[CB16] Security in the IoT World: Analyzing the Security of Mobile Apps for Automobiles by Naohide Waguri

The document discusses Advanced Persistent Threats (APTs). It begins by defining APTs and noting some common misconceptions about them. It then discusses notable APT attacks from 2003 to 2017. Finally, it outlines the typical lifecycle of an APT attack, including preparation such as researching targets, acquiring tools, and testing for detection, as well as the intrusion deployment phase.

Spear phishing attacks target individuals within an organization using personalized emails to trick them into revealing sensitive information or clicking malicious links. One such attack began when a worker clicked a spear phishing link, allowing attackers to access the network. The attackers then used information from the Active Directory to identify databases and steal large amounts of personal information, including social security numbers and birth dates. Organizations need integrated security solutions across email and other vectors to detect and block these advanced targeted attacks involving spear phishing and credentials theft. FireEye Email Security aims to provide more effective protection against these types of email-based cyberattacks.

Security? It's simple. We have Security Team... Security of our environment, application, development it's their security. We follow Best Practices, we implementing their's suggestions (or not...). But maybe today, in June 2018, where GDPR is a fact, we should look a little bit more in details for the security aspects. Well know and less known risks, vulnerability assessments, secure coding, secure testing, Let's discuss: SEC/DEV/OPS/SDLC/OSSTMM/OWASP/ITIL and few other acronyms. Use freely available knowledge and specially prepared environment to check and test our security before we touch out Visual Studio, PowerShell, CLI, Visual Studio Code, or even JSON. Be #SecureByDesign

Deepfake technology has advanced to the point where average users with smartphones can easily generate highly realistic synthetic media without expertise. This raises concerns about non-consensual deepfakes, especially pornographic ones. While some apps aim to prevent abuse through controls, deepfakes remain very difficult to detect as real or fake. There are proposals to expand liability for deepfakes beyond just the perpetrator, but regulating this emerging technology poses technical and ethical challenges.

The document discusses risk-based security testing methodology for web applications. It involves deriving test cases from threat analysis techniques like attack tree analysis and understanding real-world attack vectors. The goal is to simulate real attacker scenarios and test for vulnerabilities, as well as potential abuse of business logic or flaws in the secure architecture. Security testing is integrated into the software development lifecycle to find and fix issues early.

A presentation made in several public events in 2015 about the threats related to the Internet of Things, and how modeling can be used as a way to manage mitigation methods.

Yury Chemerkin is a security expert with 10 years of experience focused on privacy, mobile security, and compliance. He has published many papers on mobile and cloud security and speaks regularly at security conferences. Perspektivny Monitoring is a security research company founded in 2007 that focuses on commercial security monitoring, threat intelligence, software security practices, and security of mobile devices, apps, and networks. The document discusses myths and realities regarding data protection in mobile apps, providing examples of common vulnerabilities like insecure data storage, transmission, and authentication over the years. It also highlights specific apps that had data leaks or protections issues.

The document discusses implementing a comprehensive application security program. It begins with an overview of advanced persistent threats (APTs) and how they systematically target networks over long periods of time to achieve political, economic, technical and military objectives. It then details how the RSA security company was hacked through a targeted email attack and credential theft. The document emphasizes that application vulnerabilities are a major entry point for APTs and stresses the importance of addressing the OWASP Top 10 security risks like injection flaws and cross-site scripting. It argues that without a risk-based approach, traditional penetration testing provides limited business value by focusing only on technical issues.

Webinar: How PCI and PA DSS Will Change Enterprise Applications, given by Ben Rothke CISSP PCI QSA and Sushila Nair, CISSP PCI QSA of BT PS.

Security geniuses say it's one of the most exceedingly awful PC weaknesses they've at any point seen.

