man-in-the-middle

Pierluigi Paganini December 10, 2014
POODLE SSL flaw is threatening also TLS Security Protocol

Researchers at Qualys revealed that POODLE is likely to hit some of the most popular websites because the flaw also affects implementations of newer TLS. POODLE (Padding Oracle On Downgraded Legacy Encryption) is a critical vulnerability affecting SSL that was discovered in October 2014. The researchers at Google that discovered it, explained that the POODLE flaw is related […]

Pierluigi Paganini October 31, 2014
ASUS Wireless Routers RT Series updates vulnerable to a Man in the Middle attack

The security expert David Longenecker discovered that the update process for ASUS Wireless Routers RT Series is vulnerable to Man-in-the-Middle attacks.  The security expert David Longenecker discovered that ASUS Wireless Routers RT Series are vulnerable to Man-in-the-Middle attacks. The researcher explained that that the routers download updates via HTTP without an encryption protocols as explained in the blog post by Longenecker. […]

Pierluigi Paganini October 21, 2014
100 million iCloud users spied by the Chinese Government

A report confirms that China is collecting private data of more that 100 million Apple iCloud users resident in the country with a man-in-the-middle attack. The Chinese Government has launched a new hacking campaign that is targeting Apple iCloud users in the country, the news was reported by the censorship watchdog GreatFire.org is a blog post. […]

Pierluigi Paganini October 15, 2014
Millions Android Cyanogenmod users exposed to MitM attacks due to Code re-use

Researcher explains that vulnerable code re-use of zero-day in Android’s CyanogenMod exposes million users to Man-In-The-Middle attacks. Security experts always discourage jailbreaking and rooting of mobile devices due to the risk related to the installation of not authorized applications that could hide malware and serious bugs. At the Ruxcon Security Conference in Australia, an unnamed security […]

Pierluigi Paganini October 15, 2014
POODLE attack on SSL menaces Internet, it’s time to disable it by default

The POODLE against SSL 3.0. A new attack on SSL is threatening the Internet again, it allows bad actors to decrypt traffic over secure channels. Another critical flaw affects one of the protocols most used to secure Internet traffic, Secure Sockets Layer (SSL) and attacker could exploit the attack dubbed POODLE (Padding Oracle On Downgraded Legacy Encryption) to run a […]

Pierluigi Paganini September 22, 2014
Windseeker spyware app implements advanced injection and hooking techniques

Security experts at Lacoon Mobile Security detected a malicious app dubbed Windseeker which uses rare injection and hooking techniques to spy on users. Windseeker is a malicious Android app which attracted experts at Lacoon Mobile Security, the principal characteristics of the app are its injection and hooking techniques used to spy on mobile users. The techniques are rare […]

Pierluigi Paganini September 18, 2014
Surveillance – How to secretly track cellphone users position around the globe

Using the proper surveillance systems available on the market it is easy and quick to track cellphone and the movements of targets everywhere on the globe. We recently discussed the decision of Wikileaks to publish copies of the criticized surveillance software FinFisher, highlighting the dangers for the militarization of the cyberspace and in particular for […]

Pierluigi Paganini August 27, 2014
A Wide Open Backdoor is present in million Netis Routers

Routers manufactured by Netcore and sold worldwide under Netis brand have a wide-open backdoor that can be fairly easily exploited by threat actors. Experts at TrendMicro discovered that routers manufactured by Chinese security vendor and sold under the brand name Netcore in China have a hard-coded password. The hard-coded password allows attackers to access user’s traffic with a backdoor, […]

Pierluigi Paganini August 03, 2014
Sophisticated Phishing is targeting French-Speaking banking users

A very sophisticated phishing campaign has been discovered by Malcovery Security, it targets French-speaking computer users to steal banking credentials. Phishing is a very prolific business for cybercrime, bad actors are adopting even more sophisticated techniques like the one discovered recently which hit French-speaking computer users, in an attempt to steal their online banking credentials. The […]

Pierluigi Paganini July 30, 2014
Serious security issues affect 14 of 17 major antivirus engines

Joxean Koret, a security researcher at Singapore-based consultancy COSEINC, has publicly revealed a series of flaws which affect major antivirus engines. The security researcher at Singapore-based consultancy COSEINC, Joxean Koret, has discovered different flaws in 14 of 17 major antivirus engines. The researcher has presented the results of his study (PDF) at the recent SyScan 360 security conference in […]