Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Target Breach: 5 Unanswered Security Questions
Oldest First  |  Newest First  |  Threaded View
<<   <   Page 2 / 2
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Apprentice
1/23/2014 | 6:34:37 AM
Re: PIN numbers
If all card holders were as quick as you to setup email alerts and notifications then it would become a losing game right from the beginning for anyone to steal information. Unfortunately, I feel that the vast majority of the 40 million affected are not looking into security best practices. This creates a need for financial firms to increase their standards. 
David F. Carr
50%
50%
David F. Carr,
User Rank: Strategist
1/24/2014 | 10:03:02 AM
Why Bell Sports?
What would make you think the Bell Sports hack might be related? I'd think the fact that those were web transactions would put it in a different category than POS transactions.
Mathew
50%
50%
Mathew,
User Rank: Apprentice
1/24/2014 | 10:19:50 AM
Re: Why Bell Sports?
Timing. That's the primary suggestion they might be related, and it may be a stretch. Because yes, it wasn't a POS-data-focused hack.

But don't forget that Target also lost 70 million customers' names, email addresses, and other personal information. That didn't come from POS data streams, which suggests that hackers may have gained access to more than just the payment processing servers.

Then again, different gangs may have taken down each of the retailers mentioned in the story. Investigators have yet to say.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34798
PUBLISHED: 2021-09-16
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-36160
PUBLISHED: 2021-09-16
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
CVE-2021-39208
PUBLISHED: 2021-09-16
SharpCompress is a fully managed C# library to deal with many compression types and formats. Versions prior to 0.29.0 are vulnerable to partial path traversal. SharpCompress recreates a hierarchy of directories under destinationDirectory if ExtractFullPath is set to true in options. In order to prev...
CVE-2021-39214
PUBLISHED: 2021-09-16
mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of ano...
CVE-2021-39239
PUBLISHED: 2021-09-16
A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.