http://www.darkreading.com/security/perimeter-security/231001898/enemy-at-the-loading-dock-defending-your-enterprise-from-threats-in-the-supply-chain.html By Robert Lemos Contributing Writer Dark Reading July 15, 2011 In mid-May, Lockheed Martin notified law enforcement and government authorities that one of its systems had been breached. The defense contractor later confirmed that attackers used information stolen from RSA, Lockheed's security technology provider, to gain access to Lockheed's system. RSA wasn't the only third party involved. The attackers first compromised the systems of an unnamed contractor with which Lockheed works and that had access to Lockheed systems, according to The New York Times. Then they used information obtained from the RSA breach--data on RSA's SecurID one-time password technology--to enter Lockheed's network via the compromised contractor's systems. Like Lockheed, which declined to comment on the RSA incident, many businesses are tying themselves closer together with contractors, partners, cloud service providers, and other third parties, giving attackers new entry points to those businesses' networks and data. Attackers aren't just on the prowl for vulnerable servers; they're also hunting for vulnerable contractors and suppliers. And their victims often know little about the security arrangements of those suppliers. [...] ___________________________________________________________ Attend Black Hat USA 2011, hosted at Caesars Palace in Las Vegas, Nevada July 30-Aug 4, offering over 60 training sessions and 9 tracks of Briefings from security industry elite. To sign up visit: http://www.blackhat.comReceived on Mon Jul 18 2011 - 00:36:04 PDT
This archive was generated by hypermail 2.2.0 : Mon Jul 18 2011 - 00:37:51 PDT