Cyber Security Current Events
WiFi Vulnerability - High-severity vulnerabilities in the Wi-Fi Protected Access II (WPA2) protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points disclosed today.
The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. A website disclosing the vulnerability said it affects the core WPA2 protocol itself and is effective against devices running the Android, Linux, Apple, Windows, and OpenBSD operating systems, as well as MediaTek Linksys, and other types of devices.
Read more about it at: KeyReinstallationAttacks
Android Ransomware - New Android ransomware DoubleLocker encrypts data and changes PINs.
Researchers at security firm ESET spotted this first-ever ransomware misusing Android accessibility services. The ransomware encrypts the data and locks the device by changing the PIN.
Read more about it at: welivesecurity
F-35 Data Stolen - Australian defense firm was hacked and F-35 data stolen, DOD confirms
According to the Australian Cyber Security Centre, a small Australian defense company "with contracting links to national security projects" had been the victim of a cyber-espionage attack detected last November including the ex-filtration of about 30GB of sensitive data .
By easily exploiting an Internet-facing server (due to poor security practices), and using administrative credentials, the attacker was able to easily move laterally within the network. Primary issues from a security practice perspective included a lack of vulnerability patching and use of default device credentials.
Read more about it at: Huffington Post