The attackers used a spear phishing campaign targeting RSA employees to gain access to the RSA network. They sent emails appearing to come from a job site with a malicious Excel spreadsheet attachment exploiting Flash vulnerabilities. This allowed the attackers to install backdoors and remote access tools on the network. They were then able to escalate privileges and extract encrypted password-protected files containing user SecurID tokens. The stolen data was suspected to be used in an attempted attack on Lockheed Martin, though their security measures detected the threat. In response, RSA improved security including issuing new SecurID tokens and launching incident response services.
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
Social engineering is a growing industry. Even the biggest companies as well as technology-savvy individuals fall victim to social engineering attacks. This training deck will help you understand the different types of social engineering attacks and how to protect your assets and data.
Credits:
Photos - unsplash, pixabay, flaticons
Presentation by: Jam Rivera
This PPT help you to present the topic Hacking at collage level and professional level. If you need more please share an email rashed_ec2012@rediffmail.com
Keylogger can either be software or hardware device, which is designed to surveillance on user’s activity by tracing keystrokes.
https://how-to-remove.org/malware/keylogger/
https://www.facebook.com/Hilary-Park-1636750126622779/
https://twitter.com/hilarypark97
https://plus.google.com/u/0/102986887893246664116
https://www.pinterest.com/hilarypark97/
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
Social engineering is a growing industry. Even the biggest companies as well as technology-savvy individuals fall victim to social engineering attacks. This training deck will help you understand the different types of social engineering attacks and how to protect your assets and data.
Credits:
Photos - unsplash, pixabay, flaticons
Presentation by: Jam Rivera
This PPT help you to present the topic Hacking at collage level and professional level. If you need more please share an email rashed_ec2012@rediffmail.com
Keylogger can either be software or hardware device, which is designed to surveillance on user’s activity by tracing keystrokes.
https://how-to-remove.org/malware/keylogger/
https://www.facebook.com/Hilary-Park-1636750126622779/
https://twitter.com/hilarypark97
https://plus.google.com/u/0/102986887893246664116
https://www.pinterest.com/hilarypark97/
Most of us are really fond of mobile and web applications in our day-to-day lives. It should be secure enough to handle security attacks. Here web application security principles are focused and how the basic concepts of access control techniques are supportable for the applications is discussed.
What is the meaning of the term logic bomb? What are the features and examples of logic bomb malware? Finally, how to protect yourself from logic bombs?
What is Social Engineering? An illustrated presentation.Pratum
Social engineering relies profoundly on human interaction and often involves the misleading of employees into violating their organization’s security procedures. Humans are naturally helpful, but when it comes to protecting an organization’s security, being helpful to an outsider can do more harm than good.
These slides discuss social engineering, the most common attack methods, and the best means for defending against a social engineering attack.
For more helpful cyber security blog articles, visit www.integritysrc.com/blog.
in this presentation we have discussed about different methodology in password cracking. Password bruteforce, social engineering attack , phishing attack, windows login cracking, web login cracking, application password cracking, Gmail password and facebook password extracting
Most of us are really fond of mobile and web applications in our day-to-day lives. It should be secure enough to handle security attacks. Here web application security principles are focused and how the basic concepts of access control techniques are supportable for the applications is discussed.
What is the meaning of the term logic bomb? What are the features and examples of logic bomb malware? Finally, how to protect yourself from logic bombs?
What is Social Engineering? An illustrated presentation.Pratum
Social engineering relies profoundly on human interaction and often involves the misleading of employees into violating their organization’s security procedures. Humans are naturally helpful, but when it comes to protecting an organization’s security, being helpful to an outsider can do more harm than good.
These slides discuss social engineering, the most common attack methods, and the best means for defending against a social engineering attack.
