Blog

Security Headlines: From Krack to the DOJ

Oct 20, 2017

It’s rare to have a day go by without some security news making headlines. This week saw #KRACK trending on social media, which raised lots of questions about the security of cybersecurity. Here’s a look at what went on this week in passwords, automation, and more.

  • The big flaw. Undoubtedly, the most notable news in security this week was the Krack attack , which impacted millions of Wi-Fi users. Around the world, businesses and homes were vulnerable because of flaws in Wi-Fi networks that use the (WPA)2 protocol . The good news, according to Anthony Lim, member of the (ISC)2 Asian Advisory Council, is that companies that have strong security measures in place are less at risk. Additionally, hacking into the myriad devices that connect to Wi-Fi networks is a tall order, said Lim, as it requires hackers be within a certain proximity to launch this type of attack.
  • Automation: filling the jobs gap or creating jobs? Automation has the potential to solve the problem of the looming cybersecurity jobs gap, but the ease of malware creation via automation will continue to make the job of cybercriminals easier. With more cybercrime, the industry will need more security experts to defend against threats.
  • An Oasis of exploits. The hacker group known as BlackOasis used the latest version of FinFisher to exploit an advanced persistent threat (APT). Kaspersky identified an Adobe Flash zero-day exploit that they said is likely delivered via email using an ActiveX object embedded within an Office document.
  • Fight the law. When laws are broken, they need to be fixed. In order to change the “hack back” law so that security practitioners can do more to defend against threats, the mindset needs to change. The DOJ is starting to engage in the important conversation of active defense, and introduced a new bill to legalize some controversial security strategies.