wifi hacking tool | Breaking Cybersecurity News | The Hacker News

A high-severity vulnerability has been discovered in 4G-based wireless 4GEE Mini modem sold by mobile operator EE that could allow an attacker to run a malicious program on a targeted computer with the highest level of privileges in the system. The vulnerability—discovered by 20-year-old Osanda Malith , a Sri Lankan security researcher at ZeroDayLab—can be exploited by a low privileged user account to escalate privileges on any Windows computer that had once connected to the EE Mini modem via USB. This, in turn, would allow an attacker to gain full system access to the targeted remote computer and thereby, perform any malicious actions, such as installing malware, rootkits, keylogger, or stealing personal information. 4G Mini WiFi modem is manufactured by Alcatel and sold by EE, a mobile operator owned by BT Group— Britain's largest digital communications company that serves over 31 million connections across its mobile, fixed and wholesale networks. How Does the Attack

Do you think your wireless network is secure because you're using WPA2 encryption? If yes, think again! Security researchers have discovered several key management vulnerabilities in the core of Wi-Fi Protected Access II (WPA2) protocol that could allow an attacker to hack into your Wi-Fi network and eavesdrop on the Internet communications. WPA2 is a 13-year-old WiFi authentication scheme widely used to secure WiFi connections, but the standard has been compromised, impacting almost all Wi-Fi devices—including in our homes and businesses, along with the networking companies that build them. Dubbed KRACK — Key Reinstallation Attack —the proof-of-concept attack demonstrated by a team of researchers works against all modern protected Wi-Fi networks and can be abused to steal sensitive information like credit card numbers, passwords, chat messages, emails, and photos. Since the weaknesses reside in the Wi-Fi standard itself, and not in the implementations or any individua

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

An infamous Russian-linked cyber-espionage group has been found re-using the same leaked NSA hacking tool that was deployed in the WannaCry and NotPetya outbreaks—this time to target Wi-Fi networks to spy on hotel guests in several European countries. Security researchers at FireEye have uncovered an ongoing campaign that remotely steals credentials from high-value guests using Wi-Fi networks at European hotels and attributed it to the Fancy Bear hacking group. Fancy Bear —also known as APT28, Sofacy, Sednit, and Pawn Storm—has been operating since at least 2007 and also been accused of hacking the Democratic National Committee (DNC) and Clinton Campaign in an attempt to influence the U.S. presidential election. The newly-discovered campaign is also exploiting the Windows SMB exploit (CVE-2017-0143), called EternalBlue , which was one of many exploits allegedly used by the NSA for surveillance and leaked by the Shadow Brokers in April. EternalBlue is a security vulnerabi