man-in-the-middle

Pierluigi Paganini April 13, 2017
Tens of thousands of compromised routers abused in WordPress attacks

Hackers exploited the CVE-2014-9222 flaw, also known as ‘Misfortune Cookie’, to hack thousands of home routers and abuse them for WordPress attacks. According to the experts at the security firm Wordfence tens of thousands, of home routers have been hacked and used to power cyber attacks on WordPress websites. The security firm observed a spike in […]

Pierluigi Paganini December 03, 2016
50 Million installations potentially impacted by AirDroid issues

At least 10 million Android users are exposed to cyber attacks due to multiple vulnerabilities affecting the popular AirDroid app. According to experts from the firm Zimperium, multiple vulnerabilities in the Android remote management tool AirDroid could expose more than 50 million devices The flaws could be exploited to abuse built-in features and use them against […]

Pierluigi Paganini September 18, 2016
Mozilla will fix the cross-platform RCE flaw that threatened Tor anonymity

Mozilla plans to fix the cross-platform RCE flaw that threatened Tor anonymity. The flaw affects certificate pinning protections implemented by Mozilla. Mozilla plans to release a Firefox update to address the cross-platform remote code-execution vulnerability recently patched in the Tor browser. The tor is inviting its users to install the security update urgently, and Mozilla follows close […]

Pierluigi Paganini September 09, 2016
Chrome will mark HTTP connections to websites as non-secure from January 2017

From January 2017, Chrome will indicate connection security with an icon in the address bar labeling HTTP connections to sites as non-secure. Google continues its effort to make the web a better place by pushing the adoption of encryption, we left the IT giant in May when it announced the decision to switch on default HTTPS […]

Pierluigi Paganini May 31, 2016
CVE-2016-2107 OpenSSL Flaw still affects many Alexa Top Sites

According to the security firm High-Tech Bridge many of the Alexa Top 10,000 websites are still vulnerable to the OpenSSL flaw CVE-2016-2107. The CVE-2016-2107 flaw affecting the open-source cryptographic library could be exploited to launch a man-in-the-middle attack leveraging on the ‘Padding Oracle Attack’ that can decrypt HTTPS traffic if the connection uses AES-CBC cipher and the server supports AES-NI. According […]

Pierluigi Paganini May 05, 2016
A High-Severity flaw in OpenSSL allows the HTTPS Traffic decryption

OpenSSL has the patches for six flaws including two high-severity bugs that could allow attackers to decrypt HTTPS traffic and execute malicious code on the server. OpenSSL just released several patches to fix vulnerabilities in the open-source cryptographic library, including a couple of high-severity flaws (CVE-2016-2107, CVE-2016-2108) that could be exploited to decrypt HTTPS Traffic. The CVE-2016-2107 could […]

Pierluigi Paganini April 01, 2016
SideStepper method allows to infect iOS devices via MDM Solutions

SideStepper is a method to install malicious apps on iOS devices by abusing the mobile device management (MDM) solutions. Security researchers from the Check Point firm have devised a method to install a malicious code on iOS devices by abusing the mobile device management (MDM) solutions used by many enterprises. The technique relies on a vulnerability dubbed by […]

Pierluigi Paganini February 01, 2016
JSPatch hot patching technique puts iOS users at risk

Security experts at FireEye are warning attackers can exploit the JSPatch hot patching technique to serve malicious code and put iOS users at risk The release of hot patches for apps already deployed in the official App Store is a time-consuming procedure that results frustrating for developers. Apple is aware of this drawback, for this reason […]

Pierluigi Paganini January 07, 2016
Unpatched Drupal flaws open websites to attacks

IOActive has uncovered a number of serious vulnerabilities affecting the Drupal CMS that could be exploited to completely takeover the vulnerable websites. A new vulnerability affecting Drupal could be exploited for code execution and database credentials theft (by Man-in-the-Middle), according to Fernando Arnaboldi, a senior security consultant working in IOActive. Fernando Arnaboldi says that the […]

Pierluigi Paganini December 21, 2015
iOS Mobile Banking Apps, what is changed from 2013 tests?

The security expert Ariel Sanchez presented the results of the test conducted on 40 iOS banking apps, comparing them to the ones obtained 2 years ago. The banking industry is looking with an increasing interest in mobile platform, financial institutes are offering a growing number of services accessible through mobile devices, but what about security? The security […]