134 matches found
RSA Says Lockheed Attack Not a New Threat to SecurID, But Will Replace Users' Tokens
In the wake of a string of attacks against high-profile users of RSA Security’s SecurID tokens including Lockheed Martin, the company has posted an open letter to its customers, trying to reassure them that the tokens are secure and that the attacks don’t represent a new threat to these businesse...
Report: L3 Warns Employees Of Attacks Using Compromised SecurID Tokens
Executives at U.S. defense contractor L-3 Communications warned employees in April about an attempt by unknown assailants to compromise the company’s network using forged SECURID tokens from RSA. The report, if accurate would be the second attack on a leading defense contractor with links back to...
Hackers broke into Lockheed Martin networks & U.S. defense contractors !
Unknown hackers have broken into the security networks of Lockheed Martin Corp and several other U.S. military contractors, a source with direct knowledge of the attacks told Reuters. They breached security systems designed to keep out intruders by creating duplicates to "SecurID" electronic keys...
Report: Norwegian Military Hit by Cyber Attack in March
The Norwegian military has admitted it was hit by a “massive” phishing cyber attack in March, according to a report from Techworld.com. The attack began in an e-mail sent to select members of the defense ministry from what appeared to be another Norwegian government agency. An enclosed attachment...
Adobe Flash Bug Being Used in Attacks Via Word Documents
Adobe on Monday warned its customers about a new unpatched vulnerability in its Flash Player application. Officials say that the bug is being used in targeted attacks involving a malicious Flash file embedded in a Microsoft Word document. The Flash vulnerability affects users on Windows, Apple OS...
RSA: SecurID Attack Was Phishing Via an Excel Spreadsheet
RSA confirmed on Friday that the attack that compromised the company’s high-value SecurID product was essentially a small, targeted phishing campaign that included a payload of a malicious Flash object embedded in an Excel file. The much-discussed attack on RSA, which the company revealed last...
Paul Kocher on the RSA Attack
Dennis Fisher talks with Paul Kocher of Cryptography Research about the details of the attack on RSA, what the attackers might have stolen and what the compromise of the seed file for the SecurID tokens would mean for customers. Podcast audio courtesy of sykboy65 Subscribe to the Digital...
Back-End Software May Be Real Worry in RSA Attack
The attack on RSA that the company revealed last week raises a multitude of questions about the security of the company’s network and its own internal procedures. But the most important issues the RSA attack brings to the surface concern exactly what the attackers may have been after and what the...
RSA Warns Customers Of Targeted Attacks In Wake of Hack
RSA, the security division of EMC Corp. has warned customers to be on the lookout for targeted attacks, including suspicious messages and links sent over social media networks in the wake of a sophisticated attack that spilled confidential information about the workings of the company’s SecurID...
Greg Hoglund Discusses HBGary Mishap
Greg Hoglund, CTO of HBGary, admits that lackluster security played a central role in the breach that led to the release of some 50,000 company emails, but also disputes common understanding and reported details of the hack, going so far as to say there was actually no hack at all. In an intervie...
After hack, RSA Release Open Letter to RSA Customers !
Just now Top security firm RSA Security revealed by extremely sophisticated hack, Read complete Story here - Now, RSA Release Open Letter to RSA Customers, as given below : Like any large company, EMC experiences and successfully repels multiple cyber attacks on its IT infrastructure every day...
Top security firm RSA Security revealed by extremely sophisticated hack !
Top security firm RSA Security revealed on Thursday that it's been the victim of an "extremely sophisticated" hack. The company said in a note posted on its website that the intruders succeeded in stealing information related to the company's SecurID two-factor authentication products. SecurID ad...
RSA Hack Yields SecurID Secrets
RSA Security, a division of EMC Corp. has admitted that it was the victim of a sophisticated attack that resulted in the theft of secrets related to its SecurID two-factor authentication product. The disclosure came in a blog post by RSA chief Art Coviello on Thursday. Coviello said that the...
CVE-2010-3321
RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS11 API...
Authentication flaw
RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS11 API...
CVE-2010-3321
Summary: CVE-2010-3321 affects RSA Authentication Client 2.0.x, 3.0, and 3.5.x prior to 3.5.3 when used with RSA SecurID 800 authenticators. The secret key objects stored on the authenticator can be extracted due to the PKCS#11 objects being tagged as SENSITIVE and NON-EXTRACTABLE, which should p...
CVE-2010-3321
RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS11 API...
RSA Authentication Agent for Web Buffer Overflow (CVE-2005-1471)
The RSA Authentication Agent for Web for Internet Information Services IIS provides protection for selected web pages by securing them with the RSA SecurID authentication mechanism. When a user attempts to access a resource that is secured with the RSA SecurID, the RSA Agent authenticates the use...
RSA SecurID Cross Site Scripting
Title: RSA SecurID XSS Discovered 12-11-2008 Discovered By: s4squatch of SecureState R&D Team www.securestate.com Vendor Notified: 10-07-2009 Vendor Response: 10-08-2009 Version: Unknown -- DLL does not contain version, therefore vendor says it is outdated and not supported. POC:...
RSA SecurID XSS Vulnerability
Exploit for unknown platform in category web applications ============================= RSA SecurID XSS Vulnerability ============================= Discovered 12-11-2008 Discovered By: s4squatch of SecureState R&D Team www.securestate.com Vendor Notified: 10-07-2009 Vendor Response: 10-08-2009...