Posted on August 26, 2011 by Josh Arrington
What could 43,000 Yale graduates, the Securities and Exchange Commission, the Maine voter registration system and RSA possibly have in common? Their data has all been tampered with. In this week’s IT security rewind we’ll reveal the email that took down RSA, review this week’s noteworthy data breaches and question the SEC’s involvement in data destruction associated with the Berni Madoff case. What a week!
Dear RSA, “I forward this file to you for review. Please open and view it.” – It’s been a rough week for RSA, as researchers at F-Secure believe that this email carrying an infected Excel sheet may be the sole cause of the major phishing breach that tainted the company’s reputation. According to IDG, “The e-mail was sent on March 3 and uploaded to VirusTotal, a free service used to scan suspicious messages, on March 19, two days after RSA went public with the news that it had been hacked in one of the worst security breaches ever.”
Mainers and Yale Grads Beware! Since the beginning of the “IT Security Rewind,” we have yet to go a week without some sort of publicized data breach, and this week is no different. This Tuesday, Yale University notified about 43,000 faculty, staff, students and alumni that their names and Social Security numbers were publicly available via Google search for about 10 months. What’s interesting about this breach is that a File Transfer Protocol (FTP) server on which the data was stored became searchable via Google as the result of a change the search engine giant made last September.
The very next day, voters in the state of Maine were notified that a CVS-linked computer in one of the town offices was infected with data-stealing malware.
The Berni Saga won’t end – and this week data surrounding the case takes center stage as the Securities and Exchange Commission (SEC) has been accused of destroying thousands of data files on high profile inquiries including an early-stage investigation into Berni Madoff. Whether or not privileged access played a role in this possible tampering is unclear, however according to CSO Online, “Senator Chuck Grassley, the senior Republican on the Senate Judiciary committee, said the data that the SEC is alleged to have destroyed – between 1993 and 2010 – also concerned investigations into alleged insider trading at Deutsche Bank, SAC Capital and collapsed bank Lehman Brothers; as well as into corporate practices during Goldman Sachs’ trading of complex products with insurer AIG.”
Can you handle the security drama? Let us know your thoughts on this week’s events below…
Grossly Underestimating the Privileged Account Security Problem Part 3: Automating Privileged Account Management and Cyber-Ark DNA™ (Discovery & Audit)
Posted on May 16, 2013
Grossly Underestimating the Privileged Account Security Problem Part 2: Defining Privilege with Cyber-Ark CMO, John Worrall
Posted on May 9, 2013
Posted on May 8, 2013
Posted on May 6, 2013
Posted on May 3, 2013
AP Hack & Social Media Accounts – Another Great Example of the Danger of Shared, “Privileged” Accounts
Posted on April 25, 2013
Posted on April 1, 2013
Posted on February 22, 2013
Copyright 2013 Cyber-Ark Software - All Rights Reserved