Cryptojacking malware discovered running on critical infrastructure control systems

Radiflow reports that they discovered cryptojacking software -- malware that mines cryptocurrency -- running in the monitoring and control network of an unnamed European water utility, the first such discovery, and a point of serious concern about the security and integrity of critical infrastructure to both targeted and untargeted attacks. Read the rest

KRACK! Wifi's go-to security, WPA2, is fatally flawed, and will probably never be patched in many places

US CERT has privately circulated an advisory warning key stakeholders about the imminent publication of Key Reinstallation Attacks (KRACK), which exploit a heretofore unknown flaw in the WPA2 wifi security protocol, allowing attackers to break the encryption and eavesdrop upon -- and possibly inject packets into -- wireless sessions previously believed to be secure. Read the rest