Be Careful Beating Up Target

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

<< < Page 2 / 2

100%

Duane T,
User Rank: Apprentice
4/1/2014 | 12:13:32 PM

False premise of manual processes

Target was certified via PCI DSS in September, so some might believe that they were doing what was necessary to secure their data. Unfortunately, Compliance ≠ Security, and malware detection is like a red flashing light and siren. If you do nothing about it, all you can say is that you were warned.

That's why it's about time that these companies all invested in automated incident response systems that lock down a detected threat. What's odd in this situation is that FireEye has an entire "mitigation" partner page for this on their website, and Target did not use any of them. Think about it - if they used automated detection tools, why not use automated incident response tools that reduce manual tasks and eliminate human error? This doesn't have to be that complicated.

Wait, in a few seconds I found NetCitadel, Bradford Networks, and ForeScout as mitigation options.

Reply | Post Message | Messages List | Start a Board

100%

marcelbrown,
User Rank: Apprentice
4/1/2014 | 11:43:41 AM

It's Windows, Stupid!

Target was better prepared than most of the industry, yet they still couldn't shake the one simple, inherent weakness that most of the industry still chooses to ignore - Microsoft Windows.

Until companies get serious about moving away from Windows, they aren't really serious about security. You can't be serious about protecting your company and your customers if you build your information technology infrastructure on top of a foundation that is full of security holes.

Sure, let's not blame Target because they seemed to do almost everything right - except the choice of their core technology.

Reply | Post Message | Messages List | Start a Board

100%

speshul,
User Rank: Strategist
4/1/2014 | 9:52:31 AM

Seriously?

So we're supposed to take it easy on Target because other companies are just as bad? That's the most insane thing I've ever heard. So because other companies are just as bad at protecting our sensitive personal information, we should be nice?

We should be crucifying every last one of them. I can guarantee that all of these companies have I.T. teams that warn them about these problems, but the companies choose to ignore them due to budget or other reasons. Just like Target had been warned by it's team.

But yet, we are supposed to go easy on them. Because clearly Target's credit was screwed over right? Their negligence for their customers' information in some way hurt them financially right?! WRONG. The customers were the ones who lost in this, all because of corporate greed.

CRUCIFY THEM ALL!

Reply | Post Message | Messages List | Start a Board

<< < Page 2 / 2

Hot Topics

Editors' Choice

Webinars

Securing and Monitoring Networks in the 'New Normal'

The Failures of Static DLP and How to Protect Against Tomorrow's Email Breaches

How Elite Analyst Teams are Transforming Security with Cyber Reconnaissance

Webinar Archives

White Papers

Centralized Security Policy Management Across Hybrid Cloud Environments Should be an Obvious Strategy

The Value of Threat Intelligence

2020 Threat Hunting Report

A Practical Guide to SASE Migration

2020 SANS Enterprise Cloud Incident Response Survey

More White Papers

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: Your password expired and you have been locked out of your machine. Give me your new 2FA code to continue.

Cartoon Archive

Current Issue

2020: The Year in Security

Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Assessing Cybersecurity Risk in Today's Enterprises

COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.

Download Now!

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

Building an Effective Cybersecurity Incident Response Team

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-12512
PUBLISHED: 2021-01-22

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting

CVE-2020-12513
PUBLISHED: 2021-01-22

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.

CVE-2020-12514
PUBLISHED: 2021-01-22

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd

CVE-2020-12525
PUBLISHED: 2021-01-22

M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.

CVE-2020-12511
PUBLISHED: 2021-01-22

Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]