MITM

Pierluigi Paganini March 09, 2017
Researchers discovered severe flaws in the Confide which is also used by White House staffers

Confide App, the secure messaging app used by staffers in the White House and on Capitol Hill is not as secure as the company claims. Confide is the secure messaging app used by President Donald Trump’s staffers for their secret communication. The official website of the application defines the encryption implemented by the mobile application […]

Pierluigi Paganini February 28, 2017
A flaw in ESET Endpoint Antivirus allows to hack Apple Macs, patch it now

A flaw in ESET Endpoint Antivirus is exploitable to get remote root execution on Apple Mac systems via Man-In-The-Middle (MiTM) attacks. According to the security advisory published by Google Security Team’s Jason Geffner and Jan Bee on Seclists, it is possible to get remote root execution on Apple Mac systems via Man-In-The-Middle (MiTM) attacks. The attackers […]

Pierluigi Paganini February 07, 2017
76 Popular iOS apps are vulnerable to man-in-the-middle (MITM) attacks

A study conducted on iOS mobile apps revealed that many of them are affected by security vulnerabilities that expose users to man-in-the-middle (MitM) attacks. A new study confirms that dozens of iOS apps are affected by vulnerabilities that could be exploited by hackers to run man-in-the-middle (MitM) and intercept data from connections even if protected by TLS. […]

Pierluigi Paganini January 24, 2017
Browser User Interface Security Threats

Google Chrome users beware, hackers are behind you.  Users may be tricked into downloading malware masquerading as a fix for corrupted fonts. Google Chrome users beware.  Users may be tricked into downloading malware masquerading as a fix for corrupted fonts. Hackers have been breaking into insecure websites and inserting JavaScript that waits for Chrome browsers […]

Pierluigi Paganini November 02, 2016
Stealth Cell Tower, how to spy on workers with a harmless printer

Stealth Cell Tower, it is an antagonistic GSM base station concealed in an office printer that could be used for surveillance purposes. Are you angry with your boss or your colleagues? Do you want to spy on them? The engineer Julian Oliver has demonstrated how to do it with a tiny cellphone base station concealed in […]

Pierluigi Paganini July 14, 2016
Millions of Xiaomi Smartphone vulnerable to remote hacking

Millions of Xiaomi smartphone are affected by a critical remote code execution flaw that could be exploited by hackers to take over the mobile devices. Millions of Xiaomi mobile are vulnerable to remote hacking due to a critical remote code execution (RCE) vulnerability that could be exploited by hackers to take over the mobile devices. The […]

Pierluigi Paganini June 02, 2016
Lenovo Accelerator Application contains a bug that allows remote hack of your PC

A study of Duo Security revealed that Lenovo Accelerator Application support tool contains a high-risk flaw that allows remote code execution. Once again bad news for Lenovo users, the company is informing them that the Lenovo Accelerator Application contains a high-risk vulnerability that could be exploited by hackers to remotely execute code on the machine and […]

Pierluigi Paganini May 29, 2016
Why surveillance firm Blue Coat was granted a powerful encryption certificate?

Experts discovered that the Controversial Surveillance firm Blue Coat was granted a powerful encryption certificate that can be used for web monitoring. Once again we are here speaking about surveillance, security experts have discovered that the controversial firm Blue Coat Systems was granted  powerful encryption digital certificates. Blue Coat sells web-monitoring software, its surveillance appliances were […]

Pierluigi Paganini May 26, 2016
US-CERT: Leaked WPAD queries could expose corporate to MitM attacks

Leaked WPAD queries could result in domain name collisions with internal network naming schemes exposing corporate to MITM attacks. The U.S. Computer Emergency Readiness Team(US-CERT) issued the Alert (TA16-144A) to warn of leaked WPAD queries could result in domain name collisions with internal network naming schemes. The WPAD queries are intended for resolution on private or enterprise DNS […]

Pierluigi Paganini December 04, 2015
Kazakhstan – Telco Company Kazakhtelecom will order their costumers to install rogue certificates

The Government of the Kazakhstan makes it mandatory for its citizens to install rogue security certificates to monitor them online. The Government of the Kazakhstan plans to implement a new internet control policy for all the population starting from January 1st 2016, and to accomplish that will order the population to install some rogue security […]