RSA Breach Blamed on Older Version of Windows

Bank technology

RSA's Data Breach Didn't Scare Banks Away from Its Security Tokens

Months after a phishing attack struck RSA Security's passcode-generating tokens and thus exposed the nation's leading banks to security threats this spring, more than a third of top banks are standing by RSA's product.

By Jeremy Quittner

November 1

Part of the reason RSA Security fell victim to a security breach this year is that it was using an older version of Microsoft Corp.'s Windows, according to a security researcher.

The researcher concluded that RSA, a unit of EMC Corp., used Windows XP because that version of Windows did not automatically switch on a security technology called data execution prevention, Computerworld reported Monday. Later versions of Windows switch on DEP by default.

It is possible that the bug could be modified for later versions of Windows, but the researcher, Rodrigo Branco of Qualys, ruled that out, the article said.

RSA disclosed in March that it had been struck by an attack that affected its security technology, which many banks use to protect internal systems and high-value accounts. RSA offered to replace its customers' security devices, which generate one-time passcodes for connecting to sensitive systems.

Daniel Wolfe

Director, Data Services, Arizent

MORE FROM AMERICAN BANKER

Cryptocurrency

Erebor's charter bid rides wave of fintech-friendly policy

Backed by tech billionaires, the crypto-focused digital startup bank's timely application reflects the current administration's openness to new tech-driven banking models — and raises concerns about regulatory impartiality, considering its backers' political ties.

By Ebrima Santos Sanneh

6h ago
Regulating Crypto

Ripple joins other crypto firms seeking trust bank charters

The application follows on the heels of Circle and Wise, as crypto and payment companies seek crypto custody approval and direct access to the Federal Reserve payment system.

By Penny Crosman

6h ago
Regulation and compliance

NCUA sets high bar for criminal referrals after Trump order

The credit union regulator, responding to a recent executive order, has established strict new standards for prosecuting financial crimes. Regulators are now supposed to make criminal referrals only in cases where putative defendants appear to have known they were breaking the law.

By Nathan Place

7h ago
Fraud

Bank groups encourage Treasury switch to digital payments

Three bank trade associations recommended phasing out paper checks to reduce government payment fraud in a joint statement submitted to the U.S. Treasury.

By Melinda Huspen

8h ago
M&A

Louisiana bank to enter Dallas with its second Texas deal

Baton Rouge-based Investar Holding Corp. has agreed to pay $84 million for Wichita Falls Bancshares, which operates five branches in the Dallas-Fort Worth Metroplex.

By John Reosti

8h ago
Fraud

Judge clears way for Huawei bank fraud trial

A federal judge in New York has rejected Huawei's effort to toss charges alleging bank fraud, sanctions violations and trade secrets theft.

By Carter Pape

9h ago

	About Daniel
twitter	wolfewriter
mailto	daniel.wolfe@arizent.com
linkedin	daniel-wolfe-5947087