#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Search results for RSA hack | Breaking Cybersecurity News | The Hacker News

Top security firm RSA Security revealed by extremely sophisticated hack !

Top security firm RSA Security revealed by extremely sophisticated hack !

Mar 18, 2011
Top security firm RSA Security revealed on Thursday that it's been the victim of an "extremely sophisticated" hack. The company said in a note posted on its website that the intruders succeeded in stealing information related to the company's SecurID two-factor authentication products. SecurID adds an extra layer of protection to a login process by requiring users to enter a secret code number displayed on a keyfob, or in software, in addition to their password. The number is cryptographically generated and changes every 30 seconds. "While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers," RSA wrote on its blog, "this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen thei
After hack, RSA Release Open Letter to RSA Customers !

After hack, RSA Release Open Letter to RSA Customers !

Mar 18, 2011
Just now Top security firm RSA Security revealed by extremely sophisticated hack, Read complete Story here - https://www.thehackernews.com/2011/03/top-security-firm-rsa-security-revealed.html Now, RSA Release Open Letter to RSA Customers , as given below : Like any large company, EMC experiences and successfully repels multiple cyber attacks on its IT infrastructure every day. Recently, our security systems identified an extremely sophisticated cyber attack in progress being mounted against RSA. We took a variety of aggressive measures against the threat to protect our business and our customers, including further hardening of our IT infrastructure. We also immediately began an extensive investigation of the attack and are working closely with the appropriate authorities. Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat (APT). Our investigation also revealed that the attack resulted in certain information being extracted
SaaS Compliance through the NIST Cybersecurity Framework

SaaS Compliance through the NIST Cybersecurity Framework

Feb 20, 2024Cybersecurity Framework / SaaS Security
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a configuration policy that will apply to an HR app that manages employees, a marketing app that manages content, and an R&D app that manages software versions, all while aligning with NIST compliance standards.  However, there are several settings that can be applied to nearly every app in the SaaS stack. In this article, we'll explore some universal configurations, explain why they are important, and guide you in setting them in a way that improves your SaaS apps' security posture.  Start with Admins Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS a
Its Fail 2011 - Year of Hacks !

Its Fail 2011 - Year of Hacks !

Sep 16, 2011
Its Fail 2011 - Year of Hacks ! According to IT security experts Year 2011 have labeled as the " Year of the Hack " or " #Fail 2011 ". Hacking has become much easier over the years allowing hackers to hack into systems easier then ever before, which is why 2011 had a lot of hacking happen so far. Hackers are coming up with tools as well as finding new methods to hacking faster then companies can increase their security. Even, Every year is the year of the hacking as long as there are hackers out there ready to execute their malicious programs and attain their goals like gathering important information to the victim's computer, stealing important identities, credit card information, etc. This year 2011 could be another generation of hacking. Since every year there are always forward advancements of the tools and programs that could use by the hackers. The most important is to avoid them if you are a computer user. RSA Hack (3/17/2011) : Motive - Unknown attacker, alth
cyber security

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.
Inside Story : How RSA was got hacked !

Inside Story : How RSA was got hacked !

Apr 02, 2011
Inside Story : How RSA was got hacked ! The hack last month at RSA Security has been shrouded in mystery. How did a hacker manage to infiltrate one of the world's top computer-security companies? And could the data that was stolen be used to impair its SecurID products, which are used by 40 million businesses that are trying to keep their own networks safe from intruders? The division of the EMC Corporation is staying mum about what exactly was stolen from its computer systems, aside from that is was data related to SecurID. But on Friday RSA shed some light on the nature of the attack. In a blog post titled "Anatomy of an Attack," the company's head of new technologies, Uri Rivner, described a three-stage operation that was similar to several other recent prominent attacks on technology companies, including a 2009 attack on Google that it said originated in China. In the attack on RSA, the attacker sent "phishing" e-mails with the subject line "2011 Recruitment Plan" to two
There’s something “Human” to Social Engineering !

There's something "Human" to Social Engineering !

