Target - News, Features, and Slideshows

• 

  Should vulnerabilities and malware be our #1 security priority?

  Zero-days, SQL injection, memory overflows and other kinds of creative abuse in the digital domain are a huge concern for many Internet-facing organisations. Commonly, a large proportion of IT budgets are bent towards ways to protect against these threats. Organisations deploy everything from IPS, IDS, SIEM, anti-virus and vulnerability scanners to look for the proverbial needle, and in many cases it’s a core function of IT security’s mandate. Rightly so, as it is an important and timely concern, but should this be our top priority?

  Craig Dore | 02 Mar | Read more

• New payment card malware hard to detect and remove

  FireEye says it has discovered a type of malware designed to steal payment card data that can be very difficult to detect and remove.

  Jeremy Kirk | 07 Dec | Read more

• Report: US retailer Target failed to execute security basics

  Target hired Verizon to figure out what was behind its 2013 data breach and Verizon found that the company’s security problems can be summed up as failure to do the basics.

  Tim Greene | 01 Oct | Read more

• 

  EFF tracker-smashing Privacy Badger exits beta

  The Electronic Frontier Foundation recently announced that its tracker-munching browser add-on is ready for prime time. Privacy Badger version 1.0 is available now for Chrome and Firefox. The add-on was released as a public alpha in May 2014 and hit beta about two months later.

  Ian Paul | 08 Aug | Read more

• Android vulnerabilities are scary, but could be a blessing in disguise

  The headlines, as ever, were alarming an Android vulnerability that could compromise a phone with nothing more than a malicious text message? With no user input? That's enough to curdle the blood of the hardiest admin.

  Jon Gold | 07 Aug | Read more

• 4 Small Business Security Lessons From Real-Life Hacks

  It's no longer unusual to see major, massive hacks make news these days. They affect millions of individuals and cost millions of dollars to rectify.

  Paul Mah | 13 Aug | Read more

• How to achieve better third-party security: Let us count the ways

  No enterprise is an island. In a connected world, a business cannot function without multiple relationships with third parties -- outside vendors, contractors, affiliates, partners and others.

  Taylor Armerding | 30 Jun | Read more

• They Fought the Law, The Law Won

  Reading the headlines relating to cyber-security you would not be blamed for thinking we are in a losing battle against relentless foes. The breaches at OPM, Ashley Madison, Target, Sony, and many others highlight criminals are consistently looking for ways to breach our defences. It is understandable then why many CISOs may look nervously at their networks wondering if they will be the next victim, or worse, are they already a victim without knowing it.

  Brian Honan | 27 Jul | Read more

• CSO's CISO Executive Career and Leadership Success Guide

  A lot has changed since the early years, when enterprises first began embracing the CISO position. Back then, the CISO role was primarily a technical one: control user access, secure the databases, find and patch vulnerabilities, keep the malware out, and eventually to help build secure websites and eCommerce platforms. In those days, most of the highly proprietary data resided within the local area network, the data center, or within PCs and notebooks.

  George V. Hulme | 02 Jun | Read more

• The science behind alert fatigue: How to turn down the noise so you can hear the signal

  You've likely experienced <a href="http://www.healthcareitnews.com/directory/alert-fatigue">alert fatigue</a> at some point in your life. You feel exasperated as your phone pings for what seems like the hundredth time in a day, or your eyes glaze over as a glut of new analytics data rolls in. You feel resigned to the fact that an influx of email could very well go on forever.

  By Marius Moscovici, founder and CEO, Metric Insights | 07 May | Read more

• Sony breach turns bank's focus to users

  When New Jersey's Provident Bank was founded in 1839, Martin Van Buren was president. The First Opium War was getting going in China. And, in Boston, the American Statistical Association was just being founded.

  Maria Korolov | 04 Apr | Read more

• Security Manager's Journal: Breaches are everywhere

  Follow me, if you will, on a journey back in time to just one year ago. As 2013 turned into 2014, the information security industry was buzzing about the latest spate of breaches. Target had ushered in a new era of retail security breaches, with 40 million card numbers lost to the hackers. Little did we know at the time that this was just the beginning, and small potatoes in comparison to what was to come. One year ago, Neiman Marcus and Michaels had joined Target, and <a href="http://www.computerworld.com/article/2487265/security0/security-manager-s-journal--cyberattacks-just-got-personal.html">I wrote in response to the growing number of breach disclosures</a> that "in fact, I have to wonder which retailers have <em>not</em> suffered breaches. The word on the street is that at least a half-dozen other retailers were compromised in the past few months, without publicity." Sadly, this turned out to be true. I hate being right all the time.

  By J.F. Rice | 12 Feb | Read more

Whitepapers about Target

• 

  Defending against application Denial of Service attacks

  This whitepaper digs into application DoS attacks, offering both an overview of common attack tactics and possible mitigations for each. By the end of the paper you should have a guide and an understanding of how your application availability will be attacked, and what you can do about it. •Attackers increasingly leverage availability-impacting attacks, both to cause downtime and to mask other kinds of attacks — usually involving data theft. •Adversaries exploit weaknesses in application stack components to knock infrastructure over, but the application itself can be targeted •Defending against AppDoS attacks requires a multi-faceted approach that typically starts with a mechanism to filter attack traffic