Cortana – Let’s Start Hacking!

Cortana –  Let’s Start Hacking!

If you’ve ever witnessed the breadth of friendly Alexa hijinks going on in the world you could predict that hackers exploiting voice command vulnerabilities would just be a matter of time.

Well, that time is now. Voice hacking is a real and growing threat according to a mounting body of evidence.

Open Sesame

Yesterday afternoon (8/8/18) attendees at Blackhat.com in Las Vegas were treated to a presentation by a group of Israeli students and researchers who revealed what they are calling the “Open Sesame” vulnerability of Cortana.

According to the session overview…

In this presentation, we will reveal the “Open Sesame” vulnerability, a much more powerful vulnerability in Cortana that allows attackers to take over a locked Windows machine and execute arbitrary code. Exploiting the “Open Sesame” vulnerability attackers can view the contents of sensitive files (text and media), browse arbitrary web sites, download and execute arbitrary executables from the Internet, and under some circumstances gain elevated privileges. To make matters even worse, exploiting the vulnerability does not involve ANY external code, nor shady system calls, hence making code focused defenses such as Antivirus, Anti-malware and IPS blind to the attack.

Hackers Never Sleep

As technology continues to integrate into every aspect of our lives we can expect new and different vulnerabilities to emerge. Unfortunately, the hacking and cyber-criminal community never sleeps when it comes to identifying and exploiting these vulnerabilities for their profit at your expense.

Konsultek Stands Vigil

That’s where Konsultek comes in. Our custom security solutions are based upon the most advanced architectures and tools available and stand guard 24x7x365 to keep your networks and information secure. If you are looking for a security partner that is constantly innovating and keeping ahead of the curve please give us a call. Konsultek – your vigilant security partner.

If you’re interested in a complimentary Executive Risk Assessment, just pick up the phone and give us a call to schedule your first step towards greater security.

You’ll understand where your most important digital assets are, what the impact and likelihood of an incident is, and how to protect those assets. Why wouldn’t you want to know something about your business you didn’t know for free!

ForeScout and Splunk Team Up to Tame IoT Wild West

On January 5th, 2017 ForeScout announced its new Splunk integration for faster response.

ForeScout whose CounterACT® technology powers Konsultek’s KNACMAN Managed service has rapidly evolved into one of the top IoT security firms in the world. ForeScout’s CounterACT is the preeminent solution for endpoint verification and the integration with Splunk Enterprise and Splunk ES takes it to a whole new level.

Taming the IoT

The number of “Things” integrating into the Internet is expanding at a geometric rate. Printers, rounters, medical devices, automobiles, refrigerators… the list is nearly endless. This also means that the number of potentially untracked and unguarded entry points for cybercriminals is growing at an exponential rate and that is why this integration is so powerful.

The ForeScout-Splunk integration “enables customers to leverage high-value, up-to-date context for all IP-connected devices from ForeScout for incident correlation and prioritization.”

“ForeScout scans these connected devices in real time, sends the detailed device context to Splunk solutions for analysis and correlation, and quickly isolates non-compliant, infected and suspicious devices. Splunk ES users can then automate actions via ForeScout to respond to attacks for threat mitigation. This integration was developed in conjunction with Splunk’s Adaptive Response Initiative, a best-of-breed security collective that leverages end-to-end context and automated response to help organizations better combat advanced attacks through a unified defense.”

The Advantages to the End User

Customers gain improved correlation and incident prioritization based on ForeScout data such as:

  • Real-time and continuous inventory of IP-connected devices on the network—from traditional PCs, servers and mobile devices to Bring Your Own Devices (BYOD) and IoT;
  • Device profiling and classification information;
  • Device security posture and compliance gaps, and
  • Network authentication, access and location information.

Customers can initiate closed loop remediation and threat mitigation leveraging Adaptive Response in Splunk ES and ForeScout actions to:

  • Enable Splunk software to delegate alert mitigation actions in real-time;
  • Take network actions to quarantine, isolate or limit access of IP-connected devices;
  • Initiate remediation and threat mitigation actions on a broader range of devices, and
  • Orchestrate a set of actions across multiple products in response to alerts from Splunk solutions.

 

Want to Learn More?

Thought so! We’ll be holding a Tech Tuesday webinar to spotlight this integration in the next few weeks. In the meantime, feel free to call us to discuss how this integration and what it can mean to your organization.

 

© Copyright 2018 Konsultek