Tag Archives: Target

Defensive Security Podcast Episode 83

[1] http://krebsonsecurity.com/2014/09/home-depot-hit-by-same-malware-as-target/
[2a] http://nakedsecurity.sophos.com/2014/04/18/pci-dss-whats-new-in-v3-0/
[2b] https://www.pcisecuritystandards.org/documents/DSS_and_PA-DSS_Change_Highlights.pdf
[3] http://news.techworld.com/security/3543504/phishing-emails-fool-most-employees-but-is-this-their-problem-or-emails/
[4] https://www.nccgroup.com/en/blog/2014/09/phishing-all-you-need-is-one/
[5] http://hackerhurricane.blogspot.com/2014/09/infosec-industry-partly-responsible-for.html?m=1

Defensive Security Podcast Episode 82

http://www.databreachtoday.com/buying-cyber-insurance-5-tips-a-7250
http://www.csoonline.com/article/2600212/data-protection/why-russian-hackers-are-beating-us.html
http://www.aorato.com/labs/report/untold-story-target-attack-step-step/
http://www.csoonline.com/article/2599257/network-security/security-council-blames-breaches-on-poor-pci-standard-support.html#tk.rss_all

Defensive Security Podcast Episode 73

Advice from Bob; Acoustical covert communication channel; Researchers recreate some NSA spy tools based on catalog descriptions; Why cyber insurance is such a mess; Code Spaces hacked out of business; Reuters defaced by the Syrian Electronic Army; Aviva hacked by Heartbleed bug, or was it?

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.tripwire.com/state-of-security/top-security-stories/covert-acoustical-mesh-networks-present-new-attack-vector/
http://www.theregister.co.uk/2014/06/19/hackers_reverseengineer_nsa_spying_devices_using_offtheshelf_parts/
http://www.slate.com/articles/technology/future_tense/2014/06/target_breach_cyberinsurance_is_a_mess.html
http://www.cnbc.com/id/101770396
https://threatpost.com/hacker-puts-hosting-service-code-spaces-out-of-business/106761
https://medium.com/@FredericJacobs/the-reuters-compromise-by-the-syrian-electronic-army-6bf570e1a85b
http://www.theregister.co.uk/2014/06/23/aviva_heartbleed_hack/

Defensive Security Podcast Episode 71

Advice from Bob; SEC asks public companies to disclose more breaches; 230k IPMI devices found in Internet scan; PF Changs may have been hacked; Building network security to fail; 5 lessons from companies that get security right; Advice in responding to Anonymous threats; Bank of England announces assessment framework; Target shoppers don’t seem to be fazed by breach; Target board is under fire; Truecrypt may be coming back.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.reuters.com/article/2014/06/10/sec-cybersecurity-aguilar-idUSL2N0OR13U20140610

https://securityledger.com/2014/06/ipmi-insecurity-affects-200k-systems/

http://krebsonsecurity.com/2014/06/banks-credit-card-breach-at-p-f-changs/

http://www.forbes.com/sites/davelewis/2014/06/03/network-security-build-to-fail/

http://www.infoworld.com/d/security/5-lessons-companies-get-computer-security-right-243407

http://cyberwarzone.com/hackers-behind-oppetrol-will-attack-june-20-2014/

http://www.mondovisione.com/media-and-resources/news/bank-of-england-launches-new-framework-to-test-for-cyber-vulnerabilities/

http://www.dailyfinance.com/2014/06/05/target-data-breach-shoppers-dont-care/

http://www.startribune.com/business/261527581.html

http://www.wired.com/2014/06/bleed/

http://www.forbes.com/sites/jameslyne/2014/06/02/truecrypt-is-back-but-should-it-be/

Fuckyer: https://m.youtube.com/watch?v=2I-nudEqz7o

Defensive Security Podcast Episode 66

Advice from Bob; We have entered the post AV world; Target reboots it’s CEO; Microsoft backs down and patches IE 0day for XP; How to communicate to users in situations like the IE 0day; Results from a survey of executives on data protection; Australian real estate company has bank account hacked, advice is to stop using Internet email and Facebook on business computers; A report on Non-advanced Persistent Threats

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://online.wsj.com/news/article_email/SB10001424052702303417104579542140235850578-lMyQjAxMTA0MDAwNTEwNDUyWj
http://consumerist.com/2014/05/05/target-ceo-clocks-out-in-wake-of-data-breach/
http://blogs.technet.com/b/msrc/archive/2014/05/01/out-of-band-release-to-address-microsoft-security-advisory-2963983.aspx
http://m.slashdot.org/story/201515
http://www.networkworld.com/news/2014/043014-survey-execs-clueless-security-pros-281183.html
http://www.rebonline.com.au/breaking-news/7583-cyber-thieves-steal-50-000-from-real-estate-agency
http://www.imperva.com/docs/HII_The_Non-Advanced_Persistent_Threat.pdf

