Monday, April 4, 2011
The world’s biggest Email Service Provider, Epsilon, has suffered a serious security breach, compromising the customer lists and email addresses of some high-profile companies. They send 40 billion email messages a year on behalf of customers like Kroger, TiVo, US Bank, JP Morgan Chase, Capital One, Citi, and others. SecurityWeek is maintaining a list of affected companies on their website.
What does this mean?
There will be more spam to the compromised addresses. We can also expect a significant uptick in targeted phishing attacks, especially for the financial service companies’ customers.
Epsilon’s customers, and the financial companies in particular, may be demanding swift action from law enforcement. The end users should assume the cat is out of the bag and react accordingly. According to RKON Network Security Consultant Michael Atkinson, “Any email purporting to come from one of the companies whose customer email addresses were compromised should be viewed with caution, if not outright suspicion. Emphasize to your end users that they should not call any phone numbers, follow any links, or respond to any such email. Instead, they should go directly to the company’s log-on page or call them using the number on the back of your card.”
Contact RKON for further information.
Monday, March 28, 2011
Along with RSA being targeted in a Cyber Attack, PHP.net, Comodo, MySQL.com, and Sun.com have all been compromised in the last two weeks. MySQL.com was compromised by a blind SQL injection. To learn more, read these articles at MySQL.com or InfoWorld.com.
According to RKON Senior Security Architect Chris Serafin, “these attacks against high-profile targets are indicative of how the threat environment continues to change and evolve.” Contact RKON today to learn how our security services and vulnerability testing can help protect your organization from these threats.
Friday, March 18, 2011
RSA reported that their security systems identified an extremely sophisticated cyber attack being mounted against them. They are taking a variety of aggressive measures against the threat to protect their business and their customers. At this time, they have no evidence showing that customer security related to RSA products has been impacted.
According to RKON Network Security Consultant Michael Atkinson, “In order to successfully defeat SecurID without physical possession of a token, an attacker would need to have RSA’s algorithm, the random “seed” used by a specific token, the username associated with that token, the user’s PIN, and the correct time. To the best of my knowledge, RSA has not stated what information was compromised, but in the worst case scenario where the attackers had the algorithm and the seeds for each of your tokens, they still would not have the correct username and PIN associated with each token. That information is not in RSA’s possession and could not have been compromised by the reported attack.”
RKON will stay on top of this issue and inform you of any news. For more information visit the RSA website or contact RKON.