WPA2
A security researcher went public with a serious flaw in the security protocol WPA2. Key Reinstallation Attacks work against all modern protected wi-fi networks. To read more: https://www.theregister.co.uk/2017/10/16/wpa2_krack_attack_security_wifi_wireless/
We Heart It
The image-sharing site is informing users that their personal data may have been compromised. The security breach involved over 8 million accounts and while the passwords were encrypted they were not secure. To read more: https://techcrunch.com/2017/10/16/we-heart-it-says-a-data-breach-affected-over-8-million-accounts-included-emails-and-passwords/
Microsoft vulnerability database
Microsoft detected the breach back in 2013 but it has now come to light that the hackers also compromised the database used to track patches. The database was protected by a single password. To read more: https://www.grahamcluley.com/microsoft-bug-tracking-hack/
Eltima
Eltima Software announced that the latest versions of its Elmedia Player app came with OSX.Proton malware. The software was injected into downloads of the application. Proton malware is a remote-control Trojan that targets Apple’s MacOS. To read more: https://www.theregister.co.uk/2017/10/20/mac_os_reinstall_eltima_elmedia_malware/
Advanced Linux Sound Architecture
The bug, CVE-2017–15265, is due to a memory error in the ALSA sequencer interface. An attacker could exploit the vulnerability by running a crafted application on a targeted system. To read more: https://www.theregister.co.uk/2017/10/15/advanced_linux_sound_architecture_vulnerable_to_privilege_escalation/
Adobe
Adobe issued an emergency patch for Flash. The flaw, CVE-2017–11292, affects all current version of Flash for Windows, macOS, Linux and Chrome OS. The flaw allows malicious Flash files to corrupt the plugin’s internal memory structures and gain remote code execution. To read more: https://www.theregister.co.uk/2017/10/16/adobe_flash_emergency_patch/
RSA encryption
Flawed chipsets used by PCs to generate RSA encryption keys have a known vulnerability. Researchers revealed the flaw in cryptographic smartcards, security tokens, chipset and secure hardware manufactured by Infineon Technologies. To read more: http://www.zdnet.com/article/as-devastating-as-krack-new-vulnerability-undermines-rsa-encryption-keys/
SSH Keys
SSH private keys are being targeted by hackers who are scanning for them on servers hosting WordPress websites. Researchers observed a single entity scanning 25,000 systems a day seeking vulnerable keys. To read more: https://threatpost.com/hackers-take-aim-at-ssh-keys-in-new-attacks/128537/
Minecraft apps
Malicious Minecraft Android apps have been uncovered in the Google Play store. Eight apps were infected with the Sockbot malware, with an install base of 600,000 to 2.6 million devices. To read more: http://www.zdnet.com/article/android-minecraft-app-malware-enslaves-your-device-to-botnets/
Sign up below and receive weekly breach reports directly in your inbox.