The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Search results for RSA hack

Top security firm RSA Security revealed by extremely sophisticated hack !

Top security firm RSA Security revealed by extremely sophisticated hack !

March 18, 2011Mohit Kumar
Top security firm RSA Security revealed on Thursday that it’s been the victim of an “extremely sophisticated” hack. The company said in a note posted on its website that the intruders succeeded in stealing information related to the company’s SecurID two-factor authentication products. SecurID adds an extra layer of protection to a login process by requiring users to enter a secret code number displayed on a keyfob, or in software, in addition to their password. The number is cryptographically generated and changes every 30 seconds. “While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers,” RSA wrote on its blog, “this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen thei
After hack, RSA Release Open Letter to RSA Customers !

After hack, RSA Release Open Letter to RSA Customers !

March 18, 2011Mohit Kumar
Just now Top security firm RSA Security revealed by extremely sophisticated hack, Read complete Story here - http://www.thehackernews.com/2011/03/top-security-firm-rsa-security-revealed.html Now, RSA Release Open Letter to RSA Customers , as given below : Like any large company, EMC experiences and successfully repels multiple cyber attacks on its IT infrastructure every day. Recently, our security systems identified an extremely sophisticated cyber attack in progress being mounted against RSA. We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities. Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted
Its Fail 2011 - Year of Hacks !

Its Fail 2011 - Year of Hacks !

September 16, 2011Mohit Kumar
Its Fail 2011 - Year of Hacks ! According to IT security experts Year 2011 have labeled as the " Year of the Hack ” or “ #Fail 2011 ”. Hacking has become much easier over the years allowing hackers to hack into systems easier then ever before, which is why 2011 had a lot of hacking happen so far. Hackers are coming up with tools as well as finding new methods to hacking faster then companies can increase their security. Even, Every year is the year of the hacking as long as there are hackers out there ready to execute their malicious programs and attain their goals like gathering important information to the victim's computer, stealing important identities, credit card information, etc. This year 2011 could be another generation of hacking. Since every year there are always forward advancements of the tools and programs that could use by the hackers. The most important is to avoid them if you are a computer user. RSA Hack (3/17/2011) : Motive - Unknown attacker, alth
Inside Story : How RSA was got hacked !

Inside Story : How RSA was got hacked !

April 02, 2011Mohit Kumar
Inside Story : How RSA was got hacked ! The hack last month at RSA Security has been shrouded in mystery. How did a hacker manage to infiltrate one of the world’s top computer-security companies? And could the data that was stolen be used to impair its SecurID products, which are used by 40 million businesses that are trying to keep their own networks safe from intruders? The division of the EMC Corporation is staying mum about what exactly was stolen from its computer systems, aside from that is was data related to SecurID. But on Friday RSA shed some light on the nature of the attack. In a blog post titled “Anatomy of an Attack,” the company’s head of new technologies, Uri Rivner, described a three-stage operation that was similar to several other recent prominent attacks on technology companies, including a 2009 attack on Google that it said originated in China. In the attack on RSA, the attacker sent “phishing” e-mails with the subject line “2011 Recruitment Plan” to two
There’s something “Human” to  Social Engineering !

There’s something “Human” to Social Engineering !

October 20, 2011Mohit Kumar
There’s something “ Human ” to  Social Engineering ! At the psychological skill of Social Engineering Social engineering is the human side of breaking into corporate or personal pc’s to gain information. Even companies that have an authentication process, firewalls, vpn’s and network monitoring software are subject to the skill of a good social engineer. In hacking we rely on our technical skill and in social engineering it is a game of getting your subject to tell you what you want to get into their system. Social engineering has been employed since the beginning of mankind, the art of trickery or deception for the purpose of information gathering, fraud, or in modern times, computer system access. In most cases today the social engineer never comes face to face with their target. In social engineering we exploit the attributes of the human decision making process known as “ cognitive biases .” That was the question asked by the Team of Social-engineer.org Gurus. Which tactic
Comodo Hacker - "Comodogate" Iranian hacker claims all internet is insecure !

Comodo Hacker - "Comodogate" Iranian hacker claims all internet is insecure !