A talk from the Work Track at AWE USA 2018 - the World's #1 XR Conference & Expo in Santa Clara, California May 30- June 1, 2018. Tony Hodgson (Brainwaive LLC): Enterprise AR Cyber Security – Breaking Down Barriers to Production Roll-Outs This talk will look at the pioneering work Brainwaive LLC conducted last year building the Enterprise AR Cyber Security Framework and Test Protocol including what’s happened in the industry since last year, and gaps that must still be addressed. http://AugmentedWorldExpo.com

A slide presentation on Cyber Security Covering the latest trends to deal with the increasing number of attacks and .. breaches

Eset has built a substantial installed base in EMEA, particularly in Eastern Europe, and it has a rapidly growing small or midsize business (SMB) presence in North America. Its anti-malware engine is a consistently solid performer in test results. However, it lacks enterprise-grade management capabilities and investments in additional security features such as data protection or security assessments. F-Secure has consistently good malware detection results and supports virtual environments, but has very little brand recognition outside of Europe. Check Point is well-known for network security but has struggled to gain market share in endpoint protection due to its reliance on Kaspersky Lab for signatures and lack of data security features.

ISACA Italy presentation on use of threat modeling for designing countermeasures for on-line payment systems

Agenda: - SDLC vs S-SDLC - Mobile development security process - What tools using for security testing? - How to integrate into existing processes? - What additionally you can do?

Are you looking for a reliable penetration testing solution? Contact iViZ Security that provides on demand penetration testing solution for proactive security risk management. Our penetration tests are comprehensive,reliable to keep a computer system or networks safe from various malicious attacks.

This document provides an overview of a presentation by Marco Morana from OWASP on developing an OWASP Application Security Guide for Chief Information Security Officers (CISOs). The presentation covers the need for such a guide given the evolving roles and responsibilities of CISOs. It outlines the guide's structure and contents to provide CISOs with strategic guidance on application security processes, metrics, and technology selection. A four step project plan is also presented for creating the guide based on input from the security community and CISO surveys.

For quite some time we have been seeing espionage cases reaching countries, governments and large companies. A large number of backdoors were found on network devices, mobile phones and other related devices, having as main cases the ones that were reported by the media, such as: TP-Link, Dlink, Linksys, Samsung and other companies which are internationally renowned. This talk will discuss a backdoor found on the modem / router rtn, equipment that has a big question mark on top of it, because there isn’t a vendor identification and no information about who’s its manufacturer and there are at least 7 companies linked to its production, sales and distribution in the market. Moreover, some of them never really existed. Which lead us to question on the research title: “Who put the backdoor in my modem?” --- Ewerson Guimaraes Degree in Computer Science from Fumec University, Security Analyst and Researcher at Epam Systems. Certified by Offesinve Security(OSCP) and Elearn(WPT) as Pentester, Ewerson has published articles in the Brazilian Information Security/Computers magazines H4ck3r and GEEK, moreover, posted exploits and advisory on SecurityFocus found in big companies like: IBM, McAfee, Skype, Technicolor, Tufin, TrendMicro and others. Contrib to develop some modules to Metasploit Framework Project. Founder of BHack Conference and Area31, the first hackerpsace in Minas Gerais and is an active Kali Linux Community Contributor

OS Xのセキュリティ脆弱性研究はMacのデバイスが人気になるにつれ、より人気が高まっている。OX XのIOKitはユーザモードからの切り替えにおけるカーネル自身およびカーネル拡張の危殆化によりハッカーからの多くの攻撃にさらされている。多くの研究者はこの分野の研究（リファレンスを参照のこと）を進めており、我々は本研究分野の次のいくつかの成果を共有したい。 1. カーネル脆弱性を検出するためのコンテキストエンライトメントによるパッシブファジングフレームワーク 2. SMAP＆SMEPをバイパスするためのユーザモードプログラムからカーネルメモリを占有するためのエクスプロイト技術 3. 本ファジング手法により検出された脆弱性の活用方法とOS Xに対し二度の成功をもたらしたルート詐取のための新たなエクスプロイト手法 我々は次の新たな手法を紹介する。PFACEと呼ばれる、OS X IO Kitに対するコンテキストエンライトメントによるパッシブファジングである。PFACEは次のような特徴を有する。 第一に、条件依存でありシステムクラッシュをもたらすコードの実行および検出を深くまた広く許可する。次に以下が含まれるモジュールを出力する。コンテキスト:脆弱性の疑いに対するインジケーター。インジケーターは最初にモジュールをレビューするための手段としてレビュアーにとって有用であろう。 多くの脆弱性を有する場合、主要な課題はどのようにROPガジェットをユーザモードプログラムからカーネル空間に転送するかである。なぜなら近年のOS XではSMAPおよびSMEPを許可しているためである。高名なセキュリティ研究者であるステファン・エッサーはOSDataはカーネルメモリを占拠する良い構造であると提案している。［リファレンスセクション5］もちろんOSDataは確かによいデータ構造である。しかし、実際にはOSDataが機能しないいくつかの課題が存在する。我々はOSDATAがユーザモードプログラムからカーネルメモリを占拠するよう機能させるための新たな手法を発見し、本手法により、新たな脆弱性の検出およびOS X (10.11.3) のルート詐取に成功している。 実際に我々はCVEにおける多くの脆弱性を発見しており、ファジング効果によるカーネルクラッシュを実現している。また、我々はMac OS X(10.11.3)においていくつかの脆弱性を使って、二つの異なるローカル権限昇格手法を確立している。 --- Moony Li & Jack Tang

