Hyundai Uses Example Keys for Encryption System

Read Time:40 Second

This is a dumb crypto mistake I had not previously encountered:

A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicle’s manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples.

[…]

“Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]”.

[…]

Luck held out, in a way. “Greenluigi1” found within the firmware image the RSA public key used by the updater, and searched online for a portion of that key. The search results pointed to a common public key that shows up in online tutorials like “RSA Encryption & Decryption Example with OpenSSL in C.

Read More

Identity management difficulties continue to plague IT departments

Read Time:30 Second

A survey released Monday by Gartner and identity management vendor Radiant Logic indicates that most companies are suffering from complicated credential and identity issues, but few are taking steps to address it.

The issue, according to Radiant Logic, is what it calls “identity sprawl”—businesses require identification and credentialling for an increasingly large number of systems these days, meaning that a given user might have one login for the HR system, another for one set of shared assets on the company network, another still for an official Microsoft account, and so on.

To read this article in full, please click here

Read More

AT&T and Lookout expand partnership with launch of Lookout AlienApp

Read Time:3 Minute, 23 Second

This blog was written by an independent guest blogger.

In order to secure data and protect against threats like ransomware, it’s critical to take a unified approach to endpoint security. To help security teams achieve this. Lookout and AT&T are expanding their partnership with the introduction of the Lookout AlienApp, which complements existing endpoint protection integrations in the USM Anywhere platform and helps to make the concept of true unified endpoint protection a reality.

The Lookout AlienApp expands on the USM Anywhere platform’s ability to integrate log events and alerts from best-in-class partners such as SentinelOne – extending those same capabilities available via a single pane of glass to protect employees’ mobile devices.

As remote work is now the norm for a large percentage of the workforce, visibility into threat activity targeting mobile devices and the insight it provides into an organization’s overall threat posture cannot be overstated.

Over half of all work-related activities are performed via mobile devices, yet these devices continue to be a major gap in many organizations’ security architecture. Cyberattacks rarely occur in a single event and typically involve more than just the traditional endpoints (laptops, desktops, servers). Yet most enterprises only utilize security tools specifically designed to protect desktops and laptops.

Gartner estimates that roughly 30% of enterprises currently deploy some form of mobile threat defense (MTD). Contributing to this oversight, some companies confuse the deployment of mobile device management (MDM) platforms (e.g., Workspace ONE, MaaS360, etc.) with mobile security, even though MDM tools cannot detect most application, network, or content-based threats. Therefore, the need to integrate MTD into the incident response toolset should be seen as complementary to device management and deemed table stakes for a comprehensive security posture. 

As evidence, when indicators of compromise (IOCs) are detected on traditional endpoints, those same threats often include elements that specifically target mobile devices. Due to their smaller form factors and the nature in which users blend their interactions between business and personal use, mobile devices are exponentially more susceptible to phishing and social engineering attacks.

In fact, sophisticated phishing attacks now attempt to obfuscate detection by traditional endpoint security tools. The relative lack of investment in mobile security tools and the increasing dependence on mobile devices has led to many bad actors directing their focus to mobile since it makes for a much softer target.

By checking the form factor and/or OS, these attacks can present mobile users with malicious websites while also directing users on traditional endpoints to the proper destination. Bad actors will then attempt to harvest the credentials of the mobile users accessing the malicious site, or they will install malware to initiate an attack. These bad actors need only a single access point to gain entry and start to move laterally through a network. To protect their data, organizations need to fill the mobile gap in their security posture.

To do this, they need access to the telemetry across all their endpoints, not just their servers and laptops. That data must also be treated as critical to their overall incident response capabilities.

Telemetry from mobile-specific attacks, such as phishing attacks, remote jailbreaks, and man-in-the-middle attacks can be correlated with the existing intelligence within USM Anywhere and subsequently remediated.

Lookout is a leader in endpoint and cloud security solutions. The advanced machine intelligence in the Lookout security platform leverages the Lookout Security Graph, which contains behavioral analysis of telemetry data from over 205 million devices and 170 million apps. The Graph continuously analyzes over four million URLs every day and automatically detects threats including “zero day” attacks. Using this telemetry, Lookout researchers have exposed some of the most sophisticated mobile threats ever found, such as Pegasus, Dark Caracal, Monokle, the iOS 14.3 Vulnerability, Corona Live, and Goontact. In fact, the Lookout research team has been responsible for uncovering over 90% of all mobile threats over the past five years and is trusted by some of the world’s largest enterprises and government agencies.

Read More

7 critical steps for successful security onboarding

Read Time:40 Second

Jerich Beason, CISO, Commercial Bank at Capital One, equates the Great Resignation with the great onboarding.

“If you are a cyber leader, you are likely onboarding new talent this year. My experience is that the first week onboard sets the tone for that person’s tenure,” he writes in an online post. “Don’t take this opportunity lightly. You only have one chance to make a first impression.”

[ Learn 8 pitfalls that undermine security program success and 12 tips for effectively presenting cybersecurity to the board. | Sign up for CSO newsletters. ]

He says critical tasks to handle during onboarding include providing an overview of the security vision, mission, and core values as well as walking new employees through the security strategy and roadmap.

To read this article in full, please click here

Read More

6 best practices for blue team success

Read Time:32 Second

Cybersecurity team conversations these days can feel like a rainbow, with mentions of red, blue and even purple teams. While each team has its unique perspective and tasking, the blue team is trusted with arguably the most critical mission of all: protecting organizations from cybersecurity threats and vulnerabilities.

To do this, the blue team must be aware of the organization’s business/mission needs, relevant threats, digital footprint, and the associated vulnerabilities. From there, the team can bolster the security posture of the organizations by implementing security controls and mitigations to address the most pressing threats and vulnerabilities.

To read this article in full, please click here

Read More