RSA compromise: Impacts on SecurID
On March 17, 2011, RSA announced that a cyberattack that they attributed to an ?Advanced Persistent Threat? resulted in the compromise and disclosure of information ?specifically related to RSA?s...
View ArticleCertificate Authorities for SSL/TLS: Crypto’s weak link
In the wake of Comodo?s announcement of a compromised [1] affiliate Registration Authority (RA) and their subsequent issuance of fraudulent certificates [2], the information security community has...
View ArticleImperva SecureSphere XSS and the nature of security-product vulnerabilities
Earlier today, Imperva publicly announced a vulnerability in their flagship SecureSphere WAF (Web Application Firewall). This issue was discovered by Sean Talbot of Dell SecureWorks and disclosed in a...
View ArticleRecent events cause re-assessment of SecurID integrity
On March 18, 2011, we blogged about a breach at RSA regarding the disclosure of unspecified sensitive materials related to SecurID. At the time, little information was made available as to the extent...
View ArticleTransitive trust and SSL certificate verification
On April 11, 2011, the Dell SecureWorks Counter Threat Unit (CTU) posted a blog entry titled 'Certificate Authorities for SSL/TLS: Crypto's weak link', which discussed some of the strains of the...
View ArticleU.S. Government Websites Abused in Ongoing Spam Campaign
The Dell SecureWorks Counter Threat Unit? (CTU) research team has become aware of an ongoing spam campaign abusing various .gov web properties to lure recipients to a home business scam. As part of the...
View ArticleSQL Slammer – 10 years later
Think back for a moment to 2003. You may recall the tragic Space Shuttle Columbia disaster, the creation of the Department of Homeland Security, or the growing hostilities in Iraq leading to Operation...
View Article
