This week I've been slowly working at going through the course material at Free Code Camp. Currently, I've been taking some time every day to watch a little of the CISSP course video they have published on Youtube. The CISSP (Certified Information Systems Security Professional) is a certificate that is a highly regarded infosec certificate that covers topics ranging from asset security to security software deployment. The free resources provided by Free Code Camp have been excellent so far, and I highly recommend them to any wishing to study for the CISSP.
Wifi fragmentation and aggregation attacks (FragAttacks) are a new collection of vulnerabilities in which a threat actor can exfiltrate data or attack victims within radio range. Mathy Vanhoef, a postdoctoral researcher at New York University Abu Dhabi, recently published his paper, Fragment and Forge: Breaking Wi-Fi through Frame Aggregation and Fragmentation , detailing several attack vectors and examining the intricacies of the aggregation vulnerabilities that have been part of the 802.11 standards since the inception in 1997. Quite interestingly, every device tested was susceptible to one or more of the FragAttacks. While several 802.11 standards make these attacks harder to perform, they can be executed on all devices across all standards. It's a good thing then, that there was a nine-month embargo on information related to these attacks, allowing manufacturers to provide security updates to affected devices. Mathy Vanhoef has also created a website documenting the FragAttack