Every WiFi connection at risk of new “KRACK” WiFi hacking attack

The first new WiFi security vulnerability to be found in 14 years is real a doozey!  

 

The WPA2 encryption protocol which is widely used to secure WiFi traffic is at risk from multiple vulnerabilities, collectively known as “KRACK Attacks”, or Key Reinstallation AttACKs, that were publicly disclosed on October 16, 2017. Every single WiFi connection currently in use is potentially at risk of being hacked security researchers disclosed in a recently released research paper.  These vulnerabilities effect both WiFi Access Points or Routers as well as WiFi enabled devices such as Phones, Laptops, Cameras and any devices connected to and communicating over a WiFi network.

The attacks, which cannot be carried out remotely, allow a malicious individual to replace, or reinstall, one of the security keys used to encrypt the communications on a WiFi network with a key of the attacker’s choosing.  This allows an attacker to gain access to otherwise encrypted data.  This could allow them to view your passwords, credit card numbers, photos and snoop on all traffic sent over the WiFi network.  If your home or business uses a single network for Wired and Wireless communication, as most off-the-shelf routers do, this could even include communications to wired devices as well.  While the attack is not technically easy to complete for all devices, tools are likely to be made available shortly that will allow less technically savvy people to carry out the attack.

As of this time, the only way to fix this flaw would be to manually replace or patch every WiFi device in existence currently, no small feat.  Given that the publication of these vulnerabilities has been withheld, a fix is likely already in the works — or already completed — from major device vendors, but this will only affect those devices that are currently receiving software updates.  Older, abandoned devices, will likely remain vulnerable to these attacks.

Full details on the attacks with P.O.C. demonstrations and further news are available on the following website:

 

KRACK Attacks: Breaking WPA2

Massive data breach leaves nearly 1/2 of all Americans vulnerable to identity theft

From the OMG, this is scary department:

Equifax has just announced that a massive data breach in July of 2017 has left nearly 1/2 of all Americans vulnerable to identity theft.  On Thursday, the company disclosed that a data breach it discovered on July 29 may have impacted as many as 143 million consumers in the United States. Equifax is one of the three main organizations in the US that calculates credit scores, so it has access to an extraordinary amount of personal and financial data for virtually every American adult. The company says that hackers accessed data between mid-May and July through a vulnerability in a web application. Attackers got their hands on names, Social Security numbers, birth dates, addresses, some driver’s license numbers, and about 209,000 credit card numbers. 182,000 “dispute documents,” essentially complaint submissions that include personal identifying data, were also compromised in the breach.

Equifax is offering a website – www.equifaxsecurity2017.com – where you can check if you are one of the 143 million people who may have had their personal information compromised.  Equifax is also offering a year of free credit monitoring and identity theft protection on that site that you can (and should) sign up for if your personal information has been compromised in the breach.  You might consider paying for additional protection after the first year is over as it’s likely that attackers may have better luck abusing your leaked data once the free year of identity theft protection has expired.

Read more below

Spotted in the Wild: Fake Facebook messages spreading malicious content

There is a new malware campaign on the rise which has recently been spotted spreading via Facebook private messages.  While the idea behind the campaign is not new, using instant messaging to spread links to malware hosting web pages, the length to which the malware authors have gone to target their victims is not something we typically see in a fly-by-night malware campaign.

The links in the message take you to a Google Docs document page.  The document has already taken a picture from the victim’s Facebook page and created a dynamic landing page which looks like a playable movie. When the victim clicks on the fake playable movie, the malware redirects them to a set of websites which enumerate their browser, operating system and other vital information. Depending on their operating system they are directed to other websites.

It has been a while since I saw these adware campaigns using Facebook, and its pretty unique that it also uses Google Docs, with customized landing pages. As far as I can see no actual malware (Trojans, exploits) are being downloaded but the people behind this are most likely making a lot of money in ads and getting access to a lot of Facebook accounts.

Please make sure that you don’t click on these links, and please update your antivirus!

 

Read more on this threat below: