The story of this week is about the Krack vulnerability which was discovered by security researchers and potentially impacting almost every Wi-Fi enabled device.
Here are some of the other cyber security stories of the week that you’ll find in this weekly roundup:
Adobe released a Flash Player update addressing a zero-day vulnerability that has been exploited by a little-known Middle Eastern APT group, Black Oasis. This vulnerability, CVE-2017-11292, was initially discovered by researchers at Kaspersky Lab, who saw the payload and exploit used against a customer’s network.
According to a recent survey, more than 40 per cent of non-IT/data senior executives admit to not fully understanding blockchain technology, while over half of businesses sampled are planning blockchain initiatives.
Earlier this week, security researchers announced a newly discovered vulnerability called KRACK, which affects several common security protocols for Wi-Fi, including WPA (Wireless Protected Access) and WPA2. It’s a critical vulnerability that it potentially affects billions of devices, many of which are hard to patch and will remain vulnerable for a long time.
Researchers have discovered malware crafted to compromise ATMs available for sale on the Dark Web at a high price. Anyone can buy such malware for only $5000 through darknet markets.
The Carnegie-Mellon University’s Software Engineering Institute has nominated transport systems, machine learning, and smart robots as needing better cyber-security risk and threat analysis. This is part of the Emerging Technology Domains Risk Survey, a project it has handled for the US Department of Homeland Security’s US-CERT since 2015.
In its patch availability announcement, Oracle released security patches to their systems for another 252 vulnerabilities across products including Oracle Database Server and Java SE.
Researchers have discovered a new batch of malicious apps on Google Play, some of which have been downloaded and installed on some 2.6 million devices.
The cyber security expert, Troy Hunt, discovered 27GB file called “masterdeeds.sql” which was a MySQL database backup files containing a wide range of sensitive information about South African citizens such as: ID numbers, personal income, age, employment history, company directorships, occupation, employer and other personal data. Troy explains on his blog everything he knows about this massive data breach.
There is a new Locky ransomware strain out there that goes by the .asasin extension and is collecting information on users’ computer operating system and IP address.
University of Kansas was victim of a data breach after an engineering student used a keylogger to change his failing grades to straight A’s, after stealing their login credentials to the grading platform.