KRACK WiFi Security Vulnerability Allows Attackers to Decrypt WiFi Traffic
Oct17

KRACK WiFi Security Vulnerability Allows Attackers to Decrypt WiFi Traffic

Security researchers at the University of Leuven in Belgium have discovered a WiFi security flaw in WPA2 called KRACK. The KRACK WiFi security vulnerability affects all modern WiFi networks and could be exploited with relative ease. While there have been no known attacks leveraging the vulnerability, it is one of the most serious WiFi flaws discovered to date, with potential to be used to attack millions of users. If the KRACK WiFi security vulnerability is exploited, attackers could decrypt encrypted WiFi traffic and steal login credentials, credit and debit card numbers, or inject malware. Most business and consumer WiFi networks that use Wi-Fi Protected Access 2 (WPA2) are affected KRACK WiFi Security Vulnerability Allows Attackers to Induce Nonce and Session Key Reuse The attack...

Read More
Adobe Patches Actively Exploited Flash Player Flaw Used to Deliver FinSpy Malware
Oct17

Adobe Patches Actively Exploited Flash Player Flaw Used to Deliver FinSpy Malware

Yesterday, Adobe released a new update for Flash Player to address an actively exploited flaw (CVE-2017-11292) that is being used by the hacking group Black Oasis to deliver FinSpy malware. Finspy is not malware as such, it is a legitimate software program developed by the German software company Gamma International. However, its capabilities include many malware-like functions. As the name suggests, FinSpy is surveillance software that is used for espionage. The software has been extensively used by governments and law enforcement agencies to gather intelligence on criminal organizations as well as foreign governments. It would appear that Black Oasis is targeting military and government organizations by leveraging this Adobe zero-day flaw to deliver FinSpy malware. So far, Black Oasis...

Read More
Department of Education Issues Advisory to Hacking and Extortion Threats
Oct16

Department of Education Issues Advisory to Hacking and Extortion Threats

Recently, the hacking group TheDarkOverlord has been targeting K12 schools; gaining access to networks, stealing data and attempting to extort money. In response to the hacking and extortion threats, the U.S. Department of Education has issued an advisory to K12 schools and has provided advice to help educational institutions mitigate risk and protect their networks from attack. The attacks on schools by TheDarkOverlord in recent weeks have seen the threats escalate. Previous attacks have seen organizations threatened with the publication of sensitive data. The latest attacks have included more serious threats, not just against the hacked entity, but also threats to parents of students whose data has been stolen. Some parents have also received threats of violence against their children...

Read More
Most Effective Phishing Emails Revealed
Oct13

Most Effective Phishing Emails Revealed

Phishing is an effective method of obtaining login credentials and installing malware and ransomware, and email is the most common vector used for these scams, but what are the most effective phishing emails? What types of emails are most likely to fool your employees into installing malware or disclosing their login credentials? This week, security awareness training company KnowBe4 has released its Q3 phishing report, detailing the top ten most effective phishing emails – emails that are most likely to result in employees clicking through and revealing their credentials. KnowBe4’s Top Ten List of the Most Effective Phishing Emails For its Q3 report, KnowBe4 included phishing email subject lines that are used in attacks on consumers and businesses.  Listed below are the most effective...

Read More
Why You Should Use a Web Filter to Prevent Employees Accessing Pornography
Oct12

Why You Should Use a Web Filter to Prevent Employees Accessing Pornography

Many companies have realized that acceptable Internet usage policies are insufficient and do not prevent employees accessing pornography at work. While employees can be told that the viewing of pornography at work is unacceptable, and viewing pornography is likely to result in instant dismissal, it does not stop porn from being accessed at work by some individuals. The accessing of pornography in offices and other places of work is commonplace. One survey conducted by Proven Men Ministries in 2014 indicates two thirds of men and one third of women have accessed pornography using their work computers. When employees access pornography at work, it does not just reduce productivity, it can have many negative implications for employers. Further, when anonymizer services such as VPNs are used...

Read More