- Critical Vulnerability in Electrum Bitcoin Wallets Finally Addressed
The flaw was identified by a commenter using the alias “jsmad,” in a Github on 24 November 2017. The electrum daemon is running, someone on a different virtual host of the web server could easily access your wallet via the local RPC port. Currently, there is no security/authentication, giving someone access to the RPC port full access to the wallet. The critical vulnerability allows malicious websites to access and steal from bitcoin wallets that are not protected by a password because the flaw leaves the crypto wallet at the risk of port scanning and deanonymization attacks. This would eventually lead to extended exploitation of the wallet. Electrum has addressed the issue that was previously partially fixed in the version 3.0.4, released on 7 January, while the version 3.0.5 was released on January 8 to fully fix the problem.
Cyber Security Tips: Users are strongly recommended that should upgrade their Electrum software, and stop using old versions.
- Florida hack exposes 30K Medicaid patients’ files
Previously hackers have targeted various healthcare center to access medical data. According to the latest report, Florida officials announced late Friday that hackers may have accessed the personal information and medical records of up to 30,000 Medicaid recipients in November. The state’s Agency for Health Care Administration said in a Friday evening news release that one of its employees “was the victim of a malicious phishing email” on November 15, and they learned of the incident five days later on 20 November, after which they notified the notified the Inspector General who launched an investigation “to identify if any protected health information was potentially accessed.” According to the investigator hacker able to accessed the enrollees’ full names, Medicaid ID numbers, birthdates, addresses, diagnoses, medical conditions, and Social Security numbers. The AHCA said no other agency systems or email accounts were involved in the phishing attack.
Cyber Security Tips: The agency provided a hotline for Medicaid recipients to call-844-749-8327 the patients are recommended to contact the agency if any suspicious happened.
- Wi-Fi Alliance launches WPA3 protocol with new security features
The Wi-Fi Alliance has finally announced the long-awaited next generation of the wireless security protocol Wi-Fi Protected Access (WPA3). WPA3 will replace the existing WPA2 the current network security protocol that has been around for at least 15 years and widely used by billions of wireless devices every day, including smartphones, laptops, and the Internet of things. WPA2 has long been considered to be insecure due to its common security issue, that is “unencrypted” open Wi-Fi networks, which allows anyone on the same WiFi network to intercept connections on other devices and it also vulnerable to KRACK (Key Reinstallation Attack) that makes it possible for attackers to intercept and decrypt Wi-Fi traffic passing between computers and access points.
Following are the features of WPA3;
- WPA3 protocol strengthens user privacy in open networks through individualized data encryption.
- WPA3 protocol will also protect against brute-force dictionary attacks, preventing hackers from making multiple login attempts by using commonly used passwords.
- WPA3 protocol also offers simplified security for devices that often have no display for configuring security settings, i.e. IoT devices.
- There will be a 192-bit security suite for protecting Wi-Fi users’ networks with higher security requirements, such as government, defense, and industrial organizations