Key Reinstallation Attack (KRACK)
Dynamic Data Exchange (DDE)
Dangerous Malware Allows to Empty
Bad Rabbit :Ransomware Attack
XSS vulnerability found in keystoneJS
Hacking Wi-Fi :Key Reinstallation
• WPA2 is a secure Wi-Fi connections .
• Wi-Fi Protected Access II (WPA2) protocol could allow an
attacker to hack into your Wi-Fi network
• Android, Linux, Apple, Windows, OpenBSD, MediaTek,
Linksys, and others, are all affected.
This attack is local and active in nature.
active MiTM is required and can only be done
in physical proximity
KRACK—Key Reinstallation Attack—Team of
researchers works against all modern protected
Wi-Fi networks and can be abused to steal
sensitive information like credit card numbers,
passwords, chat messages, emails, and photos.
The KRACK attack works by exploiting a 4-way
handshake of the WPA2 protocol for encrypting traffic.
KRACK attack does not help attackers recover the
targeted Wi-Fi's password
It allows them to decrypt Wi-Fi users' data without
cracking or knowing the actual password.
Attacker needs to trick a victim into re-installing an
The impact of exploiting these vulnerabilities includes
decryption, packet replay, TCP connection hijacking,
HTTP content injection.
The communication over HTTPS is secure (But not
100% secure) and can’t be decrypted using the KRACK
Use a secure VPN service—which encrypts all your
Internet traffic whether it’s HTTPS or HTTP.
Key Reinstallation attack could be exceptionally
devastating against Linux and Android 6.0 or higher.
KRACK Attack Protection and
Update the firmware of all of your Wi-Fi devices with
Update the passwords and firmware of all of your Wi-
Fi access points and routers.
Browse secure HTTPS websites which leverage
Disable Temporal Key Integrity Protocol (TKIP).
Bad Rabbit: New Ransomware
It is spreading like wildfire around Europe
It affected over 200 major organisations, primarily
in Russia, Ukraine, Turkey and Germany, in the
past few days
Demanding 0.05 bitcoin (~ $285) as ransom from
victims to unlock their systems.
Distributed via drive-by download attacks, using
fake Adobe Flash players.
No exploits were used.
Bad Rabbit ransomware uses DiskCryptor.
In some of the companies, the work has been
completely paralysed - servers and workstations
are encrypted,head of Russian cyber-security
Two of the affected sites are Interfax and
It affected systems at three Russian websites, an
airport in Ukraine and an underground railway in
the capital city, Kiev.
How to Protect Yourself from Ransomware Attacks?
oDisable WMI(Windows Management Instrumentation)
service to prevent.
oMost ransomware spread through phishing emails,
malicious adverts on websites, and third-party apps and
oAlways exercise caution when opening uninvited
oNever download any app from third-party sources
o Keep a good backup routine.
o Run a good and effective anti-virus security suite on
your system, and keep it up-to-date.
Unpatched Microsoft Word
Dynamic Data Exchange (DDE )
Unpatched attacking method that exploits a built-in
feature of Microsoft Office is currently being used in
various widespread malware attack campaigns.
DDE protocol ,allow two running applications to
share the same data.
The protocol is being used by thousands of apps,
including MS Excel, MS Word, Quattro Pro, and Visual
One-time data transfers and for continuous exchanges
for sending updates to one another.
The DDE exploitation technique displays no
"security" warnings to victims,
over 6 million infected computers worldwide and
sends millions of emails—to distribute Locky
ransomware and TrickBot banking trojan using Word
documents that leverage the newly discovered DDE
How to Protect Yourself From Word DDE Attacks?
→ Select File
•Hacking ATM is now easier than ever before.
•Anyone can simply buy a malware to steal millions in
cash from ATMs.
•Hackers are selling ready-made ATM malware, anybody
can simply buy for around $5000
•Advertising the malware, as Cutlet Maker.
The list of crimeware contains in the toolkit
Cutlet Maker—ATM malware which is the
primary element of the toolkit
Stimulator—an application to gather cash cassette
statuses of a targeted ATM
codecalc—a simple terminal-based application to
generate a password for the malware.
•Either network or physical access to an ATM is
required to enter the code in the application text area
and also to interact with the user interface.
•The advertisement was initially published on
the AlphaBay Darknet marketplace, which was recently
taken down by the FBI.
Cross-Site Scripting(XSS) found in
How to perform this attack:
1. Navigate to Contact Us page
2. Fill in the details needed and enter the below payload in
<a onmouseover=alert(document.cookie)>XSS link</a>
3. Now login as admin and navigate to the above new record
created in the enquiries.
4. Move the cursor on the text “XSS link”
• The issues have been fixed and the vendor has
released the patches
• The application accepts input from normal user
without any validation and renders it without output
• Therefore it is recommended to perform input
validation or html output encoding to avoid such
kind of attacks.