Security News

The GoSecure Titan MDR portal delivers a customizable dashboard for GoSecure Titan MDR customers to view all aspects of their MDR service. The GoSecure Titan MDR portal takes this service visibility to unprecedented levels.

Cheeky clothing firm French Connection, also known as FCUK, has become the latest victim of ransomware, with a gang understood to be linked to REvil having penetrated its back-end - making off with a selection of private internal data. Founded in 1972 by current chief executive Stephen Marks, French Connection made a name for itself when it adopted the not-actually-rude-honest slogan "FCUK" in its advertising in the early 2000s.

GoSecure announced the release of the latest update to the GoSecure Titan platform. The Spring update illustrates the continued evolution of the GoSecure Titan platform.

We explain how two French researchers hacked the Google Titan security key product, and dig into the Mimecast certificate compromise story to see what we can all learn from it. WHERE TO FIND THE PODCAST ONLINE. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher, Overcast and anywhere that good podcasts are found.

The cloning works by using a hot air gun and a scalpel to remove the plastic key casing and expose the NXP A700X chip, which acts as a secure element that stores the cryptographic secrets. The exploit allows an attacker to obtain the long-term elliptic curve digital signal algorithm private key designated for a given account.

In July 2018, after many years of using Yubico security key products for two-factor authentication, Google announced that it was entering the market as a competitor with a product of its own, called Google Titan. Security keys of this sort are often known as FIDO keys after the Fast IDentity Online Alliance, which curates the technical specifications of a range of authentication technologies that "[p]romote the development of, use of, and compliance with standards for authentication and device attestation".

Researchers have found a way to clone Google's Titan Security Keys through a side-channel attack, but conducting an attack requires physical access to a device for several hours, as well as technical skills, custom software, and relatively expensive equipment. A new attack method against such devices was described by researchers from NinjaLab, a France-based company that specializes in the security of cryptographic implementations.

The vulnerability allows the bad actor to extract the encryption key or the ECDSA private key linked to a victim's account from a FIDO Universal 2nd Factor device like Google Titan Key or YubiKey, thus completely undermining the 2FA protections. An actor will have first to steal the target's login and password of an account secured by the physical key, then stealthily gain access to Titan Security Key in question, not to mention acquire expensive equipment costing north of $12,000, and have enough expertise to build custom software to extract the key linked to the account.

Security token biz Yubico has a new key out today, its latest-generation two-factor encryption authentication unit, the Yubico 5C NFC, which includes support for PCs and mobile devices using USB-C, as well as a built-in NFC radio. The last model offering USB-C lacked NFC - although it did come with a built-in Lightning plug, effectively covering all the bases of the mobile market.

Bug disclosure service HackerOne was in the rare position of publicizing one of its own security holes this week after a researcher discovered a flaw that was exposing some user email addresses. Tenable says Microsoft won't fix Group Policy bug.