mitm - Tagged - Security Boulevard

Revealed: Facebook’s “Incredibly Aggressive” Alleged Theft of Snapchat App Data

Richi Jennings — Wed, 27 Mar 2024 17:14:37 +0000

Meta MITM IAAP SSL bump: Zuck ordered “Project Ghostbusters”—with criminal consequences, says class action lawsuit.

The post Revealed: Facebook’s “Incredibly Aggressive” Alleged Theft of Snapchat App Data appeared first on Security Boulevard.

SSH FAIL: Terrapin Attack Smashes ‘Secure’ Shell Spec

Richi Jennings — Wed, 20 Dec 2023 16:45:32 +0000

Testy Testudine: Lurking vuln in SSH spec means EVERY implementation must build patches.

The post SSH FAIL: Terrapin Attack Smashes ‘Secure’ Shell Spec appeared first on Security Boulevard.

Digital Certificates Riddled With Security Weaknesses

Michael Vizard — Tue, 01 Aug 2023 19:32:28 +0000

A study published today found 79% of certificates on the internet are vulnerable to man-in-the-middle (MitM) attacks, with as many as 10% expired or self-signed (15%) in a way that is considered insecure. The study, conducted by Enterprise Management Associates on behalf of AppViewX, a provider of automated machine identity management (MIM) and application infrastructure..

The post Digital Certificates Riddled With Security Weaknesses appeared first on Security Boulevard.

‘BrutePrint’ Unlocks Android Phones — Chinese Researchers

Richi Jennings — Wed, 24 May 2023 17:21:10 +0000

Or, at least, OLDER phones: SPI/TEE MITM FAIL

The post ‘BrutePrint’ Unlocks Android Phones — Chinese Researchers appeared first on Security Boulevard.

Kazakhstan Spies on its People via Man-in-the-Middle Attack, Again

Richi Jennings — Mon, 07 Dec 2020 19:41:08 +0000

The Kazakh government is forcing its citizens to install a spyware root certificate, allowing authorities to crack open TLS traffic, such as HTTPS.

The post Kazakhstan Spies on its People via Man-in-the-Middle Attack, Again appeared first on Security Boulevard.

Detecting GnuTLS CVE-2020-13777 using Zeek

Johanna Amann — Thu, 11 Jun 2020 17:02:58 +0000

By Johanna Amann, Software Engineer, Corelight CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their session resumption code, which lets attackers either completely decrypt observed traffic (for TLS versions up to 1.2), or perform a man-in-the-middle (MITM) attack...Read more »

The post Detecting GnuTLS CVE-2020-13777 using Zeek appeared first on Security Boulevard.

Bad Actors Using MitM Attacks against ASUS to Distribute Plead Backdoor

David Bisson — Tue, 14 May 2019 10:54:44 +0000

Researchers believe bad actors are using man-in-the-middle (MitM) attacks against ASUS software to distribute the Plead backdoor. Near the end of April 2019, researchers at ESET observed several attack attempts that both created and executed the Plead backdoor using “AsusWSPanel.exe,” a legitimate process which belongs to the Windows client for the cloud-based storage service ASUS […]… Read More

The post Bad Actors Using MitM Attacks against ASUS to Distribute Plead Backdoor appeared first on The State of Security.

The post Bad Actors Using MitM Attacks against ASUS to Distribute Plead Backdoor appeared first on Security Boulevard.

Your Lenovo Watch X Is Watching You & Sharing What It Learns

David Sopas — Mon, 11 Feb 2019 22:54:21 +0000

A friend of mine offered me a Lenovo Watch X – which costs around €60 – in return for helping him with a security project. I was impressed with the design and the quality of the watch. Of course, I also immediately wanted to test its security. Lenovo Watch X Security Research Summary I think

10 Tips to Take Control of Your Public Wi-Fi Security

Guy Cohen — Wed, 17 Oct 2018 11:00:53 +0000

The amazing ability to surf from anywhere sometimes distracts us from a very basic fact: the information may flow to us – but it can flow from us, in other, undesirable directions.So whether you are on your way to a vacation in a city that offers public Wi-Fi or you live in a city that

A week in security (July 9 – July 15)

Malwarebytes Labs — Mon, 16 Jul 2018 15:00:01 +0000

A roundup of the security news from July 9 - July 15, including sextortion, Spectre, cryptomining, mobile malware, ICO scams and more.

Categories:

Tags: ad blockers android malware crypto mining data breach domestic abuse facebook ico fraud mitm multi-factor authentication prime day 2018 Spectre Threat Intel

(Read more...)

The post A week in security (July 9 – July 15) appeared first on Malwarebytes Labs.

The post A week in security (July 9 – July 15) appeared first on Security Boulevard.