Security Monitoring News, Analysis, Discussion, & Community

IW Home

Advertise With Us

About Us

Digital Subscription

Analytics // Security Monitoring

News & Commentary

Be Careful Beating Up Target

Craig Carpenter, Chief Cybersecurity Strategist, AccessData

Commentary

Target was actually better prepared than most retailers. The real problem lies with the current state of industry threat intelligence and IR practices.

By Craig Carpenter Chief Cybersecurity Strategist, AccessData, 4/1/2014

13 comments | Read | Post a Comment

Latest Comment: GonzSTL, @JamesR010: I am well aware of the compliance vs secure scenario, as well as...

Incident Response Now Shaping Security Operations

Kelly Jackson Higgins, Senior Editor, Dark Reading

News

How an organization reacts to hackers infiltrating its network is becoming the key to damage control for data -- and the corporate image.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/28/2014

4 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, @andrewboon2739 I noticed that McGladrey is a provider of accounting,...

Attacks Rise On Network 'Blind' Spot

News

Interop speaker says DDoS attacks are not the only forms of abuse on the Domain Name Server.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/27/2014

4 comments | Read | Post a Comment

Latest Comment: FilipeCifali, This considering that NTP monlist is a old and it's already patched. NTP can...

Symantec Fires CEO In Surprise Move

News

Analysts question security and storage giant's turnaround after the board fires its second CEO in two years.

By Mathew J. Schwartz , 3/21/2014

10 comments | Read | Post a Comment

Latest Comment: Mathew, Thanks for the catch. Yes, Salem was group president at the time of the Symantec...

Will Target Face FTC Probe?

News

Retailer's security practices remain under scrutiny as regulators ponder FTC investigation. Meanwhile, Sony options rights to Hollywood cyber-thriller based on breach story.

By Mathew J. Schwartz , 3/20/2014

9 comments | Read | Post a Comment

Latest Comment: asksqn, Since the FTCs fact pattern has been to function as little more...

Many Businesses Fail To Disclose Data Breaches

News

Only about 35% of businesses worldwide say they share attack and threat information with others in their industry, even though 77% admit to suffering from a cyberattack.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/19/2014

2 comments | Read | Post a Comment

Latest Comment: Stratustician, The problem is that there is such a stigma attached with being breached (rightfully...

Linux Takeover Artists Fling 35M Spam Messages Daily

News

"Operation Windigo" server takeover campaign controls 10,000 hacked servers, launches millions of spam, malware, and drive-by exploit kit attacks per day.

By Mathew J. Schwartz , 3/19/2014

0 comments | Read | Post a Comment

Attackers Hit Clearinghouse Selling Stolen Target Data

News

Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers.

By Mathew J. Schwartz , 3/18/2014

4 comments | Read | Post a Comment

Latest Comment: MarkS229, Actually, his real name was Alf, but it doesn't have the same ring to it...

7 Behaviors That Could Indicate A Security Breach

News

Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.

By Becca Lipman , 3/14/2014

1 Comment | Read | Post a Comment

Latest Comment: pfretty, It's crucial to pay close attention to the warning signs. According to the...

Target Ignored Data Breach Alarms

News

Target's security team reviewed -- and ignored -- urgent warnings from threat-detection tool about unknown malware spotted on the network.

By Mathew J. Schwartz , 3/14/2014

21 comments | Read | Post a Comment

Latest Comment: rradina, It certainly does. My last employer has been using it since ~2004/5 --...

Retail Industry May Pool Intel To Stop Breaches

News

Target and other shopper-data breaches turn up the heat on retail industry to establish a cyberthreat Information-Sharing and Analysis Center.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/12/2014

2 comments | Read | Post a Comment

Latest Comment: Thomas Claburn, Heartland Payment Systems began working with the Financial Services Information...

Can We Control Our Digital Identities?

Mark Bregman, Senior Vice President & Chief Technology Officer, Neustar

Commentary

The web and cloud need an identity layer for people to give us more control over our sprawling digital identities.

By Mark Bregman Senior Vice President & Chief Technology Officer, Neustar, 3/11/2014

4 comments | Read | Post a Comment

Latest Comment: David F. Carr, Love the comparison with banks.

Target CIO's Resignation: 7 Questions

News

After the data breach, why didn't the buck stop with PCI assessors or CEO? Search for accountability reveals flawed system, much finger-pointing.

By Mathew J. Schwartz , 3/6/2014

10 comments | Read | Post a Comment

Latest Comment: Laurianne, Who would you put in charge of security if not the CIO?

Target Starts Security, Compliance Makeover

News

With CIO departing, security and compliance get a higher profile at the beleaguered retailer in the wake of its massive data breach.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/6/2014

0 comments | Read | Post a Comment

Data Breach: ‘Persistence’ Gives Hackers the Upper Hand

Martin Lee, Technical Lead, Threat Research, Analysis & Communications, Cisco

Commentary

Hackers are winning on speed and determination. But we can stack the odds in our favor by shifting the time frames of an attack. Here's how.

By Martin Lee Technical Lead, Threat Research, Analysis & Communications, Cisco, 3/5/2014

2 comments | Read | Post a Comment

Latest Comment: MartinL923, As Stephen Colbert pointed out at RSA, the NSA showed how an organisation with...

Fresh Target Breach Cards Hitting Black Market

News

A Bitcoin-powered marketplace is selling stolen card data in small batches, offering card validity guarantees, an RSA presentation reveals.

