IEEE 802.11ax or Wi-Fi 6 builds on the strengths of 802.11ac, while adding flexibility and scalability that lets new and existing networks power next- generation applications. IEEE 802.11ax OFDMA technology lets even first-wave 802.11ax access points support eight spatial streams and deliver up to 4800 Mbps at the physical layer, depending on vendor implementation. All clients will achieve higher effective throughput at the MAC layer, for a better overall user experience.
Updates on the Recent Facebook Security Breach
30 Million Facebook Accounts Were Hacked: Check If You’re One of Them
Google initially estimated that the number of customers affected by the access token breach could have been 50 million, the company then downgraded the number to 30 million after the investigation.
- For about 15 million Facebook users, attackers accessed two sets of information: usernames and contact information including phone numbers, email addresses and other contact information depending on what users had on their profiles.
- For about 14 million Facebook users, attackers accessed an even wider part of their personal data, including the same two sets of information mentioned above, along with other details users had on their profiles, like gender, language, relationship status, religion, hometown, current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or pages they follow, and the 15 most recent searches.
- A remaining 1 million Facebook users did not have any personal data accessed by the attackers.
https://thehackernews.com/2018/10/hack-facebook-account.html
‘User Risk Report’ Reveals Poor Cybersecurity Habits of Global Workers
Wombat Security published its second annual User Risk Report that revealed personal cybersecurity habits of working adults around the world.
There are a few key findings from the report:
- 44% of global respondents do not password-protect their home WiFi networks, and 66% have not changed the default password on their WiFi routers.
- 55% of workers who use employer-issued devices at home allow family members to use them for things like shopping online and playing games.
- 67% believe using antivirus software and keeping it up to date will stop cyber attacks from affecting their computer.
- Among working adults who do not use a password manager, more than 60% admitted to reusing passwords across multiple online accounts.
https://www.wombatsecurity.com/blog/user-risk-report-reveals-poor-cybersecurity-habits-of-global-workers
Hackers Stole 50 Million Facebook Users’ Access Tokens Using Zero-Day Flaw
September 28, Facebook admitted that unknown hacks exploited three zero-day vulnerabilities on its social media platform and took away secret access tokens for more than 50 million Facebook users.
Access Tokens “are the equivalent of digital keys that keep people logged in to Facebook, so they don’t need to re-enter their password every time they use the app.” The hackers could use those access tokens to take over user accounts. In response, Facebook reset access token for nearly 90 million users, which caused all 90 million users being logged out on September 28. The hackers could use the secret access tokens to access user accounts, personal information, and access third-party app or websites that are logged in with Facebook accounts.
https://thehackernews.com/2018/09/facebook-account-hack.html
ICANN sets plan to reinforce internet DNS security
The Internet Corporation for Assigned Names and Numbers (ICANN) has decided to change the cryptographic key that helps protects the Domain Name Systems (DNS). The process of changing the cryptographic key is called the root key the root key rollover or KSK rollover. The DNS root key is a cryptographic public-private key pair used for DNSSec signing of the DNS root zone records. The KSK rollover means that generating a new pair of cryptographic public-private key and distributing to organizations who operate validating resolvers. The primary driving for the root KSK rollover is the growth in attack capability of cybercriminals.
Zero day found in NUUO video software allowing camera takeover
Tenable Research, a Cyber Exposure Company, has discovered vulnerabilities, including a zero-day vulnerability, in NUUO NVRMini2 video software. The zero-day vulnerability, called Peecaboo, would allow unauthorized users to remotely view and tamper video footages by exploiting a remote code execution in the NUUO software. For example, cybercriminals could replace the live video with a static footage of the surveilled area to conceive security personnel.
NUUO is one of the leading video surveillance solution providers. The vulnerability could potentially affect more than 100 brands and 2500 camera models. NUUO has been working on a patch for the Peecaboo, but the release date is still unknown.
A bigger concern is that many users will be unaware of the vulnerability because many other vendors also adopt the NUUO software and integrate it into their products. NUUO has released a plugin to help users assess the vulnerability.
Zero day found in NUUO video software allowing camera takeover