The hottest deals voted on by our community. Selected and verified by our team of deal editors.It’s the signature move of a smart hacker; use one vulnerable point of entry on an interconnected system, then go after your real target. Now it seems one unfortunate HVAC maintenance man was used as the hacker’s pawn in the Target data breach scam. Fazio Mechanical Services, a Sharpsburg, Penn.-based provider of refrigeration and HVAC systems, was given access to a Target database so the company could remotely login and perform efficiency updates. After stealing one Fazio worker’s credentials, the hackers used this digital pathway to insert the destructive malware, reported security blogger Brian Krebs. Target said last week their ongoing investigation into the breach revealed a “third party vendor” was used to gain access, which is a standard move for hackers, David Kennedy, TRUSTEDSEC founder and security consultant, told TheBlaze. When multiple systems are linked, like a heating and air conditioning system and a credit card processing system, as long as a hacker can access a single point in the network, they can likely reach all the interconnected data.

“There is a data hub that handles all of those interconnections, and hackers can ride the trusted connections and pivot to other systems – it’s a very common practice,” Kennedy added. Avivah Litan, a fraud analyst with Gartner Inc., said although current Payment Card Industry standards do not require organizations to maintain separate networks for payment and non-payment operations, it does require merchants to incorporate two-factor authentication for remote network access originating from outside the network by personnel and all third parties — including vendor access for support or maintenance, reports Krebs. However, the Target system used by HVAC vendor did not have two-factor authentication. Sources said that between Nov. 15 and Nov. 28 (Thanksgiving and the day before Black Friday), the attackers succeeded in uploading their card-stealing malicious software to a small number of cash registers within Target stores. Those same sources said the attackers used this time to test that their point-of-sale malware was working as designed.

By the end of the month — just two days later — the intruders had pushed their malware to a majority of Target’s point-of-sale devices, and were actively collecting card records from live customer transactions, investigators told this reporter. ac unit torontoTarget has said that the breach exposed approximately 40 million debit and credit card accounts between Nov. 27 and Dec. 15, 2013.window unit air exchanger So why give access to any third party vendors if malware can be inserted so easily? small space air conditioning unitsKrebs reported that Target, not unlike many organizations that have to heat and cool a large facility, allow vendors to remote into the system to do maintenance (updates, patches, etc.) or to troubleshoot glitches and connectivity issues with the software.

And rather than having one technical specialist per store, giving remote access allows one person to monitor several systems in multiple stores. It’s a cost saving decision that may end up costing Target hundreds of millions of dollars in bank reimbursements, fines, legal fees, and customer service costs. Follow Elizabeth Kreft (@elizabethakreft) on Twitter.Someone broke into a landscaping business and stole an undisclosed amount of cash. Police were called early Sept. 9 after the burglary was discovered at the Triple J’s Landscaping company at 3406 Rochester Road. Police said an intruder kicked open a rear door of the building to get inside the business. The money was taken from a desk drawer. A woman reported that someone tried to break into her house in the 1700 block of Harwood Avenue on Sept. 8. Police said she discovered that her rear door and door frame were damaged, but no one got inside her home, which is south of Lincoln near Campbell. The report comes after a rash of five home burglaries in the south end of the city happened between Aug. 25 and Sept. 3, most of them south of Lincoln.

The Sept. 3 burglary was reported in the 700 block of Gainsborough -- just north of Lincoln -- after someone stole a television, laptop, coins, jewelry, watches, a handgun and other items. Earlier burglaries were reported in the 900 block of Knowles, the 900 block of Owana, the 1200 block of South Campbell and the 900 block of Mohawk. In most of the burglaries someone forced open either a door wall or window while residents were away from their homes. Items stolen included computers, jewelry and cash. Cash stolen in cellphone sale meet-up Police are looking for a man who stole an undisclosed amount of cash from another man who thought he was buying three Apple iPhones from the culprit. The victim saw an ad for the sale of the three cellphones and arranged to meet the man posing as a seller Sept. 11 at the Emagine Theater, 200 N. Main Street. The buyer gave the other man cash for the phones but found when he opened the iPhone box it was empty. The other man immediately fled the theater and got into a green Chevy Camaro and drove off.

Police describe the man as black, 25-30 years old, 6 feet tall and was wearing black shorts and a black T-shirt with the letters “LG” on one of the sleeves. Air conditioning units were damaged at three businesses and one was stolen from a home. Three of the incidents were reported after the Labor Day weekend on Sept. 6 Air conditioning units were damaged at Know Advertising, 422 W. 11 Mile Road and Oakland Utilities at 712 W. 11 Mile Road, while an air conditioning unit was reported stolen from a residence in the 1800 block of East Fourth Street. A unit was also damaged at Sullivan & Sons Funeral Home on Sept. 2. 6-foot stuffed bear stolen from Pronto! A 6-foot tall stuffed toy bear was stolen from a window display at Pronto! Restaurant at 608 S. Washington Avenue. The light brown bear has a large head with a dark brown nose. It was stolen sometime after 11:30 p.m. Sept. 9 and discovered missing the next morning. Air compressor stolen from carA man discovered Sept. 11 that someone stole an air compressor from his Dodge Challenger and removed the lug nuts from all four tires on the vehicle.