-
qBittorrent fixes flaw exposing users to MitM attacks for 14 years
qBittorrent has addressed a remote code execution flaw caused by the failure to validate SSL/TLS certificates in the application's DownloadManager, a component that manages downloads throughout the app.
- October 31, 2024
- 11:11 AM
1
-
Terrapin attacks can downgrade security of OpenSSH connections
Academic researchers developed a new attack called Terrapin that manipulates sequence numbers during the handshake process to breaks the SSH channel integrity when certain widely-used encryption modes are used.
- December 19, 2023
- 12:03 PM
0
-
Sponsored Content
Free shadow SaaS inventory + security insightsDiscover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
-
New BLUFFS attack lets attackers hijack Bluetooth connections
Researchers at Eurecom have developed six new attacks collectively named 'BLUFFS' that can break the secrecy of Bluetooth sessions, allowing for device impersonation and man-in-the-middle (MitM) attacks.
- November 28, 2023
- 04:58 PM
- 0
-
AI algorithm detects MitM attacks on unmanned military vehicles
Professors at the University of South Australia and Charles Sturt University have developed an algorithm to detect and intercept man-in-the-middle (MitM) attacks on unmanned military robots.
- October 14, 2023
- 11:14 AM
- 2
-
GIGABYTE releases new firmware to fix recently disclosed security flaws
GIGABYTE has released firmware updates to fix security vulnerabilities in over 270 motherboards that could be exploited to install malware.
- June 05, 2023
- 11:09 AM
- 5
-
Critical RCE bugs in Android remote keyboard apps with 2M installs
Three Android applications that allow users to use devices as remote keyboards for their computers have critical vulnerabilities that could expose key presses and enable remote code execution.
- November 30, 2022
- 06:14 PM
- 0
-
RTLS systems vulnerable to MiTM attacks, location manipulation
Security researchers have uncovered multiple vulnerabilities impacting UWB (ultra-wideband) RTLS (real-time locating systems), enabling threat actors to conduct man-in-the-middle attacks and manipulate tag geo-location data.
- August 16, 2022
- 04:10 PM
- 0
-
Devious phishing method bypasses MFA using remote access software
A devious new phishing technique allows attackers to bypass MFA by secretly having victims log in to their accounts directly on attacker-controlled servers using VNC.
- February 22, 2022
- 04:57 PM
- 2
-
Smartwatches for children are a privacy and security nightmare
Researchers analyzed the security of four popular smartwatches for children and found pre-installed downloaders, weak passwords, and unencrypted data transmissions.
- November 30, 2021
- 01:55 PM
- 0
-
Netgear fixes dangerous code execution bug in multiple routers
Netgear has fixed a high severity remote code execution (RCE) vulnerability found in the Circle parental control service, which runs with root permissions on almost a dozen modern Small Offices/Home Offices (SOHO) Netgear routers.
- September 21, 2021
- 11:24 AM
- 0
-
All Kubernetes versions affected by unpatched MiTM vulnerability
The Kubernetes Product Security Committee has provided advice on how to temporarily block attackers from exploiting a vulnerability that could enable them to intercept traffic from other pods in multi-tenant Kubernetes clusters in man-in-the-middle (MiTM) attacks.
- December 08, 2020
- 09:20 AM
- 0
-
Google Chrome to Block Mixed Content Downloads, Prevents MiTM Attacks
Google is moving forward with its plan to block mixed content downloads from web sites to protect users from man-in-the-middle attacks.
- February 06, 2020
- 03:08 PM
- 1
-
FortiGuard Used Hardcoded Key, XOR to Encrypt Communications
Security researchers found that multiple security products from Fortinet use weak encryption and static keys to communicate with FortiGuard services in the cloud, such as AntiSpam, AntiVirus, and Web Filter.
- November 25, 2019
- 01:01 PM
- 0
-
500+ Million UC Browser Android Users Exposed to MiTM Attacks. Again.
The highly popular UC Browser and UC Browser Mini Android apps, with a total of over 600 million Play Store installs, exposed their users to MiTM attacks by downloading an Android Package Kit (APK) from a third party server over unprotected channels.
- October 17, 2019
- 05:17 PM
- 0
-
Trivial Bugs in Western Digital SSD Utility Puts Owners at Risk
Security researchers have released details about two vulnerabilities in Western Digital and SanDisk SSD Dashboard applications that could be exploited to trick users into running arbitrary code on their computers.
- July 31, 2019
- 08:01 AM
- 0
-
'Sea Turtle' Campaign Focuses on DNS Hijacking to Compromise Targets
For at least two years, a highly capable threat actor has been running a campaign that relied on DNS hijacking to reach their targets. In the operation, at least 40 public and private organizations in 13 countries have been compromised.
- April 18, 2019
- 03:32 AM
- 0
-
Xiaomi Pre-Installed Security App Vulnerable to MiTM Attacks
A vulnerability exposing users to Man-in-the-Middle (MiTM) attacks was patched by Xiaomi in the pre-installed security app Guard Provider after a disclosure report from Check Point Research.
- April 04, 2019
- 01:28 PM
- 0
-
UC Browser for Android, Desktop Exposes 500+ Million Users to MiTM Attacks
The extremely popular UC Browser and UC Browser Mini Android applications with a total of over 600 million installs expose their users to MiTM attacks by downloading and installing extra modules from their own servers using unprotected channels and bypassing Google Play's servers altogether.
- March 26, 2019
- 02:12 PM
- 1
-
Firefox 65 to Show Certificates Used in Man-in-the-Middle SSL Attacks
In Firefox 61, Mozilla added a new error message called "MOZILLA_PKIX_ERROR_MITM_DETECTED" that warns a user that a program is attempting to perform a man-in-the-middle SSL attack. In Firefox 65, Mozilla has revised the accompanying info to explain that software, such as an antivirus program, could be the cause of this error.
- January 10, 2019
- 11:31 AM
- 0
-
Sennheiser Headset Software Could Allow Man-in-the-Middle SSL Attacks
When users have been installing Sennheiser's HeadSetup software, little did they know that they were also installing a root certificate into the Trusted Root CA Certificate store. To make matters worse, the software was also installing an encrypted version of the certificate's private key that was not as secure as they thought.
- November 28, 2018
- 12:27 AM
- 1
- 1
- 2
