MITM Archives - Page 7 of 8 - Security Affairs

Pierluigi Paganini February 24, 2014

Apple restores certificate validation checks mysteriously missed

Apple released a security update to iOS that restores some certificate-validation checks that had apparently been missing for an unspecified amount of time. Last week Apple released a security update to iOS (iOS 7.06) to fix a flaw for certificate-validation checks that could be abused by attackers to conduct a man-in-the-middle attack within the victim’s network to capture or modify […]

Pierluigi Paganini February 22, 2014

WhatsApp lack enforcing certificate pinning, users exposed to MITM

Experts at Praetorian have been conducting the Project Neptune to assess the security for designing and maintenance of mobile apps, including WhatsApp. This week the IT was shocked by the acquisition of WhatsApp by Facebook, the popular mobile messaging service was sold for $19 billion, probably this is the value assigned to the information managed by […]

Pierluigi Paganini February 14, 2014

Cybercriminals target mobile applications with fake SSL Certificates

Cybercriminals targeting mobile applications with fake SSL Certificates to run man-in-the-middle attacks against the affected companies and their customers. There is the wrong conviction that SSL certification user can protect users from be tricked to visit a fake website. Netcraft has uncovered numerous attacks based on fake SSL certificates used to impersonate online banking websites, ecommerce , ISPs and […]

Pierluigi Paganini February 10, 2014

CERT POLSKA detected large-scale DNS hacking on home routers

Attackers changed the DNS configuration of vulnerable home routers to conduct man-in-the-middle attacks on a large scale against Polish online banking users. The Polish Computer Emergency Response Team has documented a series of cyber attacks observed in Poland involved cybercriminals hacking into home routers and changing their DNS settings so they can conduct MITM attacks on […]

Pierluigi Paganini December 08, 2013

French Government ANSSI responsible of a MITM against Google SSL-TLS

Google discovered the unauthorized use of digital certificates issued by an intermediate certificate authority linked to ANSSI for several Google domains. Google has revealed that late on December 3rd it became aware of unauthorized digital certificates for several Google domains and immediately has started the investigation. Security experts at Google found that the digital certificates […]

Pierluigi Paganini October 19, 2013

Apple iMessage vulnerable to MITM attack

Quarkslab researchers Cyril Cattiaux has revealed Apple lied when it claimed it could not intercept iMessages sent by its users. Quarkslab researchers Cyril Cattiaux revealed that it is possible to break encryption implemented in Apple’s iMessage application due the presence of a weakness in the key management process. The announcement was made during the Hack in the Box conference […]

Pierluigi Paganini June 15, 2013

Iranian Gmail accounts targeted by state-sponsored attack

Google revealed that tens of thousands of Gmail accounts belonging to Iranian users have been targeted by state-sponsored attacks. The Google company announced that tens of thousands of Gmail accounts of Iranian users have been targeted hacked. The attacks seem to be organized by a group of state sponsored hackers few days before presidential elections. The […]

Pierluigi Paganini March 23, 2013

T-Mobile MITM, a starting point to discuss mobile security

Many times we discussed about large diffusion of mobile devices and of related cyber threats, around a months ago I presented the case of HTC mobile that revealed 18 million devices commercialized by Taiwanese company had security flaws that could exposes users to serious risks, in particular the bugs could allow the theft of information […]

Pierluigi Paganini September 24, 2012

To be or not to be… This is Authentication

Article published on The Malta Indipendent Ron Kelson, Pierluigi Paganini, Fabian Martin, David Pace, Benjamin Gittins We use the Internet on a daily basis to access numerous services available on the web, most of which require a process of identification and validation of a user’s identity, a process commonly defined as Authentication. As Wikipedia states, the […]

Pierluigi Paganini February 16, 2012

Banking sector under attack, are we ready to the challenge?

Where can I find money? At the bank of course, this is the thought which underlies dell’orietamento of cyber crime that seems to have targeted the banking industry and its services. The event is not new but the intensification of efforts in this area is troubling . The banking sector is considered a strategic sector […]

MITM

Apple restores certificate validation checks mysteriously missed

WhatsApp lack enforcing certificate pinning, users exposed to MITM

Cybercriminals target mobile applications with fake SSL Certificates

CERT POLSKA detected large-scale DNS hacking on home routers

French Government ANSSI responsible of a MITM against Google SSL-TLS

Apple iMessage vulnerable to MITM attack

Iranian Gmail accounts targeted by state-sponsored attack

T-Mobile MITM, a starting point to discuss mobile security

To be or not to be… This is Authentication

Banking sector under attack, are we ready to the challenge?

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Hackers deploy fake SonicWall VPN App to steal corporate credentials

Mainline Health Systems data breach impacted over 100,000 individuals

Disrupting the operations of cryptocurrency mining botnets

Prometei botnet activity has surged since March 2025

The U.S. House banned WhatsApp on government devices due to security concerns

QUICK LINKS

MITM

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!