MITM Archives - Page 2 of 8 - Security Affairs

Pierluigi Paganini July 04, 2018

Huawei enterprise and broadcast products have a crypto bug. Fix it now!

Huawei has rolled out security fixes for some enterprise and broadcast products to address a cryptography issue tracked as CVE-2017-17174. Huawei has released security updates for some enterprise and broadcast products to address a cryptography issue that was discovered in late 2017. The vulnerability, tracked as CVE-2017-17174, is related to the implementation of an insecure encryption […]

Pierluigi Paganini May 25, 2018

Electron Windows Protocol Handler MITM/RCE (bypass for CVE-2018-1000006 fix)

As part of an engagement for one of our clients, we analyzed the patch for the recent Electron Windows Protocol handler RCE bug (CVE-2018-1000006) and identified a bypass. Under certain circumstances, this bypass leads to session hijacking and remote code execution. The vulnerability is triggered by simply visiting a web page through a browser. Electron apps designed to run […]

Pierluigi Paganini January 24, 2018

Are you a Tinder user? Watch out, someone could spy on you

Experts at security firm Checkmarx discovered two security vulnerabilities in the Tinder mobile apps that could be exploited to spy on users. Security experts at Checkmarx discovered two security vulnerabilities in the Tinder Android and iOS dating applications that could be exploited by an attacker on the same wi-fi network as a target to spy […]

Pierluigi Paganini December 15, 2017

The cybersecurity firm Fox-IT disclosed a security breach that affected its infrastructure

For Fox-IT disclosed a security breach that affected its infrastructure and demonstrated how to manage it in an outstanding way. The cybersecurity firm Fox-IT, one of the top security companies currently owned by the UK giant NCC Group, disclosed a security breach that affected its infrastructure. According to the firm, on September 19 an unknown attacker carried […]

Pierluigi Paganini December 11, 2017

Microsoft accidentally exposed Dynamics 365 TLS certificates exposing sandbox environments to MiTM attacks

Microsoft accidentally exposed a Dynamics 365 TLS certificate and private key for at least 100 days leaving the sandbox environments open to MiTM attacks. Data leakage continues to represent a serious problem for organizations, now it’s up to Microsoft that accidentally exposed a Dynamics 365 TLS certificate and private key for at least 100 days. The software […]

Pierluigi Paganini December 07, 2017

Major Banking Applications were found vulnerable to MiTM attacks over SSL

Security experts discovered a critical vulnerability in major mobile banking applications that left banking credentials vulnerable to hackers. A group of security researchers has discovered a critical vulnerability in major mobile banking applications that left banking credentials vulnerable to hackers. The vulnerability was discovered by researchers of the Security and Privacy Group at the University […]

Pierluigi Paganini October 10, 2017

Microsoft’s October Patch Tuesday addresses critical Windows DNS client Zero-Day Flaws tied to DNSSEC

Microsoft’s October Patch Tuesday addresses three critical zero-day security vulnerabilities tied to the DNSSEC protocol. Microsoft’s October Patch Tuesday addresses three critical security vulnerabilities in the Windows DNS client in Windows 8, Windows 10, and Windows Server 2012 and 2016. The vulnerabilities affect the Microsoft’s implementation of one of the data record features used in the secure […]

Pierluigi Paganini September 12, 2017

Billions of mobile, desktop and IoT devices potentially exposed to BlueBorne Attack

Billions of mobile, desktop and IoT devices that use Bluetooth may be exposed to a new stealthy remote attack dubbed BlueBorne attack. Billions of mobile, desktop and IoT devices that use Bluetooth may be exposed to a new remote attack, even without any user interaction and pairing. The unique condition for BlueBorne attacks is that targeted devices […]

Pierluigi Paganini July 06, 2017

Perl devs fix an important flaw in DBD—MySQL that affects encryption between client and server

Perl development team solved a flaw in DBD—MySQL in some configurations that wasn’t enforcing encryption allowing an attacker to power MiTM attacks. The security researcher Pali Rohár reported an important flaw in DBD—MySQL, tracked as CVE-2017-10789, that affects only encryption between client and server. According to the expert, the issue in some configurations wasn’t enforcing encryption allowing an attacker to […]

Pierluigi Paganini May 10, 2017

iCloud Keychain vulnerability allowed hackers to Steal sensitive data

Apple has recently fixed an iCloud Keychain vulnerability that could have been exploited by hackers to steal sensitive data from iCloud users. The flaw allowed hackers to run man-in-the-middle (MitM) attacks to obtain sensitive user information (i.e. names, passwords, credit card data, and Wi-Fi network information). The researcher Alex Radocea of Longterm Security discovered in […]

MITM

Huawei enterprise and broadcast products have a crypto bug. Fix it now!

Electron Windows Protocol Handler MITM/RCE (bypass for CVE-2018-1000006 fix)

Are you a Tinder user? Watch out, someone could spy on you

The cybersecurity firm Fox-IT disclosed a security breach that affected its infrastructure

Microsoft accidentally exposed Dynamics 365 TLS certificates exposing sandbox environments to MiTM attacks

Major Banking Applications were found vulnerable to MiTM attacks over SSL

Microsoft’s October Patch Tuesday addresses critical Windows DNS client Zero-Day Flaws tied to DNSSEC

Billions of mobile, desktop and IoT devices potentially exposed to BlueBorne Attack

Perl devs fix an important flaw in DBD—MySQL that affects encryption between client and server

iCloud Keychain vulnerability allowed hackers to Steal sensitive data

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

An attacker using a $500 radio setup could potentially trigger train brake failures or derailments from a distance

Interlock ransomware group deploys new PHP-based RAT via FileFix

Global Louis Vuitton data breach impacts UK, South Korea, and Turkey

Experts uncover critical flaws in Kigen eSIM technology affecting billions

Spain awarded €12.3 million in contracts to Huawei

QUICK LINKS

MITM

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!