For more helpful cyber security blog articles, visit www.integritysrc.com/blog.
in this presentation we have discussed about different methodology in password cracking. Password bruteforce, social engineering attack , phishing attack, windows login cracking, web login cracking, application password cracking, Gmail password and facebook password extracting
Panama Papers( leaks) ? The Biggest Financial leaks in History.Arslan Haider
What Panama papers,Mosack fonseca ,Offshore companies,Tax havens ,Effect on pakistan,Effect on international economy and mosack fonseca reaction on panamapapers.
View this webcast to learn how you can accelerate your security transformation from traditional SIEM to a unified platform for incident detection, investigation and advanced security analysis. Understand why organizations are moving to a true big data security platform where compliance is a byproduct of security, not the other way around. More via
http://bcove.me/d2e9wpd2
Panama Papers - The Biggest Financial Leak in HistoryStinson
Heard about the Panama Paper leak but don't know what it is? Check out our quick summary for a run down of what's been going on.
Sources:
https://panamapapers.icij.org/blog/20160403-new-icij-investigation-exposes-rogue-offshore-industry.html
http://think-squad.com/post/142244482771/what-are-the-panama-papers-a-guide-to-the-biggest
http://nicaise.co.vu/post/142225824946
http://micdotcom.tumblr.com/post/142254284927/the-panama-papers-reveal-just-how-badly-the-1-is
http://mic.com/articles/139733/panama-papers-data-leak-these-are-the-11-biggest-politicians-named utm_source=policymicTBLR&utm_medium=main&utm_campaign=social#.c0eKdGslQ
https://news.vice.com/article/the-panama-papers-massive-leak-reveals-the-global-elites-secret-cash-havens
https://www.youtube.com/watch?v=F6XnH_OnpO0
Running head Assignment 1 Identifying Potential Malicious Attack.docxsusanschei
Running head: Assignment 1: Identifying Potential Malicious Attacks, Threats and Vulnerabilities1
Identifying Potential Malicious Attacks, Threats and Vulnerabilities3
Assignment 1: Identifying Potential Malicious Attacks, Threats, and Vulnerabilities
LaRonda McKay
Strayer University
Professor Robert Whale
CIS333 Fundamentals of Networking Security Systems
January 28, 2017
Identifying Potential Malicious Attacks, Threats, and Vulnerabilities.
The company is not alone in its dependence upon networking technology, which is essential to remaining competitive in today's video game software marketplace. The connectivity introduced by networking and computer technologies also introduces an enormous number of vulnerabilities that can compromise the confidentiality, integrity, and availability of the company's information. However, for each vulnerability there are countermeasures that can be implemented to would be intruders. Following are a series of vulnerability examples and countermeasure solutions that should be implemented by the company to avoid data loss and an information security incident.Existing Network Vulnerabilities
Wireless WPS Vulnerabilities
WPA2 is the most current version of standard based wireless network security to protect data confidentiality as it is transported over the wireless network. WPA2 includes major changes that address the shortcomings of both WPA and WEP. WPA2 includes the use of mandatory AES encryption, no longer supporting RC4 and TKIP. WPA2 also addresses most of the security issues that have been uncovered in WPA so that wireless networks protected with WPA2 can be considered as much more secure. However, as with all security measures, flaws are usually found and WPA2 is no different. Like WPA, the WPA2 implementation provides support for a feature called WPS or Wi-Fi Protected Setup, which is included to ease the setup and configuration of wireless network devices by leveraging a device specific pin number for use in automatically configuring pass-phrases between the AP unit and wireless clients, (Fitzpatrick, 2013). Unfortunately, this feature has a critical flaw that, with time (up to 10 hours are required), using software such as the free for download “Reaver” tool, penetration of a WPA2 protected wireless network is trivial. Hence, if implementing a WPA2 protected wireless network, make sure that all wireless network AP units are capable of disabling the WPS feature prior to deployment, (Fitzpatrick, 2013).
