mitm Archives

Hot Topics

‘Blast-RADIUS’ Critical Bug Blows Up IT Vacation Plans

Richi Jennings | July 10, 2024 | blast radius, collision-based-hashing-algorithm-disclosure, CVE-2024-3596, hash, hash algorithms, hash function, hash functions, Man In The Middle, man in the middle attack, man in the middle attacks, maninthemiddleattacks, md5 hash, men-in-the-middle attack, mitm, MitM Attack, mitm attacks, RADIUS, SB Blogwatch

MD5 MITM Muddle: Ancient, widely used protocol has CVSS 9.0 vulnerability ...

Security Boulevard

MITM, man, ransomware payments, business

Man-In-The-Middle Attacks are Still a Serious Security Threat

Kristina Rodopska | July 3, 2024 | Cloud, cyberattacks, Cybersecurity, identity, Man In The Middle, mitm, Phishing

Man-in-the-middle attacks have increased in the age of digital connectivity and remote work, forcing companies to develop strategies to mitigate them ...

Security Boulevard

Using MITM to bypass FIDO2 phishing-resistant protection

Dor Segal | May 6, 2024 | Blog, mitm, research, Silverfort Labs Research

FIDO2 is a modern authentication group term for passwordless authentication. The Fast Identity Online (FIDO) Alliance developed it to replace the use of legacy known passwords and provide a secure method to authenticate ...

Silverfort Blog - Cyber Security News

Revealed: Facebook’s “Incredibly Aggressive” Alleged Theft of Snapchat App Data

Meta MITM IAAP SSL bump: Zuck ordered “Project Ghostbusters”—with criminal consequences, says class action lawsuit ...

Security Boulevard

SSH FAIL: Terrapin Attack Smashes ‘Secure’ Shell Spec

Richi Jennings | December 20, 2023 | Authentication, CBC, ChaCha20, chaves ssh, CVE-2023-48795, libSSH, Man In The Middle, man in the middle attack, man in the middle attacks, mitm, MitM Attack, mitm attack prevention, mitm attacks, openssh, OpenSSH protocol, SB Blogwatch, SSH, Terrapin

Testy Testudine: Lurking vuln in SSH spec means EVERY implementation must build patches ...

Security Boulevard

Infoblox certificates Datadog Web3 DNSSEC OPSWAT web application security

Digital Certificates Riddled With Security Weaknesses

Michael Vizard | August 1, 2023 | certificates, cyberattacks, digital certificates, mitm, Network Security, TLS

A study published today found 79% of certificates on the internet are vulnerable to man-in-the-middle (MitM) attacks, with as many as 10% expired or self-signed (15%) in a way that is considered ...

Security Boulevard

‘BrutePrint’ Unlocks Android Phones — Chinese Researchers

Or, at least, OLDER phones: SPI/TEE MITM FAIL ...

Security Boulevard

Kazakhstan Spies on its People via Man-in-the-Middle Attack, Again

Richi Jennings | December 7, 2020 | HTTPS, Kazakhstan, mitm, root certificates, SB Blogwatch, TLS

The Kazakh government is forcing its citizens to install a spyware root certificate, allowing authorities to crack open TLS traffic, such as HTTPS ...

Security Boulevard

Detecting GnuTLS CVE-2020-13777 using Zeek

Johanna Amann | June 11, 2020 | Apache, Corelight Labs, CVE-2020-13777, GnuTLS, mitm, Network Security, network security monitoring, network traffic analysis, network visibility, Open Source Community, openssl, pcap, Public Key Cryptography, TLS, TLS 1.2, TLS 1.3, Zeek

By Johanna Amann, Software Engineer, Corelight CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their ...

Bright Ideas Blog

Bad Actors Using MitM Attacks against ASUS to Distribute Plead Backdoor

David Bisson | May 14, 2019 | backdoor, IT Security and Data Protection, Latest Security News, mitm, Plead

Researchers believe bad actors are using man-in-the-middle (MitM) attacks against ASUS software to distribute the Plead backdoor. Near the end of April 2019, researchers at ESET observed several attack attempts that both ...

The State of Security