9283 8B4A 87FE DC6E C327 EF05 70A8 B78D 1623 3FB5

  1. Master Deeds data leak – our very own Equifax!
    1. www.iafrikan.com/2017/10/18/south-africas-govault-hacked-over-30-million-personal-records-leaked/
    2. Find out whether your PII is included on (odds are good considering 66 million records):
      - haveibeenpwned.com/ (try all your past and present email addresses)
      (Compromised data includes: Government issued IDs, Dates of birth, Deceased statuses, Email addresses, Employers, Ethnicities, Genders, Home ownership statuses, Job titles, Names, Nationalities, Phone numbers, Physical addresses)
    3. Interesting follow up: www.iol.co.za/business-report/real-estate-company-admits-to-being-source-of-dataleaks-11627034
    4. Now what? Will we all get new IDs? (we should! – maybe we should ask…)
    5. SA Data Leak Survival Guide (courtesy of Wolfpack Information Risk)
  2. Key Reinstallation Attack
    - “KRACK affects both WPA and WPA2 in both Pre-Shared Key and Enterprise modes. While the attack is damaging to clients by delivering a MiTM attack, no “official” attack tools have been seen. The methods for delivering the KRACK attack require technical expertise, rely on specific timing, and can be subject to failure due to the operation of 802.11 as a whole. Now is the time to get our “houses in order” by patching access points (APs) and clients (especially Android) when they are available, enabling robust wireless rogue AP detection, WIPS, and leveraging secure MiTM resistant protocols such as SSL/TLS and IPSEC VPNs in addition to WiFi encryption such as continued use of WPA2.” – Larry Pesce (SANS NewsBites Vol. 19 Num. 083)
    1. What to communicate?
    2. Vendor advisories / patches
    3. More info:
      1. What You Should Know About the ‘KRACK’ WiFi Security Weakness
        - Key takeaways: “To my mind, those most at risk from this vulnerability are organizations that have not done a good job separating their wireless networks from their enterprise, wired networks.
        I don’t see this becoming a major threat to most users unless and until we start seeing the availability of easy-to-use attack tools to exploit this flaw…
        From reading the advisory on this flaw, it appears that the most recent versions of Windows and Apple’s iOS are either not vulnerable to this flaw or are only exposed in very specific circumstances. Android devices, on the other hand, are likely going to need some patching, and soon.” – Brian Krebs
      2. WPA2 Key Reinstallation Vulnerabilities (KRACK) Explained
      3. eduroam advisory: Key Reinstallation Attack and WPA2
  3. Google Home Mini spying 24/7
  4. Beware of sketchy iOS popups that want your Apple ID
  5. What’s in a cable? The dangers of unauthorized cables
  6. DoubleLocker: Innovative Android Ransomware
  7. Fake Crypto: Microsoft Outlook S/MIME Cleartext Disclosure
  8. “If you haven’t implemented DMARC you are missing a chance to become a hero in your organization.” – “It’s a game changer in stopping people from spoofing email from your site.” – Paller