Pierluigi Paganini July 28, 2014
Instagram Adroid App affected by account session Hijacking flaw

A security researcher disclosed a serious issue on Instagram’s Android Application which could be exploited by an attacker to impersonate a victim. A security issue related to Instagram Mobile App for Android expose the users’ account to serious risks of data breach. A security researcher discovered that the Instagram Mobile App is affected by a Hijacking vulnerability which could be […]

Pierluigi Paganini July 21, 2014
Siemens industrial products affected by OpenSSL vulnerabilities

The ICS-CERT has issued a security advisory related to the existence of OpenSSL vulnerabilities affecting different Siemens industrial products. Several Siemens industrial products are affected by four vulnerabilities in their OpenSSL implementation which could be remotely exploited to run a man-in-the-middle (MitM) attack or to cause the crash of web servers of the products. Critical infrastructure […]

Pierluigi Paganini July 12, 2014
Gmail App for iOS vulnerable to Man-in-the-Middle Attacks

Security experts at Lacoon discovered a vulnerability in the Gmail iOS app which enables a bad actor to perform a Man-in-the-Middle. Google Gmail application for iOS is exposed to risks of  Man-in-the-Middle (MitM) attacks which allow bad actors to monitor encrypted email communications. An expert at mobile security firm Lacoon has discovered that version of Gmail […]

Pierluigi Paganini June 19, 2014
LinkedIn vulnerable to MITM attack that leverages an SSL stripping could expose users data at risk

Security experts at Zimperium firm revealed that LinkedIn users could be potentially vulnerable to Man-in-the-Middle attacks leveraging an SSL stripping. A new research is scaring users of LinkedIn revealing that they could be potentially vulnerable to Man-in-the-Middle (MITM) attacks leveraging an SSL stripping. Despite the US security firm Zimperium reported the problem to LinkedIn more than a […]

Pierluigi Paganini June 17, 2014
Dyreza banking Trojan uses browser hooking to defeat SSL

Security experts at CSIS in Denmark have discovered a new piece of banking malware, dubbed Dyreza, which implements browser hooking to defeat SSL. Dyreza is the name of a new banking Trojan which is targeting numerous financial institutions, including Bank of America, Citibank, Natwest, RBS and Ulsterbank. Dyreza captured the attention of security researchers due the technique it […]

Pierluigi Paganini May 13, 2014
Who and how is using forged SSL certificates worldwide?

Who is abusing of forged SSL certificates in MITM attacks worldwide? A team of researchers implemented a new detection technique to detect the abuses. A team of researchers at Carnegie Mellon University and engineers at Facebook have designed a detection technique for man-in-the-middle attacks over SSL on a large-scale. They analyzed the data extracting useful information, including the […]

Pierluigi Paganini April 14, 2014
How many mobile Users could be affected by Heartbleed flaw?

Heartbleed is the security flaw that is scaring IT industry, which is its impact on the mobile worlds? How many Smartphone Users could be affected? Heartbleed flaw is the argument that most of all is capturing the attention of the media in this period,  billions of users worldwide have been impacted, there are thousands solutions affected […]

Pierluigi Paganini March 26, 2014
How to rob ATMs with a couple of SMS messages

Symantec experts demonstrated how to rob ATMs using a mobile device and sending a couple of SMS. Cybercriminals are increasing sophistication of attacks. What will happen after that Microsoft will stop supporting the Windows XP operating system on 8th April? The question was approached by numerous security experts on different media. The impact could be […]

Pierluigi Paganini March 12, 2014
Abusing Facebook Access Token with Man-in-the-Middle Attack

The Egyptian penetration tester Ahmed Elsobky discovered a serious flaw that allows attackers to sniff user’s traffic including access token. Facebook is vulnerable to Man-in-the-Middle Attack, The Egyptian penetration tester Ahmed Elsobky discovered a serious flaw that allows attackers to sniff user’s traffic including private information. “We’d actually received an earlier report from another researcher regarding this […]

Pierluigi Paganini March 05, 2014
GnuTLS flaw in certificate verification exposes Linux world to attacks

A serious flaw in the certificate verification process of GnuTLS exposes Linux distros, apps to attack. Another flaw exploitable for surveillance purposes. GnuTLS is an open source secure communications library implementing the SSL, TLS and DTLS protocols, it is used in hundreds of software packages including Red Hat desktop,  all Debian and Ubuntu Linux distributions and many […]