Security News
A new vulnerability, which may have affected over one billion Wi-Fi-capable devices before patches were released, could have allowed hackers to obtain sensitive information from wireless communications, cybersecurity firm ESET revealed on Wednesday. Dubbed Kr00k and tracked as CVE-2019-15126, the vulnerability caused devices to use an all-zero encryption key to encrypt part of a user's communications, allowing an attacker to decrypt some wireless network packets transmitted by affected devices.
Cybersecurity researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress-apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets. First, Learn What Kr00k Attack Doesn't Allow: Before proceeding to details of the new Kr00k attack, it's important to note that:The vulnerability does not reside in the Wi-Fi encryption protocol; instead, it exists in the way vulnerable chips implemented the encryption,.
Zyxel Communications, a leading provider of secure broadband networking, Internet access and connected home products, announced its family of solutions for service providers based upon IEEE 802.11ax, the latest Wi-Fi specifications standard. The new WiFi 6 solutions will enable service providers to provide subscribers with multi-gig WAN connectivity to the home through fiber, 5G and GFast networks.
Eclypsium said on Monday that, despite years of warnings from experts - and examples of rare in-the-wild attacks, such as the NSA's hard drive implant - devices continue to accept unsigned firmware. The infosec biz said a miscreant able to alter the firmware on a system - such as by intercepting or vandalizing firmware downloads, or meddling with a device using malware or as a rogue user - can do so to insert backdoors and spyware undetected, due to the lack of cryptographic checks and validations of the low-level software.
Eclypsium said on Monday that, despite years of warnings from experts - and examples of rare in-the-wild attacks, such as the NSA's hard drive implant - devices continue to accept unsigned firmware. The infosec biz said a miscreant able to alter the firmware on a system - such as by intercepting or vandalizing firmware downloads, or meddling with a device using malware or as a rogue user - can do so to insert backdoors and spyware undetected, due to the lack of cryptographic checks and validations of the low-level software.
Obviously, these romance scams work obviously, but you know, whenever I see these types of messages in my Twitter inbox or even just on Facebook, because I see them a lot on social media. It's social engineering at its finest and I you know, never ceases to amaze me actually how good cyber criminals are sort of taking the pulse of what's going on out thereAnd definitely things like Valentine's Day where you know, people are going to be feeling a little vulnerable maybe or, or maybe they're you know, elated because they're in a new relationship or something and they're not paying as much attention as they should be.
Emotet, the notorious trojan behind a number of botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already infected devices to identify new victims that are connected to nearby Wi-Fi networks. According to researchers at Binary Defense, the newly discovered Emotet sample leverages a "Wi-Fi spreader" module to scan Wi-Fi networks, and then attempts to infect devices that are connected to them.
Emotet, the notorious trojan behind a number of botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already infected devices to identify new victims that are connected to nearby Wi-Fi networks. According to researchers at Binary Defense, the newly discovered Emotet sample leverages a "Wi-Fi spreader" module to scan Wi-Fi networks, and then attempts to infect devices that are connected to them.
The developers of the Emotet Trojan have created a new way to spread it to more victims, security firm Binary Defense reports. Attackers are using unsecured WiFi networks as a way to deliver the malware to more devices.
A new variant of the notorious Emotet Windows malware is able to spread wirelessly by brute-forcing Wi-Fi network passwords and scanning for shared drives to infect. "Previously thought to only spread through malspam and infected networks, Emotet can use this loader-type to spread through nearby wireless networks if the networks use insecure passwords."