wifi hacking tool | Breaking Cybersecurity News | The Hacker News

A high-severity vulnerability has been discovered in 4G-based wireless 4GEE Mini modem sold by mobile operator EE that could allow an attacker to run a malicious program on a targeted computer with the highest level of privileges in the system. The vulnerability—discovered by 20-year-old Osanda Malith , a Sri Lankan security researcher at ZeroDayLab—can be exploited by a low privileged user account to escalate privileges on any Windows computer that had once connected to the EE Mini modem via USB. This, in turn, would allow an attacker to gain full system access to the targeted remote computer and thereby, perform any malicious actions, such as installing malware, rootkits, keylogger, or stealing personal information. 4G Mini WiFi modem is manufactured by Alcatel and sold by EE, a mobile operator owned by BT Group— Britain's largest digital communications company that serves over 31 million connections across its mobile, fixed and wholesale networks. How Does the Attack...

Do you think your wireless network is secure because you're using WPA2 encryption? If yes, think again! Security researchers have discovered several key management vulnerabilities in the core of Wi-Fi Protected Access II (WPA2) protocol that could allow an attacker to hack into your Wi-Fi network and eavesdrop on the Internet communications. WPA2 is a 13-year-old WiFi authentication scheme widely used to secure WiFi connections, but the standard has been compromised, impacting almost all Wi-Fi devices—including in our homes and businesses, along with the networking companies that build them. Dubbed KRACK — Key Reinstallation Attack —the proof-of-concept attack demonstrated by a team of researchers works against all modern protected Wi-Fi networks and can be abused to steal sensitive information like credit card numbers, passwords, chat messages, emails, and photos. Since the weaknesses reside in the Wi-Fi standard itself, and not in the implementations or any individua...

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we'll focus on the device threat vector. The risk they pose is significant, which is why device management tools like Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) are essential components of an organization's security infrastructure. However, relying solely on these tools to manage device risk actually creates a false sense of security. Instead of the blunt tools of device management, organizations are looking for solutions that deliver device trust . Device trust provides a comprehensive, risk-based approach to device security enforcement, closing the large gaps left behind by traditional device management solutions. Here are 5 of those limitations and how to ov...

An infamous Russian-linked cyber-espionage group has been found re-using the same leaked NSA hacking tool that was deployed in the WannaCry and NotPetya outbreaks—this time to target Wi-Fi networks to spy on hotel guests in several European countries. Security researchers at FireEye have uncovered an ongoing campaign that remotely steals credentials from high-value guests using Wi-Fi networks at European hotels and attributed it to the Fancy Bear hacking group. Fancy Bear —also known as APT28, Sofacy, Sednit, and Pawn Storm—has been operating since at least 2007 and also been accused of hacking the Democratic National Committee (DNC) and Clinton Campaign in an attempt to influence the U.S. presidential election. The newly-discovered campaign is also exploiting the Windows SMB exploit (CVE-2017-0143), called EternalBlue , which was one of many exploits allegedly used by the NSA for surveillance and leaked by the Shadow Brokers in April. EternalBlue is a security vulnerabi...