By Mathew J. Schwartz , 2/28/2014

15 comments | Read | Post a Comment

Latest Comment: Brian.Dean, That's an excellent question: upgrade to what? Some of the most secure forms...

DDoS Attack! Is Regulation The Answer?

Commentary

Four security experts weigh in on why there’s been little progress in combating DDoS attacks and how companies can start fighting back.

By Dave Piscitello VP Security, ICANN, 2/28/2014

9 comments | Read | Post a Comment

Latest Comment: davepiscitello, Regulation could come in the form of procurement requirements imposed on ISPs;...

IBM Software Vulnerabilities Spiked In 2013

News

Most code flaws still involve non-Microsoft products, and overall patching speed has improved, study presented at RSA conference finds.

By Mathew J. Schwartz , 2/27/2014

3 comments | Read | Post a Comment

Latest Comment: J_Brandt, I like your airplane analogy! :) But yes, credit to Microsoft for doing a good...

RSA Chairman: NSA Work Is 'Public Record'

News

Art Coviello calls for global intelligence community reforms, says RSA's work with NSA was never secret.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 2/26/2014

0 comments | Read | Post a Comment

Windows Crash Reports Reveal New APT, POS Attacks

News

Researchers discover zero-day attacks after studying the contents of various "Dr. Watson" error reports.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 2/20/2014

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by GonzSTL

@JamesR010: I am well aware of the compliance vs secure scenario, as well as the Heartland situation. I also have seen firsthand how kiosks, ATMs, etc. run imbedded XP in admin mode. I have seen horrible security...

In reply to: Re: It's Windows, Stupid!
Post Your Own Reply

Posted by JamesR010

@GonzSTL : They were "certified" by Trustwave, and being "in compliance" does NOT equal being secure. Trustwave doesn't have a good track record of certifying compliance (see Heartland Payment Systems fiasco of a few years...

In reply to: Re: It's Windows, Stupid!
Post Your Own Reply

Posted by LucasErratus

Blame the victim? When banks get robbed, do we blame their security? This would only happen if there was gross negligence such as leaving cash out unsupervised. I know firsthand that the hacking groups breaching larger...

In reply to: Target was a victim
Post Your Own Reply

Posted by GonzSTL

We don't actually know if Target's POS systems were not updated or had malware protection. We do know that they were PCI sertified immediately prior to the breach, so I'd like to think that their ASV or whomever certified...

In reply to: Re: It's Windows, Stupid!
Post Your Own Reply

Posted by JamesR010

Agreed. Most of these PoS systems (PoS - lol) run WinXP in admin mode, are not patched properly, and may not even have AV locally. However, most of the fault is still on Target's C executives for dropping the ball on sec...

In reply to: Re: It's Windows, Stupid!
Post Your Own Reply

Posted by speshul

I think the problem would be prevelant in any mainstream operating system used globally for companies and most households. If MAC OSX was the number 1 used operating system at companies and in homes, then we would be saying...

In reply to: Re: It's Windows, Stupid!
Post Your Own Reply

Posted by Jaludi

While Target and many others performed only 95% of their due diligence, that still doesn't exonerate them or anyone else that's still vulnerable. Automated event detection, correlation and the elimination of irrelevant...

In reply to: Being wrong with other company doesn't exonerate anyone
Post Your Own Reply

Posted by eaglei52

With failure to wall-off its payment systems from the rest of its corporate network, through which hackers were able to gain access to payment details, Target effectively lost access control to it's systems. They may not...

In reply to: Defense in Depth...
Post Your Own Reply

Posted by Marilyn Cohodas

"Whenever you bring budgets into the security mix, you get into this discussion about not being the "low hanging fruit." That is such a short-sighted point view! Perhaps if Target had a dedicated CISO in it's...

In reply to: "low hanging fruit".
Post Your Own Reply

Posted by Marilyn Cohodas

@andrewboon2739 I noticed that McGladrey is a provider of accounting, tax and consulting services. What are some of the principal threats and vulnerabilities you are seeing in your industry? And what are some of the...

In reply to: Re: Two common Web application attacks illustrate security concerns.
Post Your Own Reply

Posted by andrewboon2739

Interesting article. Hackers frequently gain access to important data using flaws in IT security systems and injecting malwares into web applications. Organization should conduct regular security maintenance and testing...

In reply to: Two common Web application attacks illustrate security concerns.
Post Your Own Reply

Posted by AccessServices

i donot know anyone that works for target corporate; however,i've talked with people that know alot about how target manages security andthey have all said that target was much better than most. whenever you bring...

In reply to: Why Target and What to Do
Post Your Own Reply

More Conversations

Products & Releases

North Kansas City Hospital Deploys SenSage's SIEM Solution

More Products & Releases

Live Events

Webinars

More UBM Tech
Live Events

Enterprise Connect Lync Tour

Tower & Small Cell Summit

White Papers

Five Steps to Prepare for a DDoS Attack

Key Components Of Your Resiliency Strategy

Windows XP End of Life Handbook for Upgrade Latecomers

Server Security: A Reality Check

Endpoint Buyers Guide

More White Papers

Flash Poll

All Polls

Current Issue

Dark Reading April 2014

Download This Issue!

Subscribe Now!

Back Issues | Must Reads

Video

What Next-Gen Security Looks Like

8 Comments

All Security Monitoring Videos

Slideshows

Slide Show: 20 Security Startups To Watch

2 comments | Read | Post a Comment

10 Free Or Low-Cost Network Discovery And Mapping Tools

0 comments

Slide Show: 8 Effective Data Visualization Methods For Security Teams

0 comments