Wireless Network Confidentiality Vulnerabilities
Wireless network hackers use sniffer programs that contain additional, special “hacking” features designed to simplify the process of wireless network penetration. For example, the Airsnort wireless network sniffer is used by wireless hackers to sniff (capture) wireless network packets, collect those packets used in authentication exchange between an AP and its client devices. And then crack the pass ...
Cyber Warfare is the current single greatest emerging threat to National Security. Network security has become an essential component of any computer network. As computer networks and systems become ever more fundamental to modern society, concerns about security has become increasingly important. There are a multitude of different applications open source and proprietary available for the protection +-system administrator, to decide on the most suitable format for their purpose requires knowledge of the available safety measures, their features and how they affect the quality of service, as well as the kind of data they will be allowing through un flagged. A majority of methods currently used to ensure the quality of a networks service are signature based. From this information, and details on the specifics of popular applications and their implementation methods, we have carried through the ideas, incorporating our own opinions, to formulate suggestions on how this could be done on a general level. The main objective was to design and develop an Intrusion Detection System. While the minor objectives were to; Design a port scanner to determine potential threats and mitigation techniques to withstand these attacks. Implement the system on a host and Run and test the designed IDS. In this project we set out to develop a Honey Pot IDS System. It would make it easy to listen on a range of ports and emulate a network protocol to track and identify any individuals trying to connect to your system. This IDS will use the following design approaches: Event correlation, Log analysis, Alerting, and policy enforcement. Intrusion Detection Systems (IDSs) attempt to identify unauthorized use, misuse, and abuse of computer systems. In response to the growth in the use and development of IDSs, we have developed a methodology for testing IDSs. The methodology consists of techniques from the field of software testing which we have adapted for the specific purpose of testing IDSs. In this paper, we identify a set of general IDS performance objectives which is the basis for the methodology. We present the details of the methodology, including strategies for test-case selection and specific testing procedures. We include quantitative results from testing experiments on the Network Security Monitor (NSM), an IDS developed at UC Davis. We present an overview of the software platform that we have used to create user-simulation scripts for testing experiments. The platform consists of the UNIX tool expect and enhancements that we have developed, including mechanisms for concurrent scripts and a record-and-replay feature. We also provide background information on intrusions and IDSs to motivate our work.
Cyber Security Department
Graduation Project (407422)
Project Title Here ….
Submitted By:
Student Name
Student ID
Name 1
Id1
Term:
Date:
33 | Page
Table of Contents
1.Introduction5
2.Problem Statement5
3.Background5
4.Requirements and specification5
4.1.UserGroups5
4.2.Functional Requirements6
4.3.Non-Functional Requirements (NFRs)7
5.System Design10
5.1.
Solution
Concept10
5.2.Proposed System Architecture11
5.2.1Alternative 111
5.2.2Aternative 211
5.2.3etc11
5.2.4Production and Staging Environments13
5.3.Component Design13
5.3.1Hardware Components13
5.3.2Software Components13
5.3.2.1User Interface – Web client13
5.3.2.2.UseCaseDescription13
5.3.2.3.Back-End Database14
4.4.Design Evaluation15
6.Implementation16
6.1System Implemented Architecture16
6.1.1.Tier Two – Application Server and Web-Server16
6.1.1.1.The Web-Server16
<<if needed>>16
6.2Access Levels16
6.3System Services or Functionalities16
7.Testing, Analysis and Evaluation17
7.1Testing Methodology17
7.2System Analysis and Evaluation17
7.3Test Execution and Test Results17
7.3.1Integration Testing17
7.3.2Functional Testing17
7.4Examples on testing18
7.4.1Check password Strength18
<< this might be an example of testing password strength>>18
8.Issues, Engineering Tools and Standards18
8.1.Issues18
8.2.Engineering Tools and Standards18
9.Teamwork18
10.Conclusion20
10.1.Conclusion20
10.2.Future Work20
Appendix A: Test Plan21
Appendix B: Progress Report-Teamwork22
Appendix C- Attachments and Source Code24
References25
29 | Page
List of Figures
Figure 5 Use-Case Diagram12
Figure 7 High Level Implementation Architecture15
Figure 14 Security Domains Access Levels15
List of Tables
Table 1 User Groups5
Table 2 Non Functional Requirements7
Table 3 System Use Case Description12
Table 4 Comparing On-Cloud and On-Site Options14
Table 7 Team responsiblites, Contributions, and expertise18
1. Introduction
Systems and workstations that are running Microsoft Windows but have not been patched against the vulnerability that is known as "Eternal Blue" are susceptible to having their data stolen if the vulnerability has not been patched. A vulnerability is a fault in a computer system that, when exploited, could compromise the device's or system's level of security (Ding, et al., 2019). After the security flaw has been exploited, the hacker will be able to steal information, which will result in a data breach. The SMBv01 protocol that is utilized by Windows systems is the target of the vulnerability known as Eternal Blue.
