12 Oct 11. The theft of data about RSA Security tokens that was used in an attempted hack of a major U.S. defense contractor was carried out by two groups of hackers working for a nation-state, RSA executives say. Speaking at the company’s European conference in London, RSA executive Chairman Art Coviello said the company has not been able to identify the nation behind it, but that, “we are very confident, with the skill and the degree and the resource behind the attack, that it could only have been perpetrated by a nation-state,” reported ZDNet UK. Coviello said the different methods used in the attacks indicated two groups, working in tandem, were involved, ZDNet UK reported. RSA in March reported the breach, which it said was a result of an “extremely sophisticated” attack to gain information from the company’s SecurID authentication tokens. In June, RSA confirmed that information from the breach was used in a failed attack in May on Lockheed Martin. Cyberattacks against defense contractors L3 Communications and Northrop Grumman also were reported in May, but RSA has said only Lockheed Martin had been attacked as a result of the SecurID breach. The attackers reportedly used phishing techniques on RSA employees to get them to click on a link that delivered a zero-day exploit, then quietly collected information on SecurID, which is used by many banks and other large organizations, such as defense contractors, to authenticate employees. Researchers at F-Secure said in August the malware may have been contained in an Excel spreadsheet that arrived with a recruitment plan e-mail, PC World reported. That information, believed to be about the seed numbers used by an algorithm to generate one-time passcodes on the token, was then used in the attack on Lockheed. Passcodes are used with a user’s log-in ID and personal identification code for network access. (Source: GCN)
03 Oct 11. Kicking off National Cyber Security Awareness Month. Today’s modern world is more interconnected than ever before. Everything from online shopping to social networking to providing basic utilities requires the reliability and security of the Internet. While increased interconnectivity has plenty of advantages, it has also increased the risk of theft, fraud, and abuse to individuals, businesses, communities, and governments. That’s why cybersecurity is a shared responsibility, and each of us has a role to play. Emerging cyber threats require the engagement of our entire society including government and law enforcement, the private sector, and members of the public. Today, President Obama issued a presidential proclamation announcing the eighth annual National Cybersecurity Awareness Month (NCSAM), which has been recognized by state and local governments, as well as industry and academia. Every October, we take the opportunity to engage public and private sector stakeholders, as well as the general public, to promote a safe, secure, and resilient cyber environment. This month is also the first anniversary of the Department’s Stop.Think.Connect.™ Campaign, an ongoing national public awareness effort to engage and challenge Americans to join practice and promote safe online practices.
Individuals and business can follow a few simple steps to keep themselves, their identities, and information safe online:
Set strong passwords, and don’t share them with anyone.
Keep your operating system, browser, and other critical software optimized by installing updates.
Maintain an open dialogue with your children about Internet safety.
Limit the amount of personal information you post online and use privacy settings to avoid sharing information widely.
Be cautious about what you receive or read online – if it sounds too good to be true, it probably is. (Source: Google)
12 Oct 11. Raytheon Company announced that its Cyber Operations Training has been added to the company’s General Services Administration (GSA) Schedule 70 contract. Federal, state, local and