A Maryland security firm has released an open-source tool that can be used to exploit a vulnerability in the WiFi Protected Setup (WPS) standard that can be exploited to retrieve passwords. Tactical Network Solutions on Wednesday announced the release of the tool, called Reaver. "Reaver is capable of breaking WPS PINS and recovering the plain text WPA/WPA2 passphrase of the target access point in approximately four to 10 hours," a company blog post said. Disabling WPS is the only known fix for the vulnerability, discovered by researcher Stefan Viehbock, but functionality that locks out anyone who continuously re-enters the wrong passcode can "make an attack impractical," he said.
Hamas spokesperson Hudhayfa Samir Abdallah al-Kahlut, also known as "Abu Ubaida," has been sanctioned by the U.S. Treasury Department for his leadership of the group's cyber influence operations, reports The Record, a news site by cybersecurity firm Recorded Future.
TechCrunch reports that U.S. conservative think tank The Heritage Foundation was working on addressing a cyberattack against its systems last week, but investigation into whether any of its data was compromised is still underway.
Iranian state-backed threat operation MuddyWater, also known as TA450, Mango Sandstorm, and Boggy Sandstorm, has leveraged the novel DarkBeatC2 command-and-control infrastructure tool as part of its latest attack campaign, The Hacker News reports.