Techniques such as heap spraying and buffers overrun are utilized throughout the attack in order to gain access to systems and devices that are powered by Windows operating systems. Notably, this vulnerability was exploited in the WannaCry ransomware attack that occurred in 2017, which encrypted the files of victims and demanded a ransom in order to decrypt the information. After it was initially launched, the attack would quickly spread to other systems, delivering co ...
Advanced Threats in the Enterprise: Finding an Evil in the HaystackEMC
This white paper describes the current advanced threat landscape, shortcomings of anti-virus, and how RSA ECAT fills the gap and helps organizations detect advanced malware.
Include at least 250 words in your posting and at least 250 words inmaribethy2y
Include at least 250 words in your posting and at least 250 words in your reply. Indicate at least one source or reference in your original post. Please see syllabus for details on submission requirements.
Module 1 Discussion Question
Search "scholar.google.com" for a company, school, or person that has been the target of a network
or system intrusion? What information was targeted? Was the attack successful? If so, what changes
were made to ensure that this vulnerability was controlled? If not, what mechanisms were in-place to protect against the intrusion.
Reply-1(Shravan)
Introduction:
Interruption location frameworks (IDSs) are programming or equipment frameworks that robotize the way toward observing the occasions happening in a PC framework or system, examining them for indications of security issues. As system assaults have expanded in number and seriousness in the course of recent years, interruption recognition frameworks have turned into an essential expansion to the security foundation of generally associations. This direction archive is planned as a preliminary in interruption recognition, created for the individuals who need to comprehend what security objectives interruption location components serve, how to choose and design interruption discovery frameworks for their particular framework and system situations, how to deal with the yield of interruption identification frameworks, and how to incorporate interruption recognition capacities with whatever remains of the authoritative security foundation. References to other data sources are likewise accommodated the peruse who requires particular or more point by point guidance on particular interruption identification issues.
In the most recent years there has been an expanding enthusiasm for the security of process control and SCADA frameworks. Moreover, ongoing PC assaults, for example, the Stunt worm, host appeared there are gatherings with the inspiration and assets to viably assault control frameworks.
While past work has proposed new security components for control frameworks, few of them have investigated new and in a general sense distinctive research issues for anchoring control frameworks when contrasted with anchoring conventional data innovation (IT) frameworks. Specifically, the complexity of new malware assaulting control frameworks - malware including zero-days assaults, rootkits made for control frameworks, and programming marked by confided in declaration specialists - has demonstrated that it is exceptionally hard to avert and identify these assaults dependent on IT framework data.
In this paper we demonstrate how, by joining information of the physical framework under control, we can distinguish PC assaults that change the conduct of the focused on control framework. By utilizing information of the physical framework we can center around the last goal of the assault, and not on the specific instruments of how vulnerabilities are misused, and how ...
Catch Me If You Can - Finding APTs in your networkDefCamp
Adrian Tudor & Leo Neagu in Bucharest, Romania on November 8-9th 2018 at DefCamp #9.