The state of VPN protocols is not pretty, with popular options, such as IPsec and OpenVPN, being overwhelmingly complex, with large attack surfaces, using mostly cryptographic designs from the 90s. WireGuard presents a new abuse-resistant and high-performance alternative based on modern cryptography, with a focus on implementation and usability simplicity. It uses a 1-RTT handshake, based on NoiseIK, to provide perfect forward secrecy, identity hiding, and resistance to key-compromise impersonation attacks, among other important security properties, as well as high performance transport using ChaCha20Poly1305. A novel IP-binding cookie MAC mechanism is used to prevent against several forms of common denial-of-service attacks, both against the client and server, improving greatly on those of DTLS and IKEv2. Key distribution is handled out-of-band with extremely short Curve25519 points, which can be passed around in the likes of OpenSSH. Discarding the academic layering perfection of IPsec, WireGuard introduces the idea of a "cryptokey routing table", alongside an extremely simple and fully defined timer-state mechanism, to allow for easy and minimal configuration; WireGuard is actually securely deployable in practical settings. In order to rival the performance of IPsec, WireGuard is implemented inside the Linux kernel, but unlike IPsec, it is implemented in less than 4,000 lines of code, making the implementation manageably auditable. The talk will examine both the cryptography and kernel implementation particulars of WireGuard and explore an offensive attack perspective on network tunnels. --- Jason Donenfeld Jason Donenfeld is an independent security researcher and software developer, with a broad background of experience, well-known in both the security community and the open source world, and has pioneered several exploitation techniques. He has worked with many severe vulnerabilities in widespread software projects, including working on 0-day vulnerabilities in the Linux kernel, as well as extensive hardware reverse engineering. His security work spans advanced mathematical and geometric algorithms, cryptography, and remote exploitation. Jason founded Edge Security (www.edgesecurity.com), a highly capable security consulting firm, with expertise in vulnerability discovery, security assessments, reverse engineering, hardened development, and physical security.

この講演では、難解なWebアプリケーションの脆弱性を詳しく見せる。これらの脆弱性は多くのセキュリティ・コンサルタントの簡易な脆弱性診断では見逃される可能性があり、リモートコード実行、認証バイパスや、実際にお金を支払うことなくPayPal経由でお店の商品を購入されてしまうことに繋がる。 SQLインジェクションは廃れたが、私は気にしない。null、nil、NULLの世界や、noSQLインジェクション、通話音声傍受に繋がるHostヘッダ・インジェクション、PayPalの二重支払い、RailsのMessage Verifierのリモートコード実行の世界を探検しようではないか。 --- アンドレス・リアンチョ Andres Riancho アンドレス・リアンチョはアプリケーション・セキュリティの専門家であり、現在はコミュニティを前提としたオープン・ソースのw3afプロジェクトを率いていて、世界中の企業に徹底的なWebアプリケーション侵入テストサービスを提供している。 研究の分野では、3comやISSからのIPS装置に対し重大な脆弱性を発見していて、元雇用者のひとりが行ったSAP研究に貢献し、何百ものWebアプリケーションに対して脆弱性を報告している。 彼が注力しているものは常に、Webアプリケーションのセキュリティ分野である。それは彼が開発したw3afであり、侵入テスターやセキュリティ・コンサルタントたちに幅広く使われるWebアプリケーション攻撃、Auditフレームワークだ。アンドレスは、BlackHat（米国と欧州）、SEC-T（スウェーデン）、DeepSec（オーストリア）、OWASP World C0n（米国）、CanSecWest（カナダ）、PacSecWest（日本）、T2（フィンランド）、Ekoparty（ブエノスアイレス）など、世界中の多くのセキュリティ会議において講演をし、トレーニングの場を設けてきた。 アンドレスは、自動Webアプリケーション脆弱性の検知と開発を更に研究するため、2009年にWebセキュリティに特化したコンサルタント会社Bonsai Information Securityを設立している。

