The story of this week is about the Krack vulnerability which was discovered by security researchers and potentially impacting almost every Wi-Fi enabled device.
Here are some of the other cyber security stories of the week that you’ll find in this weekly roundup:
1. Adobe Patches Flash Zero Day Exploited by Black Oasis APT
Adobe released a Flash Player update addressing a zero-day vulnerability that has been exploited by a little-known Middle Eastern APT group, Black Oasis. This vulnerability, CVE-2017-11292, was initially discovered by researchers at Kaspersky Lab, who saw the payload and exploit used against a customer’s network.
2. Almost Half of Non-IT and Data Pros Don’t Understand Blockchain
According to a recent survey, more than 40 per cent of non-IT/data senior executives admit to not fully understanding blockchain technology, while over half of businesses sampled are planning blockchain initiatives.
3. KRACK Vulnerability: What You Need To Know
Earlier this week, security researchers announced a newly discovered vulnerability called KRACK, which affects several common security protocols for Wi-Fi, including WPA (Wireless Protected Access) and WPA2. It’s a critical vulnerability that it potentially affects billions of devices, many of which are hard to patch and will remain vulnerable for a long time.
4. ATM Malware Available Online for Only $5,000
Researchers have discovered malware crafted to compromise ATMs available for sale on the Dark Web at a high price. Anyone can buy such malware for only $5000 through darknet markets.
5. US-CERT Study Predicts Machine Learning, Transport Systems to Become Security Risks
The Carnegie-Mellon University’s Software Engineering Institute has nominated transport systems, machine learning, and smart robots as needing better cyber-security risk and threat analysis. This is part of the Emerging Technology Domains Risk Survey, a project it has handled for the US Department of Homeland Security’s US-CERT since 2015.
6. Oracle Fixes 20 Remotely Exploitable Java SE Vulns
In its patch availability announcement, Oracle released security patches to their systems for another 252 vulnerabilities across products including Oracle Database Server and Java SE.
7. Millions Download Botnet-Building Malware From Google Play
Researchers have discovered a new batch of malicious apps on Google Play, some of which have been downloaded and installed on some 2.6 million devices.
8.Questions About the Massive South African “Master Deeds” Data Breach Answered
The cyber security expert, Troy Hunt, discovered 27GB file called “masterdeeds.sql” which was a MySQL database backup files containing a wide range of sensitive information about South African citizens such as: ID numbers, personal income, age, employment history, company directorships, occupation, employer and other personal data. Troy explains on his blog everything he knows about this massive data breach.
There is a new Locky ransomware strain out there that goes by the .asasin extension and is collecting information on users’ computer operating system and IP address.
10.University of Kansas Student Used Keylogger to Change Grades
University of Kansas was victim of a data breach after an engineering student used a keylogger to change his failing grades to straight A’s, after stealing their login credentials to the grading platform.
Thanks for the security updates