March 27, 2011Mohit Kumar
Comodo Hacker - " Comodogate " Iranian hacker claims all internet is insecure Message By Comodo Hacker :  Hello I'm writing this to the world, so you'll know more about me.. At first I want to give some points, so you'll be sure I'm the hacker: I hacked Comodo from InstantSSL.it, their CEO's e-mail address mfpenco@mfpenco.com Their Comodo username/password was: user: gtadmin password: [trimmed] Their DB name was: globaltrust and instantsslcms GlobalTrust.it had a dll called TrustDLL.dll for handling Comodo requests, they had resellers and their url was: http://www.globaltrust.it/reseller_admin/ Enough said, huh? Yes, enough said, someone who should know already knows...Am I right Mr. Abdulhayoglu? Anyway, at first I should mention we have no relation to Iranian Cyber Army, we don't change DNSes, we  just hack and own. I see Comodo CEO and others wrote that it was a managed attack, it was a planned attack, a group of  cyber criminals did i
Chinese Hackers targeting American Drones under Operation Beebus

Chinese Hackers targeting American Drones under Operation Beebus

April 23, 2013Mohit Kumar
FireEye experts have been tracking the Operation Beebus campaign for a few months now, and new same gang of hackers are being blamed for a set of recently discovered spear-phishing attacks that aim to steal information related to American drones . These attacks exploited previously discovered vulnerabilities via document files delivered by email in order to plant a previously unknown backdoor onto victim systems. Operation Beebus is an APT-style attack campaign targeting government agencies in the United States and India as well as numerous aerospace, defense, and telecom industry organizations. FireEye Labs has linked the attacks to the China-based Comment Group hacker collective (a prolific actor believed to be affiliated with the Chines government), and Operation Beebus. “ The set of targets cover all aspects of unmanned vehicles, land, air and sea, from research to design to manufacturing of the vehicles and their various subsystems. Other related malware have been discov
Chinese malware campaign 'Beebus' target US defense industries

Chinese malware campaign 'Beebus' target US defense industries

February 06, 2013Wang Wei
A Chinese malware campaign called ' Beebus ' specifically targeting the aerospace and defense industries has been uncovered by FireEye security researchers. Beebus is designed to steal information, and begins its infiltration, as so many attacks do, with spear-phishing emails. Operation Beebus very related to Operation Shady RAT and was first detected in April 2011. The attacks carried out by  spear phishing attack and drive-by downloads as a means of infecting end users. malicious Whitepapers or PDFs were mailed to targets and by using known flaws, malware was able install Trojan backdoors on vulnerable systems. The malware communicates with a remote command and control (CnC) server. FireEye discovered the attacks on some of its customers in the aerospace and defence last March and the Vulnerability in the Windows OS known as DLL search order hijacking was used to drops a DLL called ntshrui.DLL in the C:\Windows directory.  It has modules to capture system information l
Lessons to learn from the HBGary Federal hack !

Lessons to learn from the HBGary Federal hack !

February 16, 2011Mohit Kumar
The Anonymous attack on HBGary may have amused some who enjoyed the sight of a security firm left embarrassed and exposed, but it should send a shiver down the spine of any IT administrator responsible for securing their own company. Because can you honestly put your hand on your heart and say a hack like the one against HBGary couldn't happen at your organisation too? As Ars Technica explains, a weakness in a third-party CMS product used by HBGary's website allowed Anonymous hackers to steal passwords that employees used to update the webpages. Unfortunately they were passwords that weren't encrypted strongly enough, and were possible to crack with a rainbow-table based attack. Amongst those exposed were CEO Aaron Barr and COO Ted Vera. Worse still, it appears that Aaron Barr and Ted Vera were using the same passwords for their Twitter and LinkedIn accounts, and even for an account which administered the entire company's email. By exploiting software vulnerabilities,
How-to — Stealing Decryption Key from Air-Gapped Computer in Another Room

How-to — Stealing Decryption Key from Air-Gapped Computer in Another Room

February 16, 2016Swati Khandelwal
Air-gapped computers that are believed to be the most secure computers on the planet have become a regular target for researchers in recent years. Air-gap computers are one that are isolated from the Internet or any other computers that are connected to the Internet or external network, so hackers can’t remotely access their contents. But you need to think again before calling them ' Safe .' A team of security researchers from Tel Aviv University and Technion have discovered a new method to steal sensitive data from a target air-gapped computer located in another room. The team is the same group of researchers who had experimented a number of different methods to extract data from a computer. Last year, the team demonstrated how to extract secret decryption keys from computers using just a radio receiver and a piece of pita bread. In 2014, the team devised a special digitizer wristband that had the ability to extract the cryptographic key used to secu
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.