BF-SIRT Newsletter 2017-42

This weeks top stories is that a serious flaw in the WPA2 protocol lets attackers intercept network traffic (KRACK), and a factorization flaw in TPM chips makes attacks on RSA private keys feasible (ROCA).

You can also read about how Oracle fixes 20 remotely exploitable Java SE vulnerabilities in their latest patch, and that Flash is hit by another zero-day vulnerability that is actively exploited.

Top 5 Security links
Serious flaw in WPA2 protocol lets attackers intercept passwords and much more
Factorization Flaw in TPM Chips Makes Attacks on RSA Private Keys Feasible
Oracle Fixes 20 Remotely Exploitable Java SE Vulns
Flash hit by another zero-day vulnerability
Third-Party Code Hack Leads to Compromised Equifax Site Serving Fake Flash Install