Phishy HTML pages get past spam filters, and users of RSA's SecurID two-factor authentication products come up with new ways to monitor threats and take preventive steps in the aftermath of a hacker attack against RSA.
This kind of problem happens to everybody, says Marcus Ranum, CSO of Tenable Network Security, in response to the widely publicized breach at RSA. And maybe hes right. Perhaps this kind of problem does happen to everyone. But should it?
Phishing represented more than half of the 107,439 cyber incidents compiled by the U.S.-CERT for fiscal year 2010 from federal, state and local governments, commercial enterprises, American citizens and foreign CERT teams.
"In this future, cyber devices have innate capabilities that enable them to work together to anticipate and prevent cyber attacks and recover to a trusted state," says DHS Deputy Undersecretary Philip Reitinger.
Users of RSA's SecurID two-factor authentication products, acting on advice from the company, are devising strategies to monitor for threats and take preventive steps in the aftermath of a hacker attack against the products.
In the wake of Japan's devastating earthquake and subsequent tsunami, business continuity plans are being tested, and organizations must prepare for aftershocks of all kinds.
Auditors find that the SEC's IT office documented and incorporated National Institute of Standards and Technology patch requirements in its policies and procedures but that guidance wasn't always followed.
RSA executives haven't been commenting publicly since the security solutions vendor revealed last week it had been victimized by a sophisticated cyberattack aimed at its SecurID two-factor authentication product. But weeks before the hack, I spoke with RSA Chief Technology Officer Bret Hartman about advanced...
"In a natural disaster of this impact, you do not think of saving an organization first, but you think of securing the people stranded there," says AnneMarie Staley, director of global business continuity management at the New York Stock Exchange.
Phishy HTML pages e-mailed as attachments get past spam filters because the messages themselves contain no overt URLs to scan and catch, says online security expert Neil Schwartzman. "It's almost unsophisticated, but it's clever."
RSA has sent a detailed letter to its clients regarding the recent attack against its SecurID two-factor authentication products. It's also hosting customer information calls this week.
As part of its outreach to customers in the wake of the SecurID breach, security solutions vendor RSA has issued a Customer FAQ. Here is an excerpt of that document, as shared with Information Security Media Group by RSA customers.
Marcus Ranum isn't just a well-regarded information security expert. He's also a customer of the RSA SecurID product, and he's got some strong feelings about the RSA breach and how the industry has responded to it.
Fraud, risk management emerging technologies -- these issues know no boundaries. That's why we're launching a series of new international BankInfoSecurity sites to draw proper attention to local issues that impact the global banking industry.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.