Security News

Router biz Linksys has reset all its customers' Smart Wi-Fi account passwords after cybercrims accessed a bunch and redirected hapless users to COVID-19 themed malware. Hackers with access to Linksys Smart Wi-Fi accounts were changing home routers' DNS server settings.

Guard Dog Solutions, of Salt Lake City, has formally launched the world's first AI-driven solution to preemptively and proactively combat and eliminate public and private Wi-Fi cyber security threats. The majority of "Virtual" working environments accessing VPN from homes are actually dangerous, the company notes, as end points on Wi-Fi systems make it alarmingly easy for hackers to access data through VPNs. As businesses move to support mobile workers, they need to ask their ISPs and MSSPs about Guard Dog Solutions and the Proactive Threat Elimination™ security it brings.

This design blunder can be abused by nearby miscreants to snatch snapshots of private data, such as web requests, messages, and passwords, over the air from devices as they are transmitted, if said data is not securely encrypted using an encapsulating protocol, such as HTTPS, DNS-over-HTTPS, a VPN, and SSH. Crucially, to pull this off, a hacker does not need to be on the same Wi-Fi network as the victim: just within radio range of a vulnerable phone, gateway, laptop, or whatever is being probed. "Among the devices vulnerable to this attack are the ones from Samsung, Apple, Xiaomi and other popular brands," Hexway told The Register.

Aruba, a Hewlett Packard Enterprise company, announced that its full family of high performance indoor Wi-Fi 6 access points - including the Aruba 500 Series, 510 Series, 530 Series and 550 Series APs - have achieved Wi-Fi CERTIFIED 6 certification from the Wi-Fi Alliance, making it the industry's first full family of Wi-Fi 6 indoor APs to be certified based on the Wi-Fi Alliance Wi-Fi 6 testbed of products. The Wi-Fi CERTIFIED 6 certification is designed to distinguish Wi-Fi 6 products and networks that meet the highest standards for security and interoperability to deliver exceptional end user experiences and wireless stability.

Why would anyone want to worry about 146,000,000 database entries relating to free Wi-Fi users connecting to a free Wi-Fi service? The problem with the second sort of 'free' Wi-Fi is that the company that's giving you the 'free' service can only really make money out of it - by which we mean that they can only make you pay for it - if they keep track who you are and what you do when you connect.

The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016. The affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, and Wi-Fi routers from Asus and Huawei, as well as the Raspberry Pi 3.

It looks like Switchzilla is moving swiftly to clear up the Krook bug discovered by ESET. Just hours after the researchers delivered their findings in a report, Cisco gave its own advisory on the Wi-Fi data snooping flaw. Missing C++ update opens security hole in Ubuntu 16.04.

SAN FRANCISCO - A serious vulnerability in Wi-Fi chips has been discovered that affects billions of devices worldwide, according to researchers. According to ESET, "[it] found KrØØk to be one of the possible causes behind the 'reinstallation' of an all-zero encryption key, observed in tests for KRACK attacks.

Kr00k is a vulnerability that causes the network communication of an affected device to be encrypted with an all-zero encryption key. CVE-2019-15126 is particularly dangerous because it has affected over a billion Wi-Fi enabled devices - a conservative estimate.

An eavesdropper doesn't have to be logged into the target device's wireless network to exploit KrØØk. If successful, the miscreant can take repeated snapshots of the device's wireless traffic as if it were on an open and insecure Wi-Fi. These snapshots may contain things like URLs of requested websites, personal information in transit, and so on. When these disassociation packets are received, vulnerable Wi-Fi controllers - made by Broadcom and Cypress, and used in countless computers and gadgets - will overwrite the shared encryption key with the value zero.