The videos and other presentations can be found on https://def.camp/archive
Exploring the Social Engineering Toolkit (Set) Using Backtrack 5R3IJERA Editor
Linux Operating System is being reverenced by many professionals because of its versatile nature. As many network security professionals ,particularly those of ethical hackers use linux in an extensive way, did we ever observe how and why the number of hackers were enhancing day to day. Not only professionals ,every one are unleashing their hacking potentials with the help of Backtrack5R3 operating system which is a comprehensive tool kit for security auditing. This paper emphasizes on the so called SET (Social Engineering Toolkit).In a pen-testing scenario, alongside uncovering vulnerabilities in the hardware and software systems and exploiting them ,the most effective of all is penetrating the human mind to extract the desire information. Such devious technics are known as social engineering ,and computer based software tools to facilitate this form the basis of Social Engineering Toolkit
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingMuhammad FAHAD
The “cyber kill chain” is a sequence of stages required for an
attacker to successfully infiltrate a network and exfiltrate data
from it. Each stage demonstrates a specific goal along the attacker’s
path. Designing your monitoring and response plan around the cyber kill chain model is an effective method because it focuses on
how actual attacks happen.
Final Project – Incident Response Exercise SAMPLE.docxlmelaine
Final Project – Incident Response Exercise
SAMPLE
1. Contact Information for the Incident Reporter and Handler
– Mruga Patel
– Cyber Incident Response Team Lead
– Organizational Information - Sifers-Grayson Corporation (Blue Team), Information Technology Department
– [email protected]
– 410-923-9221
– Location - 100 Fairway Ave, Suite 101, Catonsville, MD 21228
2. Incident Details
– The attack occurred during off-hours at 22:00 EST. Incident was discovered when the system became unusable due to high volume traffic from an unauthorized IP Address. The incident ended at approximately 22:45 EST.
– Catonsville, MD
– Attack has ended
– The attack occurred from an IP address of 11.125.22.198 with no host name. The cause of the incident has yet to be determined.
– The attack was discovered when the system became unusable due to high levels of latency. It was detected using logging information from a server from the Task Manager.
– The system remains unaffected. Only data was stolen from our company. The server which was extracted from the Employee server. IP address- 192.168.1.0, hotname SifersHouston.com.
– N/A
– The system resumed to normal function after attacked occurred.
– Data stolen was from the server containing employee information.
– Network was turned off once attack was discovered. The system logged all necessary information for forensic evidence.
– N/A
3. Cause of Incident was from an unsecured network which was uses to steal company information.
4. The cost of the incident has yet to be determined. PII stolen has no calculated price. However, estimated person hours are about 200. It would cost around $100 per hour for IT staff to perform “clean-up” activities. As of now it would cost around $20,000.00.
5. The impact of the incident is significant. The necessary measures to combat this problem has yet to be determined.
6. General Comments- Our network poses a lot of security risks. Going forward, we need to implement certain security measures from further incidents from taking place.
Background
The Sifers-Grayson company has hired an outside organization to penetrate our network and report on vulnerabilities found within the network. Upon penetration testing and weeks of trying to exploit our system, the red team (testing team) has been successful. Holding a government contract, the Department of Defense (DoD) requires additional security requirements for the R&D and SCADA lab operations. Both of which hold classified and secret information and happen to be where the red team was able to exploit.
The company is now required to use the NIST publications for protection controlled unclassified information in Nonfederal information systems and organizations. Failure to comply can result in fines and even contract termination. The (DFARS) Defense Federal Acquisition Regulations also outlines the safeguarding of Cyber Security Incident Reporting. Fortunately, identifying these risks before hacke ...
System hacking is the way hackers get access to individual computers on a network. ... This course explains the main methods of system hacking—password cracking, privilege escalation, spyware installation, and keylogging—and the countermeasures IT security professionals can take to fight these attacks.
