Internal Threats
















             Researchers discover new ways to hack WPA3 Protected WiFi Passwords - The same team of
             cybersecurity researchers who discovered several severe vulnerabilities, collectively dubbed as
             Dragonblood, in the newly launched WPA3 WiFi security standard few months ago has now
             uncovered two more flaws that could allow attackers to hack WiFi passwords. WPA, or WiFi
             Protected Access, is a WiFi security standard that has been designed to authenticate wireless
             devices using the Advanced Encryption Standard (AES) protocol and intended to prevent hackers
             from eavesdropping on your wireless data. The WiFi Protected Access III (WPA3) protocol was
             launched a year ago in an attempt to address technical shortcomings of the WPA2 protocol from the
             ground, which has long been considered to be insecure and found vulnerable to more severe KRACK
             attacks.
                    Source: https://thehackernews.com/2019/08/hack-wpa3-wifi-password.html



             Flaws in Qualcomm chipset expose millions of Android devices to hacking threat - Security
             researchers from Tencent’s Blade Team are warning Android smartphone and tablet users of flaws in
             Qualcomm chipsets, called QualPwn. The bugs collectively allow hackers to compromise Android
             devices remotely simply by sending malicious packets over-the-air – no user interaction required.
             Three bugs make up QualPwn (CVE-2019-10539, CVE-2019-10540 and CVE-2019-10538). The
             prerequisite for the attack is that both the attacker and targeted Android device must be active on
             the same shared Wi-Fi network. “One of the vulnerabilities allows attackers to compromise the
             WLAN and modem, over-the-air. The other allows attackers to compromise the Android kernel from
             the WLAN chip. The full exploit chain allows attackers to compromise the Android kernel over-the-
             air in some circumstances,” wrote researchers.

                    Source: https://threatpost.com/android-phones-qualpwn/146989/



             DMARC Adoption Nonexistent at 80% of Organizations - Standard email authentication to prevent
             spoofing and phishing remains elusive for most. About 80 percent of company web domains don’t
             have standard email authentication protections in place. That’s according to 250ok’s Global DMARC
             Adoption 2019 report, which analyzed 25,700 domains in the education, e-commerce, legal,
             financial services, SaaS and nonprofit sectors, as well as the Fortune 500, U.S. government and
             China Hot 100 sectors. The firm found that the majority lacked Domain-based Message
             Authentication, Reporting and Conformance (DMARC) policies; DMARC is considered the industry
             standard for email authentication to prevent attacks where adversaries are sending mails with
             counterfeit addresses.

                    Source: https://threatpost.com/dmarc-adoption-nonexistent/146751/







                                                    www.accumepartners.com                                           11