私達はかなり長い間、スパイ行為が国や政府、大企業にまで及んでいたことを見てきた。ネットワーク機器、電話、その他関連機器に数多くのバックドアが見つかり、メディアによって事件として報道された。 この講演では、大きな疑問となっている、モデム／ルーターのRTN、機器に見つかったバックドアについて説明する。その理由は、ベンダー情報がなく、だれが製造メーカーなのかといった情報もないというのに、市場での製造、販売、流通に少なくとも7企業が関わっていたからだ。しかも、その一部は全く現存していなかった。 これが、研究課題につながる質問へと私達を導いた：「私のモデムに誰がバックドアを仕掛けたのか?」 --- エワーソン・ギマラインス Ewerson Guimaraes Fumec大学でコンピューター・サイエンスの学位を取得したセキュリティ・アナリストであり、Epam Systemsの研究者でもある。脆弱性診断士として、Offensive Security（OSCP）、Elearn（WPT）から認定されており、ブラジルの情報セキュリティ／コンピューター雑誌「H4ck3r」と「GEEK」に論文が掲載されている。その上、IBM、McAfee、Skype、Technicolor、Tufin、TrendMicroなどといった大企業にて見つかった脆弱性や勧告を、SecurityFocusに投稿した。Metasploitフレームワーク・プロジェクトへのモジュールの開発に貢献。ミナスジェライス州最初のハッカープレース、BHackカンファレンスやArea31の設立者であり、現役のKali Linuxコミュニティコントリビューターである。

Based on one decade of impactful security research and several years as a risk manager, Karsten Nohl reflects upon what he would have done differently in pushing a data security agenda. Our community is convinced that stellar IT security is paramount for companies large and small: We need security for system availability, for brand reputation, to prevent fraud, and to keep data private. But is more security always better? Poorly chosen protection measures can have large externalities on the productivity, innovation capacity, and even happiness of organizations. Can too much security be worse than too little security? This talk investigates the trade-off between security and innovation along several examples of current security research. It finds that some hacking research is counter-productive in bringing the most security to most people, by spreading fear too widely. --- Karsten Nohl Karsten Nohl has spoken widely on security gaps since 2006. He and co-investigators have uncovered flaws in mobile communication, payment, and other widely-used infrastructures. In his work at an Asian 4G and digital services provider, and as Chief Scientist at Security Research Labs in Berlin, a risk management think tank specializing in emerging IT threats, Karsten challenges security assumptions in proprietary systems and is fascinated by the security-innovation trade-off. Hailing from the Rhineland, he studied electrical engineering in Heidelberg and earned a doctorate in 2008 from the University of Virginia.