1. 1
Kunal Sharma IST-323: Case Study – RSA Phishing and APT Attack
IST-323
In the modern-day business world that integrates computer networks into their operations
more than ever before, attackers can use various methods to gain access to information systems.
RSA Security LLC, an American computer and network security corporation, has many
databases that require optimum network security, including cryptography libraries and the
employees’ user SecurID tokens. In 2011, these tokens acted as a two-factor authentication
method for employees, by requiring users to enter a “secret code number displayed on a key fob,
or in software” (Zetter), in addition to their username and password. This number was
cryptographically generated and changed every 30 seconds, adding an extra layer of security.
However, each token had a serial number on it to make it unique, and if an attacker were able to
compromise the system, they could obtain the individual user information(Zetter). These
network aspects can introduce various liabilities (especially when they rely on the defenses of
supplemental end-user software like Adobe Flash [“RSA FraudAction Research Labs”] when
employees are browsing the internet on one of the network clients), and the RSA network did
suffer a successful attack by remote hackers on March 3rd, 2011.
The attackers used phishing to gain end-user pertinent information, then proceeded to hack
into the RSA network using an APT attack. In an APT attack, a group of hackers are a threat due
to the resources at their disposal and their persistence to get what they want. They have
techniques to gather information about their target, and have an objective as to how they want to
compromise their target and subsequently extract the information they want. The first step the
attackers took when approaching this was to gather any publicly available information about
specific employees, such as e-mail addresses and social media sites, so they could set up a social
engineering manipulation technique. Once they had gathered the e-mails of 4 workers that
2. 2
weren’t particularly high-profile at the RSA’s parent company EMC (Zetter), the attackers sent
them two [target-based content] spear phishing e-mails that read “2011 Recruitment plan” in the
subject line and appeared to come from a “web master” at a job-seeking site called Beyond.com
(Zetter). The email was able to coerce one of the employees to access it from the junk mail and
open the Excel spreadsheet attachment titled, “2011 Recruitment plan.xls”. This spreadsheet
contained a new platform of a zero-day attack (a bug in an application is found by the attacker,
and the vendor of that software has not implemented the necessary patches to fix it), which was a
technique called a “hybrid document exploit”, and Microsoft Office security patches were not
able to protect the system against it. (Pan and Tsai) The document can be embedded in an object
of another application, and the end user would not be aware of the underlying threat within what
appears to be a simple e-mail. However, because individual applications are sandboxed, the
attacker had to gain remote access to the client. The exploit was a two-step attack that used the
Flash vulnerability on the end-user application (on the Authplay.dll component) and repacked it
into the document exploit. Then, a control-flow hijack allowed the hacker to enter arbitrary code
into the memory. Now, why would the attackers use Excel as the document exploit as opposed to
a PDF file or a webpage? This was due to the Data Execution Prevention (DEP) security feature
for operating systems. Usually, DEP would only allow codes to run if those codes were already
instilled into the software, but with the Flash bug, the hacker was able to make arbitrary code
that appeared as logically instilled code to the DEP. Due to the Flash bug, the code did not
appear as excess data area execution instructions (Pan and Tsai).
Now that the hacker had gained privileges to enter codes, they proceeded to set up a
backdoor. This allowed them to install a remote access tool (RAT) known as Poison Ivy, and
then to set it up in reverse-connect mode, so they could obtain commands from the server of that
3. 3
client. With the RAT installed in this fashion, the attacker was more difficult to detect than if it
wasn’t installed that way. Then, the hacker started to move laterally through the network,
searching for users with more access and higher administrative privileges. By not diagnosing the
threat immediately, the RSA network allowed the hacker to indulge in this shoulder surfing
activity for sufficient enough time to map the network and locate a high-end user. By using
privilege escalation, the attacker was able to gain access to the accounts of server administrators.