Defensive Security Podcast Episode 62

Cyber criminals operate on a budget too; 7 things you didn’t know cyber insurance covered; Security hype; Billions spent on cyber security with not a lot to show for it; Banks abandon lawsuit against Target and Trustwave; CIOs don’t know what advanced evasion techniques are; 5 tips for improving incident response.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://www.darkreading.com/vulnerabilities—threats/cyber-criminals-operate-on-a-budget-too/d/d-id/1141650
http://www.esecurityplanet.com/network-security/cyber-insurance-covers-that-7-items-you-might-not-know.html
http://www.tripwire.com/state-of-security/featured/security-meaning-hype/
http://www.smh.com.au/it-pro/security-it/billions-spent-on-cyber-security-and-much-of-it-wasted-20140403-zqprb.html
http://www.computerworld.com/s/article/9247309/Bank_abandons_place_in_class_action_suit_against_Target_Trustwave
http://news.techworld.com/security/3509357/what-are-advanced-evasion-techniques-dont-expect-cios-know-finds-mcafee/
http://www.networkworld.com/news/2014/040214-understanding-incident-response-5-tips-280338.html?page=1

Defensive Security Podcast Episode 58

Some security advice from Bob; Target’s CIO resigns, should the QSA bear some responsibility? Rogue ads overtake porn as top source for mobile malware; Five things to know about malware before driving it out; Why you need to segment your network; SecurePay in denial about breach; Sally Beauty apparently breached.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.networkworld.com/research/2014/030514-cio-not-the-only-one-279445.html
http://www.csoonline.com/article/749298/rogue-ads-overtake-porn-as-top-mobile-malware-attack-method
http://www.csoonline.com/article/749307/five-things-to-know-about-malware-before-driving-it-out
http://www.csoonline.com/article/749076/why-you-need-to-segment-your-network-for-security
http://krebsonsecurity.com/2014/03/thieves-jam-up-smuckers-card-processor/
http://krebsonsecurity.com/2014/03/sally-beauty-hit-by-credit-card-breach/

Defensive Security Podcast Episode 56

Tip from Bob; US Cyber Security Framework; Challenges with deploying insecure technology; Target vendor compromised through email and some discussions on vendor risks;  Healthcare organizations are UNDER SIEGE by cyber attacks; The DSD’s ranking of security controls; 6 tips to combat APT; The importance of not running with administrator rights; Neiman Marcus breach details begin to emerge, 60,000 events went uninvestigated.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email

http://www.networkworld.com/news/2014/021214-white-house-pushes-cybersecurity-framework-278705.html

http://www.networkworld.com/news/2014/021114-it-innovation-challenging-security-pros39-278671.html

http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/

https://www.maliciouslink.com/what-the-target-breach-should-tell-us/

https://www.maliciouslink.com/what-the-target-breach-can-teach-us-about-vendor-management/

http://m.slashdot.org/story/198359

http://www.asd.gov.au/publications/Mitigation_Strategies_2014.pdf

http://www.networkworld.com/news/2014/021814-6-tips-to-combat-advanced-278854.html

http://www.networkworld.com/news/2014/021914-time-to-drop-unnecessary-admin-278888.html & http://www.networkworld.com/research/2014/021914-one-tweak-can-make-your-278933.html

https://www.maliciouslink.com/one-weird-trick-to-secure-you-pcs/

http://www.businessweek.com/news/2014-02-21/neiman-marcus-hackers-set-off-60-000-alerts-in-bagging-card-data

https://www.maliciouslink.com/lessons-from-the-neiman-marcus-breach/

Defensive Security Podcast Episode 54

More advice from Bob; Verizon’s report on PCI compliance; Target hacked through HVAC contractor; Reporting fail on hacking the Winter Olympics;  Optimizing the use of security budgets in larger organizations.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
Verizon PCI report: http://www.verizonenterprise.com/resources/reports/rp_pci-report-2014_en_xg.pdf

http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/
http://www.infoworld.com/d/security/target-attack-shows-danger-of-remotely-accessible-hvac-systems-235919

http://blog.erratasec.com/2014/02/that-nbc-story-100-fraudulent.html
http://www.businessinsider.com/nbc-richard-engel-hacking-report-cyber-attack-sochi-olympics-2014-2

http://www.techrepublic.com/blog/it-security/how-mid-to-large-companies-can-optimize-security-budgets/

Defensive Security Podcast Episode 53

More advice from Bob; Follow up on Coke’s lost laptops; Honey Encryption to frustrate attackers; What the Target breach shows us about vendor risk; Managing the response to a data breach; More POS malware, this time with TOR goodness.

Subscribe in iTunes | Podcast RSS Feed | Twitter Email
http://blogs.csoonline.com/security-leadership/2957/interesting-finding-coke-data-breach-and-why-you-need-prevent-it-happening-you

http://www.technologyreview.com/news/523746/honey-encryption-will-bamboozle-attackers-with-fake-secrets/

http://www.networkworld.com/news/2014/013114-target-credential-theft-highlights-third-party-278305.html

http://www.networkworld.com/news/2014/013014-positioning-your-institution39s-response-in-278292.html

http://www.networkworld.com/news/2014/013014-tor-enabled-malware-stole-credit-card-278289.html?source=nww_rss