10 年にわたる精力的なセキュリティ研究と、数年にわたるリスク管理者としての経験を通じて、カールステン・ノールは情報セキュリティに関する議論を進める中で、もっといい結果が残せたのではないかと考えるようになった。 世間では、非の打ち所のない IT セキュリティ対策を講じることが、企業の規模に依らずその企業にとって最も重要なものであると確信されている。我々はシステムの可用性やブランドに対する高評価を確保するため、詐欺行為を回避するため、そして情報の機密性を保持するためにセキュリティを必要としている。 浅はかな考えで採用された防御策は、生産性、イノベーションの可能性、そして組織の幸福度にすら、それぞれ大きな外部性を持つ。行き過ぎたセキュリティ対策は、不充分なセキュリティ対策よりも悪いものなのだろうか？ 今回の講演では、現代のセキュリティの研究での様々な実例を通じて、セキュリティとイノベーションの間に発生するドレードオフの関係について取り扱う。講演では、いくつかのハッキングの研究は、多くの人に最善にセキュリティを提供することによって、および、脅威を広く広め過ぎることによって、非生産的であることへの気づきを提供する。 --- カールステン・ノールKarsten Nohl カールステン・ノールは 2006 年からセキュリティレベルの格差について幅広く講演している。彼は共同研究者と共に、モバイル通信や支払いに利用されるような世間で幅広く使用されている情報基盤における欠陥を発見してきた。アジアの 4G とデジタルサービスのプロバイダ、ベルリンの Security Research Labs の主任研究員、新たな IT 脅威の分析に特化したリスクマネジメントのシンクタンクにおける業務を通じて、カールステンは顧客の独自システムのセキュリティ評価に取り組み、セキュリティとイノベーションの間で発生するトレードオフの関係に強い興味を抱くようになった。ラインラントからあまり遠くないハイデルベルグで電気工学を学び、2008 年にヴァージニア大学で博士号を修めた。

End-user’s requirements for secure IT products are continually increased in environment that are affected directly to human life and industry such as IoT, CPS. Because vendors and end-user sell or buy products based on trustworthy or objective security evaluation results, security evaluation roles are important. Security Evaluations are divided to two parts, one is evaluation on design level such as ISO/IEC 29128(Verification of Cryptographic Protocols) and another one is post-implementation level such as ISO/IEC 15408(Common Criteria). These security evaluation standards, both ISO/IEC 29128 and ISO/IEC 15408, advise to use formal verification and automated tools when high assurance level of target products is required. For a long time, vulnerability detection using automated tools have been tried and studied by many security researchers and hackers. And recently, the study related to automated vulnerability detection are now more active than ever in hacking community with DARPA’s CGC(Cyber Grand Challenge). But, too many tools are developed continually and usually each tool has their own purpose to use, so it’s hard to achieve ultimate goal of security evaluation effectively and verify evaluation results. Furthermore, there are no references for categorizing about automated tools on perspective of security evaluations. So, in this presentation we will list up, categorize and analyze all of automated tools for vulnerability detection and introduce our result such as pros and cons, purpose, effectiveness, etc. -- InHyuk Seo My name is Inhyuk Seo(Nick: inhack). I graduated B.S. in Computer Science and Engineering at Hanyang University(ERICA) in 2015. Now I’m a researcher and M.S. of SANE(Security Analaysis aNd Evaluation) Lab at Korea University. I’m interested in Programming Language, Software Testing, Machine Learning, Artificial Intelligence. In 2012, I completed high-quality information security education course “the Best of the Best(BoB)” hosted by KITRI(Korea Information Technology Research Institute) and conducted “Exploit Decoder for Obfuscated Javascript” Project. I participated in many projects related with vulnerability analysis. I conducted “Smart TV Vulnerability Analysis and Security Evaluation” and “Developing Mobile Security Solution(EAL4) for Military Environment ”. Also, I participated in vulnerability analysis project for IoT products of various domestic tele-communications. -- Jisoo Park Jisoo Park graduated with Dongguk University B.S in Computer science engineering. He participated in secure coding research project in Programming Language Lab and KISA(Korea Internet & Security Agency). He worked as a software QA tester at anti-virus company Ahnlab. He also completed high-quality information security education course “Best of the Best” hosted by KITRI(Korea Information Technology Research Institute) and conducted security consulting for Car sharing service company. Now, Jisoo Park is a

This document summarizes security research presented at the Black Hat USA 2015 conference. Several talks demonstrated remote attacks against vehicles, including exploiting vulnerabilities in Chrysler Jeeps and Tesla Model S vehicles. Other research targeted IoT devices, like hacking a Linux-powered rifle and exploiting vulnerabilities in ZigBee wireless protocols. Additional briefings covered mobile and malware attacks, like exploiting the TrustZone security architecture on Android and using return-oriented programming for antivirus evasion. The document provides high-level overviews and comments on many of the featured talks from Black Hat USA 2015 and related conferences.

