"Krack" attack can compromise WPA2 wi-fi security

Rapid7 has reported a serious security flaw in wi-fi routers in homes and businesses that would appear when external enemies are in close proximity, such as in adjacent apartments, hotels, or public wi-fi connections.

Alyssa Newcomb on NBC News reports on it as the "Krack Attack".  It bypasses WPA2 standards.

Users should apply forthcoming Windows and Max fixes and firmware from router companies as soon as possible,  Firmware usually gets updated be restarting a router once a week. 

Phishing attacks try to intercept real estate sales with wire fraud

Persons approaching purchase of property in real estate transactions should become wary of phishing attacks that submit wire transfer instructions which turn out not to be from the real title company.

People should only wire money to accounts that they can confirm separately really to belong to the title company. 

Bluetooth security vulnerabilities are reported

Webroot is warning users of the risks of Bluetooth devices as possibly attracting hackers, as in this article   Webroot advises users to turn off devices when not in use.  This appears to apply to wearable devices, which could provide a portal for hacking personal information from phones.

  

I’ve noticed that the Microsoft Action Center, on at least one computer, recommends resinstalling a Bluetooth driver after the Creators’ Update of Windows 10.  But there don’t seem to be any symptoms.  I wonder if this relates to the same possible vulnerability. 

Phishing scam tells you your Facebook account is suspended

Here's the most recent phishing scam.  You get repeated emails telling you to restore your Facebook account with one click.  It comes from "facebookmail dot com".

So just log in to Facebook yourself and check for yourself.  

Another scheme is to misspell Facebook and take you to a survey page.  

More sophisticated phishing scheme pretends to warn of invalid overseas iTunes purchases

There is a clever phishing scheme now where the attacker sends an email that purports to be from Apple advising you of an overseas purchase of a game from iTunes for about $50.  There is a PDF of the receipt and a link to challenge it.  Previously, there may have been another email without attachments advising of the purchase. If you run the cursor over the sender, it doesn't have Apple in the domain name.

This scheme is a little more complex than a lot of them.  You can forward it to "reportphishing" at apple.com  

More concerns about Kaspersky and Russia in NY Times

The New York Times has an article today, “The Cyber Insecurity Company”, or with online title, “The Russian company that is a threat to our security”.  That’s Kaspersky Labs.

Best Buy and Geek Squad today favor Trend Micro, but before they have bounced between Webroot and Kaspersky. But the article notes that companies that use Kaspersky will have their networks exposed to servers in Russia.

That probably doesn’t matter to home users, no matter how paranoid you are about Putin or Ukraine or Chechnya.  But it would matter to most international companies, or to anyone that keeps user PII on his servers. 

DOD is no longer allowed to use Kaspersky.   

FDA issues warning about pacemaker vulnerability to hackers

Now, if a threat "From Russia without Love".

The FDA has issued an alert concerning 465,000 pacemakers because of a software vulnerability, which could endanger patients. WJLA has the story here.

The FDA's own firmware update page is here.

It takes a visit to a cardiologist's office to get the firmware updated.

Pacemakers can prevent sudden death from cardiac arrest in people with certain arhythmias.