Risk Radar Free Cyber Newsletter – Oct 17, 2017

Cyber Security Newsletter

Emergent threats, trends, and news annotated by some of the most well known and respected experts in the industry.

KRACK Demo: Critical Key Reinstallation Attack Against Widely-used WPA2 Wi-Fi Protocol
A key Wi-Fi protocol called WPA2 has been broken. The attack uses the key re-installation process to get access to the wireless network. The article gives a demo of the attack. Brian Krebs has good article on what you need to know now in regards to the KRACK attack.
Flash 0-day in the wild – patch now!
Adobe has released an out of band patch for flash. If you are still using flash you should update now. This patch is for a flash 0-day in the wild that allows remote code execution. This 0-day works in browsers on Windows, Mac, Linux, and Chrome OS.

Locky Gets Updated to ‘Ykcol’, Part of Rapid-Fire Spam Campaigns
The Locky developers have been busy over the last month. After three Locky code revamps the latest variant (called Ykcol) has been used in a big spam campaign from the Necurs botnet. The ransomware is basically working the same, but it is getting better at avoiding detection. Researchers say that the Locky developers are already working on a new variant.

Yet Another Linux Kernel Privilege-Escalation Bug Discovered
There is another privilege-escalation vulnerability in the Linux kernel. The attack does need to be done locally. The attack will allow local code execution. A computer in an enterprise network with the proper admin rights could be used to launch this Linux kernel attack.
Oracle Bets on Machine Learning Algorithms to Secure IT Future
Oracle is expecting artificial intelligence and machine learning to be a big part of data security going forward. They are using these capabilities in their upcoming security cloud base services. It will be interesting to see how successful AI and machine learning will be.
The Hotel Room Hacker
A vulnerability to a hotel keycard leads to a big opportunity for a burglar. The article covers the story of this burglar in depth.