A very good (and damning) investigation of the Target breach. Key items are:
The company’s primary method of detecting malicious software on its internal systems was the free version of Malwarebytes Anti-Malware.
“Target would have paid very little attention to vendors like Fazio, and I would be surprised if there was ever even a basic security assessment done of those types of vendors by Target.”
Krebs then goes on to explain how by downloading publicly available documents from one of the Target web sites you can get a fair idea of how the Target network is setup.