David’s Take: Okta CSO interview | Inside Security - October, 17th 2017

Inside Security (Oct 17th, 2017)

Infineon/RSA encryption key flaw, learning about PowerShell exploits, DHS to require DMARC, OnePlus phones divulge private data


New blank template
###CAMPAIGN:PREVIEW### ###PIXEL:IMG###
Subscribe | View in browser

David’s Take: Okta CSO interview

I spent some time with the CSO for Okta, Yassir Abousselham. He has worked for E&Y and Google before coming to Okta, and has a lot to say about threat hunting, being more comprehensive in your security assessments, and designing in multiple security layers of protection in your networks. He recommends looking at security tools that can help automate various processes, to ensure that they are done properly, such as automated patching and automated application testing. Given Okta’s role in providing SSO solutions, he was surprised to see that it isn’t universally deployed. You can find my interview here.

-- David Strom, Editor of Inside Security


Top Story: Infineon RSA key flaw

An encryption code library developed by Infineon has been generating weak and demonstrably hackable keys for more than five years, according to researchers. They will present a paper at the next ACM meeting describing the flaw, and hopefully by then vendors can fix the code involved. It has to do with factoring prime numbers and has wide-ranging consequences, including  compromising national ID cards and the Trusted Platform module found in many desktop computers. Most Yubico keys aren't affected.  – ARS


Beginner’s corner: Learning about PowerShell exploits

Why do attackers love using PowerShell? Because it's native to many versions of Windows, provides full access to WMI and .Net Framework and can execute malicious code in memory thereby evading many AV tools, not to mention that it lacks logging features. If you aren’t yet familiar with hunting down PowerShell exploits yet, this post will help. – ANOTHER FORENSICS BLOG


Methods and tools

Speaking of PowerShell, here is a script that can help you discover privileged and shadow admin accounts. Called ACLight, it queries Active Directory and then analyzes the account permissions. – KITPLOIT BLOG


Not cool: OnePlus collecting customer data on the sly

If you are using a phone from OnePlus, you might want to find another phone. Apparently, it collects all sort of private data on your usage, including what WiFi networks you connect to and other details. A researcher discovered this behavior, and the company has promised that it will provide a fix. However, it will still continue to collect this information, regardless of its customers’ wishes. Ironically, its motto is “Never settle.” -- TECHCRUNCH


Attacks

A new Adobe Flash exploit called BlackOasis has been observed in the wild by researchers. It is delivered via an infected decoy Office document (shown here) and ultimately drops the FinSpy payload. Adobe issued a patch. It hasn’t hit many targets, but shares code with another exploit found by FireEye last month. -- SECURELIST


Here is one reporter’s list of the top 12 social media-based attacks of recent memory, including LinkedIn/Vevo, the curious case of Mia Ash, Twitter Counter and Hammertoss. -- ZEROFOX


Microsoft’s secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group variously called Morpho, Butterfly or Wild Neutron. This happened more than four years ago, according to five former employees who were interviewed by Reuters. The flaws were quickly fixed, but information from the database could have used in other exploits. -- REUTERS


The Docket

The Department of Homeland Security will require all federal agencies to adopt DMARC standards to improve their security profiles. The plan was announced this week at a NYC briefing. – SC MAGAZINE


Just for fun

If you are a fan of pictures of industrial control rooms from the bygone cold war era, this site has a bunch of them, such as the one here. – PRESENT AND CORRECT BLOG


How likely are you to recommend Inside Security to a friend or colleague?

          


Copyright © Inside.com, All rights reserved.

Our mailing address is:
Inside.com
767 Bryant St. #203
San Francisco, CA 94107



Did someone forward this email to you? Head over to inside.com to get your very own free subscription!

You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.

Subscribe to Inside Security

MORE NEWSLETTERS

Tracking trends, news, and analysis around cryptocurrencies

Inside Cryptocurrency

Tracking trends, news, and analysis around cryptocurrencies

Latest issue

DAILY
Tracking trends, news, and analysis around cryptocurrencies

Inside Cryptocurrency

DAILY

SUBSCRIBED!

Share via

News, updates, reviews and analysis of industry and consumer trends in the world of streaming

Inside Streaming

News, updates, reviews and analysis of industry and consumer trends in the world of streaming

Latest issue

DAILY
News, updates, reviews and analysis of industry and consumer trends in the world of streaming

Inside Streaming

DAILY

SUBSCRIBED!

Share via

A thoughtful roundup of news and links for developers

Inside Dev

A thoughtful roundup of news and links for developers

Latest issue

DAILY
A thoughtful roundup of news and links for developers

Inside Dev

DAILY

SUBSCRIBED!

Share via

Electric vehicles, self-driving automobiles, smart cars and the people making it happen

Inside Electric Vehicles

Electric vehicles, self-driving automobiles, smart cars and the people making it happen

Latest issue

DAILY
Electric vehicles, self-driving automobiles, smart cars and the people making it happen

Inside Electric Vehicles

DAILY

SUBSCRIBED!

Share via