The slides provide a quick overview of the IoT Security trend. The slides provide summary information, a list of trends to watch and links to additional resources

According to the Linux Foundation’s 2017 Open Source Jobs Report, 89% of hiring managers are finding it difficult to find talent with open source expertise. Black Duck technical evangelist Tim Mackey explores how good containers go bad in a freewheeling interview with Linux.com. IOactive and UBTech Robotics face off on “killer robot” claims and the UK Department for Transport and the Alliance for Telecommunications Industry Solutions issue connected car cybersecurity proposals. All this and more cybersecurity and open source security news in this week’s edition of Open Source Insight.

Outline • About Black Hat USA • Featured Research – Vehicle Security – IoT Security • Conclusions • References

We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both IoT and AI and a webinar on the 2018 Open Source Rookies of the Year. Open Source Insight is your weekly news resource for open source security and cybersecurity news!

•Automobile security is hot topic in many conferences. •Cyber security measures are essential for the automobile. •We summarize the following topics based on the above background. –Presentations at the conferences other than Black Hat USA 2015 and DEF CON 23. –Introduction of vulnerability assessment methods of automobile security by CVSS v3.

The document discusses emerging threats to web applications and strategies for testing applications to identify vulnerabilities. It finds that nearly half of all vulnerabilities are in web applications, with cross-site scripting and SQL injection being most common. Many vulnerabilities have no patches available yet. New attack types like client-side vulnerabilities are also emerging. The document advocates integrating security testing into the development process to help developers write more secure code and find issues early.

apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare July 28 & 29, 2021 Playing with FHIR without getting burned David Stewart, CEO at Approov

Mobile adoption is strategic in every industry today. Although it can be a great catalyst for growth, the security risks that come with it cannot be overlooked. Even though this fact is established, many companies are still not following some of the mobile application security best practices. The goal of this is to raise awareness about application security by identifying some of the most critical risks facing organizations during development. We will be covering from basic OWASP top 10 security issues to live demos on different use-case scenarios on how a hacker can hack your application, and how to prevent them.

apidays LIVE Singapore 2021 - Digitisation, Connected Services and Embedded Finance April 21 & 22, 2021 Why verifying user identity Is not enough In 2021 David Stewart, CEO of Approov

The document discusses the threats posed by the growing Internet of Things (IoT), noting that IoT devices are vulnerable to life-threatening hacking, as illustrated by examples of medical devices, cars, and industrial systems being hacked. It warns that the majority of IoT devices have vulnerabilities that could be exploited by criminals, and stresses the importance of implementing security controls like firewalls, encryption, access controls and regular security updates to protect IoT devices and prevent threats to confidentiality, integrity and availability. It recommends conducting regular risk assessments, penetration testing and security training to help secure organizations' IoT environments.

A wide spectrum of cybersecurity and open source security news in this week’s Open Source Insight, including the need for hospitals to ramp up their cybersecurity efforts; the need to include open source security in any plan to secure medical devices; a major data breach at Italian bank Unicredit; two Black Duck executives share their views on open source security in video interviews; and why the automotive industry many be close to an iPhone moment.

The document describes a proposed system called "MobiSecure" that would identify and define security threats from illegitimate installed applications on Android devices. It aims to scan a device's memory for applications downloaded from unknown sources that could enable cyberattacks. The system would detect such applications, inform the user, and allow deleting the application to mitigate risks. It has modules for scanning devices, displaying results with threat descriptions, and removing flagged applications. The system architecture is designed to identify malware-containing applications installed without user knowledge to help decrease cyber threats.

Enable best-of-breed security testing for enterprise, web and mobile applications • Facilitate application security testing for your customers at the appropriate stage of their development lifecycle • Identify security vulnerabilities such as SQL injection and cross-site scripting (XSS) • Automate correlation of static, dynamic and interactive application security testing results • Deliver detailed reporting to your customers that summarise security vulnerabilities, assesses potential risk and offers remediation tactics