Then, they moved data from the servers of interest to internal staging servers, where the data was
collected, compressed, and encrypted for extraction. The hackers then used FTP to transfer
password-protected RAR files (including the key data which was the roughly 40 million user
SecurID tokens) to an external, compromised host server, and extracted the files from there to
avoid any traces of the attack. All of these actions were not recognized as external by the
network security system because of the remote high-end privileges the attackers had gained
(“RSA FraudAction Research Labs”). Finally, the information the attackers obtained was
suspected to have been used to launch an attack on Lockheed Martin, a US Defense contracting
corporation that was a vital customer of the RSA. However, the company had a strong security
system that used its accounting prowess to detect abnormal activity within the intranet. The
company then launched its “Cyber Kill Chain” framework that “barricaded” any attempts to
access data within the network (Higgins). “The same day that Lockheed Martin detected the
attack, all remote access for employees was disabled, and the company told all telecommuters to
work from company offices for at least a week” (Higgins). Later on that week, the company
informed all remote workers that they'd receive new RSA SecurID tokens and told all workers to
reset their network passwords. As this specific attack attempt indicates, companies must protect
4. 4
their information systems and minimize risk, because otherwise serious valuable data can be
extracted for malicious use (Kemshall).
As for the main portion of the entire attack sequence, which was the infiltration into the RSA
network, the first step of response taken was by Adobe; the Flash player company released a
patch for the zero-day that prevented any injection of malware (Keiser). The RSA then re-issued
free SecurID tokens to all of its customers and proceeded to harden its security software. Then,
the RSA took its most important action that was influenced by the APT attack. It launched its
Advanced Cyber Defense (ACD) Services, which has incident response and breach readiness
services designed to rapidly assist an organization during an incident or breach, as well as
implement new preventative measures to minimize the risk of a successful attack (“EMC Press
Release”). Finally, a test was conducted for the most advanced attack, a new side-channel
attack”, on the RSA (Finke, Gebhardt, Schindler) The probability was only 10-15 percent.
5. 5
BIBLIOGRAPHY
Pan, Ming-Chieh and Tsai, Sung-Ting. (August 2011). Weapons of Targeted Attack.
Blackhat Presentation. Retrievedfrom: https://media.blackhat.com/bh-us
11/Tsai/BH_US_11_TsaiPan_Weapons_Targeted_Attack_Slides.pdf
Kemshall, Andy. (22 May 2012). Analyzing the RSA Security Breach. Tmcnet.com.
Retrieved from: http://www.tmcnet.com/voip/departments/articles/291353-analyzing-rsa-
security-breach.htm
Zetter, Kim. (26 August 2011). Researchers Uncover RSA Phishing Attack, Hiding In Plain
Sight. Wired. Retrieved from: http://www.wired.com/threatlevel/2011/08/how-rsa-got-hacked/
Anatomy of an Attack. (1 April 2011). RSA Fraudaction ResearchLabs Blog Post.
Retrieved from: https://blogs.rsa.com/anatomy-of-an-attack/(2/10/14)
Keiser, Gregg. (14 March 2011). Hackers exploit Flash zero-day, Adobe confirms.
Computerworld.com. Retrievedfrom:
http://www.computerworld.com/s/article/9214521/Hackers_exploit_Flash_zero_day_Adobe_con
firms
Higgins, Kelly Jackson. (12, February 2013). How Lockheed Martin’s ‘Kill Chain’ Stopped
SecurID Attack. Darkreading.com. RetrievedFrom: http://www.darkreading.com/attacks-
breaches/how-lockheed-martins-kill-chain-stopped/240148399
RSA Lauches Incident Response and Breach Readiness Services to Help Customers Turn
the Tide on Advanced Threats.(19 September 2012). EMC Press Release. Retrievedfrom:
http://www.emc.com/about/news/press/2012/20120919-01.htm
Thomas Finke, Max Gebhardt, Werner Schindler. (1 September 2009). A New Side-
Channel Attack on RSA Prime Generation. Iacr.org. Retrievedfrom:
http://www.iacr.org/archive/ches2009/57470141/57470141.pdf