Security

In October, security researchers discovered a major vulnerability in a Wi-Fi's WPA2 security called "KRACK." This "Key Reinstallation Attack" can disrupt the initial encryption handshake that happens when an access point and a device first connect, allowing an attacker to read information assumed to be securely encrypted. It's possible to totally defeat WPA2 encryption using KRACK, allowing a third party to sniff all the Wi-Fi packets you're sending out.

One morning, years ago, I was sitting in my office enjoying my morning cup of coffee while I perused the log files when I noticed something interesting. There was a GRE (Generic Routing Encapsulation) tunnel leaving the network and connecting to a home based ISP cable modem. My first thought was that someone was being a cheeky sort so, rather than panic, I examined the point of origin.

Officials from the NIC Asia Bank, based in Kathmandu, the capital city of Nepal, have been scrambling in recent weeks to recover from a hack on its computer networks, which abused the Swift financial messaging system to help steal approximately $4.4m (£3.3m).

After multiple investigations, sources have confirmed that most of the stolen funds have now been recovered, with roughly $580,000 yet to be located by authorities.

A previously unknown cyberespionage group called Sowbug has been found using the Felismus backdoor to spy on several South American and Pacific Rim national governments for the last several years.

Another Netflix phishing campaign was seen in the wild prompting customers to update their login credentials or risk being locked out of their account. A similar scam occurred earlier this year.

Mailguard researchers described the email used in the scam as being relatively well designed and said the scammers are using a template system to generate individualized messages with specific recipient data, according to a Nov. 3 blog post.

Google Play has suffered another failure, as over one million users have been duped into downloading a fake version of WhatsApp made available in the official Android app store.

The bogus WhatsApp application was spotted late last week on Google Play, looking for all the world like the real thing, and appearing to be developed by WhatsApp Inc, the messaging app’s genuine developers.

The outcome of the 2016 presidential election is history. But allegations of voter fraud, election interference by foreign governments, and intrusions into state electoral agencies' systems have since cast a pall over the system that determines who makes the laws and enforces them in the United States. Such problems will not disappear no matter what comes out of a presidential commission or a Congressional hearing.

The most secure smartphones are Android smartphones. Don't buy that? Apple's latest version of iOS 11 was cracked a day -- a day! -- after it was released.

So Android is perfect? Heck no!

Android is under constant attack and older versions are far more vulnerable than new ones. Way too many smartphone vendors still don't issue Google's monthly Android security patches in a timely fashion, or at all. And, zero-day attacks still pop up.

So, what can you do to protect yourself? A lot actually.

One of the breakthroughs of the Stuxnet worm that targeted Iran's nuclear program was its use of legitimate digital certificates, which cryptographically vouched for the trustworthiness of the software's publisher. Following its discovery in 2010, researchers went on to find the technique was used in a handful of other malware samples both with ties to nation-sponsored hackers and, later on, with ties to for-profit criminal enterprises.

When Apple announced the iPhone X last month—its all-screen, home-button-less, unlock-with-a-look flagship—it placed an enormous bet on facial recognition as the future of authentication. For hackers around the world, Face ID practically painted a glowing target on the phone: How hard could it be, after all, to reproduce a person's face—which sits out in public for everyone to see—and use it to bypass the device's nearly unbreakable encryption without leaving a trace?