Here is a case study of a Phishing attack on the DOE that specializes in internet security. this shows that anyone is venerable.

The SANS Institute said, "The U.S. Department of Energy (DoE) Oak Ridge National Laboratory in Tennessee has shut down email systems and employee Internet access following the discovery of a cyber attack last week. The attack, which some have called an Advanced Persistent Threat (APT).."

"The protective measures were taken after an investigation indicated that the attackers were trying to steal technical data."

"...before it started harvesting and sending data to a remote server. Lab deputy director Thomas Zacharia says that 'one of [the] core competencies at the lab is cyber security research.'"
The breach was initiated because somebody opened their email and clicked that attacked link.
That's it they opened their email and clicked a link?

Who are these guys and why is this important?

RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges, including managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.

How does this type of vulnerability happen? It is in Flash. That's the culprit. However in order to get Flash to run, because it does not run directly in email, it needs to get into your system by human action this is done by getting someone to click on link within the email. This is typically done in a Microsoft Word document or an Excel spreadsheet.

That was the case in the RSA attack. It was an Excel spreadsheet which was opened by a link in the email spoofed to look like it came from HR outlining their benefits. The link was embedded in the Excel file with the Flash exploit. So it's the document that contains the Flash exploit which is executed by either Word or Excel, they being the carriers. So don't open attachments in emails and review the links in your email carefully before clicking them.

This shows that if one of the most secure places on the web can be subject to attack then you have to be careful about how you use the web at work and at home.

If you need to evaluate your security procedures at work please contact Pathway Solutions security at http://itpws.com and http://Aurenav.com

See the open letter by the director: http://www.rsa.com/node.aspx?id=3872