Oct 20, 2011
There's something " Human " to  Social Engineering ! At the psychological skill of Social Engineering Social engineering is the human side of breaking into corporate or personal pc's to gain information. Even companies that have an authentication process, firewalls, vpn's and network monitoring software are subject to the skill of a good social engineer. In hacking we rely on our technical skill and in social engineering it is a game of getting your subject to tell you what you want to get into their system. Social engineering has been employed since the beginning of mankind, the art of trickery or deception for the purpose of information gathering, fraud, or in modern times, computer system access. In most cases today the social engineer never comes face to face with their target. In social engineering we exploit the attributes of the human decision making process known as " cognitive biases ." That was the question asked by the Team of Social-engineer.org Gurus. Which tactic
Comodo Hacker - "Comodogate" Iranian hacker claims all internet is insecure !

Comodo Hacker - "Comodogate" Iranian hacker claims all internet is insecure !

Mar 27, 2011
Comodo Hacker - " Comodogate " Iranian hacker claims all internet is insecure Message By Comodo Hacker :  Hello I'm writing this to the world, so you'll know more about me.. At first I want to give some points, so you'll be sure I'm the hacker: I hacked Comodo from InstantSSL.it, their CEO's e-mail address mfpenco@mfpenco.com Their Comodo username/password was: user: gtadmin password: [trimmed] Their DB name was: globaltrust and instantsslcms GlobalTrust.it had a dll called TrustDLL.dll for handling Comodo requests, they had resellers and their url was: https://www.globaltrust.it/reseller_admin/ Enough said, huh? Yes, enough said, someone who should know already knows...Am I right Mr. Abdulhayoglu? Anyway, at first I should mention we have no relation to Iranian Cyber Army, we don't change DNSes, we  just hack and own. I see Comodo CEO and others wrote that it was a managed attack, it was a planned attack, a group of  cyber criminals did i
Supply Chain Attacks and Critical Infrastructure: How CISA Helps Secure a Nation's Crown Jewels

Supply Chain Attacks and Critical Infrastructure: How CISA Helps Secure a Nation's Crown Jewels

Apr 06, 2023 SCADA / Network Security
Critical infrastructure attacks are a preferred target for cyber criminals. Here's why and what's being done to protect them. What is Critical Infrastructure and Why is It Attacked? Critical infrastructure is the physical and digital assets, systems and networks that are vital to national security, the economy, public health, or safety. It can be government- or privately-owned. According to Etay Maor, Senior Director Security Strategy at  Cato Networks , "It's interesting to note critical infrastructure doesn't necessarily have to be power plants or electricity. A nation's monetary system or even a global monetary system can be and should be considered a critical infrastructure as well." These qualities make critical infrastructure a preferred target for cyber attacks. If critical infrastructure is disrupted, the impact is significant. In some cases, such cyber attacks on critical infrastructure have become another means of modern warfare. But unlike
Chinese Hackers targeting American Drones under Operation Beebus

Chinese Hackers targeting American Drones under Operation Beebus

Apr 23, 2013
FireEye experts have been tracking the Operation Beebus campaign for a few months now, and new same gang of hackers are being blamed for a set of recently discovered spear-phishing attacks that aim to steal information related to American drones . These attacks exploited previously discovered vulnerabilities via document files delivered by email in order to plant a previously unknown backdoor onto victim systems. Operation Beebus is an APT-style attack campaign targeting government agencies in the United States and India as well as numerous aerospace, defense, and telecom industry organizations. FireEye Labs has linked the attacks to the China-based Comment Group hacker collective (a prolific actor believed to be affiliated with the Chines government), and Operation Beebus. " The set of targets cover all aspects of unmanned vehicles, land, air and sea, from research to design to manufacturing of the vehicles and their various subsystems. Other related malware have been discov
Lessons to learn from the HBGary Federal hack !

Lessons to learn from the HBGary Federal hack !

Feb 16, 2011
The Anonymous attack on HBGary may have amused some who enjoyed the sight of a security firm left embarrassed and exposed, but it should send a shiver down the spine of any IT administrator responsible for securing their own company. Because can you honestly put your hand on your heart and say a hack like the one against HBGary couldn't happen at your organisation too? As Ars Technica explains, a weakness in a third-party CMS product used by HBGary's website allowed Anonymous hackers to steal passwords that employees used to update the webpages. Unfortunately they were passwords that weren't encrypted strongly enough, and were possible to crack with a rainbow-table based attack. Amongst those exposed were CEO Aaron Barr and COO Ted Vera. Worse still, it appears that Aaron Barr and Ted Vera were using the same passwords for their Twitter and LinkedIn accounts, and even for an account which administered the entire company's email. By exploiting software vulnerabilities,
Cybersecurity Resources