InfoSec links September 24, 2014

Data Breach Victims or Enablers? - Bill Brenner - Liquid Matrix

Companies that suffer a breach — Home Depot and Target have been among this year’s biggest poster children — are victims. They don’t set out to put their customers’ data in danger and they probably thought they were practicing all due diligence until they discovered the intrusions. But they probably also mistook their compliance check lists for real security and failed to turn security into a company-wide mindset, and that makes them enablers for the hackers who beat them.

Home Depot ignored security warnings for years employees say - Sean Gallagher - ars technica

Former information technology employees at Home Depot claim that the retailer’s management had been warned for years that its retail systems were vulnerable to attack, according to a report by The New York Times. Resistance to advice on fixing systems reportedly led several members of Home Depot’s computer security team to quit, and one who remained warned friends to use cash when shopping at the retailer’s stores.

Massive Malvertising Network is 9 Times Bigger Than Originally Thought: Cisco - Brian Prince - Security Week

"The “Kyle and Stan” network is a highly sophisticated malvertising network," blogged Armin Pelkmann, threat researcher with Cisco. "It leverages the enormous reach of well placed malicious advertisements on very well known websites in order to potentially reach millions of users. The goal is to infect Windows and Mac users alike with spyware, adware, and browser hijackers."