InfoSec breach links December 8, 2014

I'm back. I passed my Spanish course and will have some thoughts on that experience next week. I still have two final projects to complete for two other classes so the posts for this week will be simple and probably mostly link dumps. I have been keeping up with security news and saved several links from this past month. Needless to say, some of them are quite dated, but it's interesting look at all the security stuff that happens in a month to two-month time-frame.

Malware Based Credit Card Breach at Kmart - Brian Krebs - Krebs on Security

“Yesterday our IT teams detected that our Kmart payment data systems had been breached,” said Chris Brathwaite, spokesman for Sears. “They immediately launched a full investigation working with a leading IT security firm. Our investigation so far indicates that the breach started in early September.”

Banks: Credit Card Breach at Staples Stores - Brian Krebs - Krebs on Security

According to more than a half-dozen sources at banks operating on the East Coast, it appears likely that fraudsters have succeeded in stealing customer card data from some subset of Staples locations, including seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey.

Sony Got Hacked Hard: What We Know and Don't Know So Far - Kim Zetter

As so often happens with breach stories, the more time that passes the more we learn about the nature of the hack, the data that was stolen and, sometimes, even the identity of the culprits behind it. A week into the Sony hack, however, there is a lot of rampant speculation but few solid facts. Here’s a look at what we do and don’t know about what’s turning out to be the biggest hack of the year—and who knows, maybe of all time.