Researchers at KU Leuven in Belgium have announced discovery of a key reinstallation attack (KRACK) vulnerability affecting wi-fi connections hitherto believed to be secure. An attacker within range of the intended victim could get around the four-way handshake used in the WPA2 wi-fi protocol by inducing the victim to reinstall a key that's already in use. Success enables the attacker to access information assumed to be securely encrypted. The problem lies in the protocol itself, and not in any particular product.
A variety of probes and nuisance attacks surfaced in Europe late last week. Poland's Defense Minister says the country successfully parried a Russian cyberattack of unspecified nature and scope. In Sweden denial-of-service campaigns affected transportation, especially rail transportation, in western regions of the county. There's no attribution of the DDoS attacks against Swedish targets, but Russian operators are widely suspected.
British security researchers have concluded that Iran was behind the June 23 brute-force attacks on Parliament's email system. Moscow had been the original and usual suspect, but Whitehall has determined it was Tehran.
A number of researchers are warning of an increase in the tempo of cyberattacks against targets in East Asia. These no longer seem to be confined to espionage, but appear to pose a fresh threat to supply chains. A confused set of Chinese and North Korean actors are named in dispatches.
Apple's iOS 11 is said to have an exploitable backdoor in its associated QR scanner.
Pizza Hut was breached: less serious than Equifax, but tastier.