On August 4, 2018, a new exploit to the previously released KRACK vulnerability within WPA/WPA2-PSK (Pre-Shared Key), was announced. This exploit allows for an attacker to obtain the PSK used for encryption within a wireless network.
Update: Tuesday, July 31
In early 2018, the Spectre/Meltdown CPU Hardware Vulnerabilities were discovered that affect a very large population of computers, if not properly patched. Although, to date, no exploitation is known to have occurred, we strongly recommend that these vulnerabilities be fully addressed.
Cisco Talos researchers announced this past week that Russian hackers were able to amass a collection of over 500,000 malware-infected consumer-grade routers. Dubbed the VPNFilter, this malware could have a significant impact on the operability of routers around the world by shutting down networks, blocking traffic, or collecting mass amounts of user information. There is also the potential to use all of the compromised devices in a single attack against a strategic target.
On Wednesday, May 9, it was announced that a significant vulnerability known as "BaseStriker" was discovered in Microsoft Office 365 (O365) email "Exchange Online." This applies to other email security solutions and not just O365. The vulnerability will allow a specifically crafted link in a phishing email to get through undetected. Normally, O365 will scan inbound emails and block, or quarantine, those containing malicious links (this applies even with the Advanced Threat Protection add-on). To date, no exploit of this vulnerability has been seen in the field.
Update: Tuesday, February 20
If you are concerned that your Cisco firewall may still be vulnerable, please contact your Account Manager or email email@example.com.
There's a new social engineering tactic on the loose affecting cloud email accounts like Microsoft Office 365. The ransomware attack, hidden beneath a "new Microsoft anti-spam service," tricks users into accepting the service, thereby providing the cyberattacker with access to their email account. It is at that time that all emails and their attachments are encrypted in real time and requested to pay a ransom to recover the data.
Last week, it was revealed that researchers had found a weakness in the "Trusted Platform Module" or TPM chip from Infineon Technologies. This chip set, commonly found in the current generation of computers, could allow a criminal to decrypt a stolen hard drive, which had previously been encrypted.
As you may have already heard, a new high-severity security vulnerability has been released publicly that is related to the WiFi Protected Access 2 Protocol (WPA2 Protocol). This newly discovered weakness could potentially allow an attacker to compromise an encrypted wireless session between a wireless client (PC/Smartphone) and the associated Wireless Access Point (AP). Once compromised, the attacking AP now acts as a "Man-in-the-Middle" and would be able to view packets between the wireless client and a remote endpoint as well as potentially inject malformed packets into the session.
Apple has released the iOS 10.3.3 software update for iPhone, iPad, and iPod touch. The update focuses on bug fixes and performance improvements for all devices running iOS 10. It is important to execute on the update right away as the patch fixes a vulnerability which allows an attacker to breach your device.