Anonymous ID: c166b6 March 4, 2020, 2:32 p.m. No.8318684   🗄️.is 🔗kun

Daily hack updates …everything is comped

Wi-Fi kit spilling data with bad crypto – Huawei, eh? No, it's Cisco. US giant patches Krook spy-hole bug in network gear

Meanwhile, Sophos finds nasty rootkit, OnlyFans says massive archive not a hack

 

Cisco posts Krook Wi-Fi patches

It looks like Switchzilla is moving swiftly to clear up the Krook bug discovered by ESET.

Just hours after the researchers delivered their findings in a report, Cisco gave its own advisory on the Wi-Fi data snooping flaw.

"Multiple Cisco wireless products are affected by this vulnerability," the advisory stated.

"Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability."

 

Sophos finds VM rootkit

Researchers over at Sophos have made a rather interesting discovery: a rootkit infection that targets Linux and Windows VMs in the AWS cloud. Dubbed "cloud snooper", the infection is so complex that the culprit was very likely to be a nation-state hacking group. The targets were not named, but Sophos reckons the aim of the malware was to harvest sensitive data from the infected servers.

 

Additionally, the Sophos team does not believe that AWS is at fault here, despite the infections sitting on EC2 instances. "Though we discovered the technique in use on AWS, the problem is not an AWS problem per se," Sophos explained.

 

https://www.theregister.co.uk/2020/03/02/security_roundup_rsa_week/