the same company that sells the IT management software suite mentioned in the paragraph above.

While BMC has declined to say whether Target uses its software, a trusted source confirmed to Krebs that many US retailers do.










Spotlight

Staples customers likely the latest victims of credit card breach

Posted on 21 October 2014.  |  Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //