Target breach started from email

According to Brian Krebs the compromise of Target’s POS system probably originated with a phishing attack against one of Target’s vendors. This attack compromised credentials of the HVAC vendor and possibly allowed the hackers entrance into Target’s systems.
Interestingly, Brian mentions Ariba, a company I’ve been forced to deal by a large customer of ours. I’m not sure if there really is an attack vector where a vendor can get access through Ariba to the internal systems of the customers. However, my experience with Ariba has been frustrating and problematic, so I’ll be happy to believe their security is as broken as their email.
Email is a great way to interact with people and companies. It’s great for growing communities and businesses. But it is also a way for attackers to get access to your computer and the websites you interact with. Protect yourself, and your company, by running security software. And, please, don’t open attachments or click on links in emails and provide usernames and passwords.

LinkedIn shuts down Intro product
M3AAWG conference next week

Related Posts

Target "acquires data"

It was our priority to inform as many guests as quickly as possible. Relevant emails were pulled from a variety of sources.
@AskTarget

Read More

Is any data safe?

Today another major retailer announced their customer files were compromised. This company had clearly implemented some security that kept hackers from getting too much information. Passwords were hashed and credit card numbers were kept on a separate server, which does signal that the company designed with security in mind. Nevertheless, personal information was compromised.
Is there anyway to keep information safe if it’s accessible from the internet? Some of my uber-security conscious friends would say no. I am beginning to believe them.

Read More

CNN warns about Target copy-cat phishes

Target did indeed do a blast to customers to offer one year of free credit monitoring. The problem is scammers are also on the prowl and are sending out similar emails.
Target even says it has identified and stopped at least 12 scams preying on consumers via email, Facebook and other outlets.CNN: Did you get an email from Target?

Read More