News briefs: RSA to replace SecurID tokens, LulzSec goes on rampage»Security giant RSA confirmed that hackers leveraged stolen information about its SecurID two-factor authentication offerings in a recent attack on U.S. defense contractor Lockheed Martin. RSA President Art Coviello said the company would offer other customers the option to replace SecurID tokens in light of the Lockheed breach. Meanwhile, Lockheed said the incident was thwarted and no assets compromised.
»On the heels of a string of successful infiltrations at PBS, Nintendo and Sony Pictures, a vigilante hacker collective, known as LulzSec, compromised the website of the Atlanta chapter of InfraGard, an FBI partner organization. The hacking group, whose tagline is “laughing at your security since 2011,” defaced the site and posted online the names, email addresses, usernames and cracked passwords of the site's 180 members. LulzSec said it targeted InfraGard, a public-private partnership that aims to share information about cyberthreats, in response to a report that the Obama administration was considering classifying hacking as an act of war. LulzSec has promised more attacks against others.»New rogue anti-virus (AV) malware scams targeting the Mac OS X have grown increasingly nefarious, leading to a significant uptick in infections. The malware – dubbed MacDefender, MacSecurity, MacProtector and MacGuard – aims to trick users into providing their credit card numbers to purchase phony AV products. Variants have been spreading since early May through poisoned Google image search results. The latest strains are able to install themselves automatically, without prompting for username and password.
»A bill introduced in the U.S. Senate would update a 25-year-old digital privacy law to require authorities to obtain a court-issued search warrant before retrieving a person's email and other content stored in the cloud. The proposed legislation, introduced by Sen. Patrick Leahy, D-Vt., would amend a 1986 law, the Electronic Communications Privacy Act (ECPA). The newly introduced ECPA Amendments Act requires authorities to obtain a search warrant before obtaining customer information from electronics communications or other providers.
»The Georgia Tech Research Institute (GTRI) is heading a five-year, $10 million U.S. Department of Homeland Security project to investigate cybersecurity methods and how they can benefit government. The program, called Homeland Open Security Technology, is aimed at identifying open-source approaches that can support federal security objectives while saving agencies money. As part of the program, GTRI researchers are reaching out to members of government, industry and academia to learn how such solutions have been successfully implemented and where challenges remain.
»While a vast majority of organizations have policies around mobile device use, risky behaviors are commonplace, according to a report from McAfee and Carnegie Mellon University. The study, which focused on the consumerization of IT and its impact on security, found that there is a “serious disconnect” between policy and reality in the enterprise mobile computing environment. A survey of more than 1,500 mobile device end-users and senior IT decision-makers found that 95 percent of organizations have mobile security policies in place.