July 2018 - SR3 CyberSecurity

WPA3

Bruce Schneier has an interesting article on the new WPA3 standard.

“The first big new feature in WPA3 is protection against offline, password-guessing attacks. This is where an attacker captures data from your Wi-Fi stream, brings it back to a private computer, and guesses passwords over and over again until they find a match. With WPA3, attackers are only supposed to be able to make a single guess against that offline data before it becomes useless; they’ll instead have to interact with the live Wi-Fi device every time they want to make a guess. (And that’s harder since they need to be physically present, and devices can be set up to protect against repeat guesses.)”

https://www.schneier.com/blog/archives/2018/07/wpa3.html

Google explains Gmail privacy after controversy

RICHARD NIEVA is reporting in CNET:

Google responded Tuesday to a backlash surrounding Gmail, after it was reported that employees at third-party apps could read people’s emails.

“To be absolutely clear: no one at Google reads your Gmail.”

https://www.cnet.com/news/google-explains-gmail-privacy-after-controversy/#ftag=CAD590a51e

Majority of firms hit by ransomware attacks now paying up

Bob Violino reports in Information Management:

“Cyber security company Radware has released its 2018 Executive Application and Network Security Report, and for the first time in the survey’s five-year history a majority of executives reported paying a hacker’s ransom following a cyber attack.”

“Merrill Research surveyed 232 executives worldwide on behalf of Radware, and 69 percent said their company faced a ransom attack in the past year, compared with only 14 percent in 2016. Of those, 53 percent paid the ransom.”

“Two-thirds of executives (66 percent) reported a lack of confidence in their network security, admitting that their networks are penetrable by hackers.”

https://www.information-management.com/news/majority-of-firms-hit-by-ransomware-attacks-now-paying-up

Vulnerabilities Patched in VMware ESXi, Workstation, Fusion

Eduard Kovacs is reporting in SecurityWeek:

“VMware informed customers last week that it patched several vulnerabilities that can lead to a denial-of-service (DoS) condition or information disclosure in its ESXi, Workstation, and Fusion products.”

https://www.securityweek.com/vulnerabilities-patched-vmware-esxi-workstation-fusion

aLTEr: Hackers can spy on your 4G browsing sessions thanks to LTE flaws

Vulnerabilities have been discovered in LTE that would make it possible for an attacker to tap into 4G networks for the purposes of spying on and hijacking 4G browsing sessions.

BY Mark Wycislik-Wilson

http://www.topix.com/tech/computer-security/2018/06/alter-hackers-can-spy-on-your-4g-browsing-sessions-thanks-to-lte-flaws?fromrss=1