HackDig : Dig high-quality web security articles

Chrome casts away the padlock—is it good riddance or farewell?

It’s been an interesting journey for security messaging where browsers are concerned. Back in the day, many of the websites you’d visit on a daily basis weren’t secure. By secure, I mean that they didn’t use HTTPS. There was no padlock, which meant that the traffic between you and the website wasn’t encrypted, and so it was vulnerable to being sn
Publish At:2021-08-04 10:57 | Read:632 | Comments:0 | Tags:Privacy blog blogspot browser chrome encrypted Google http H

French intel found flaws in Bluetooth Core and Mesh specs

Attackers could exploit a set of Bluetooth vulnerabilities, affecting the Core and Mesh Profile specifications, to conduct man-in-the-middle (MitM) attacks. Researchers at the french intelligence agency ANSSI discovered multiple flaws in the Bluetooth Core and Mesh Profile specifications that could be used to impersonate legitimate devices durin
Publish At:2021-05-24 20:33 | Read:735 | Comments:0 | Tags:Breaking News Hacking Bluetooth Cybersecurity cybersecurity

Tor and anonymous browsing – just how safe is it?

byPaul DucklinAn article published on the open-to-allcomers blogging site Medium earlier this week has made for some scary headlines.Written as an independent research piece by an author going only by nusenu, the story is headlined:How Malicious Tor Relays are Exploiting Users in 2020 (Part I)[More than] 23% of the Tor network’s exit capacity has been attack
Publish At:2020-08-13 13:53 | Read:1617 | Comments:0 | Tags:Privacy bitcoin Exit node MITM Scam snooping surveillance To

Bugs in Avast AntiTrack expose users to hack

A flaw in the impacting Avast and AVG AntiTrack privacy software could expose users to browser hijacking and Man-in-The-Middle (MiTM) attacks. Security expert David Eade has discovered a vulnerability (CVE-2020-8987) in Avast and AVG AntiTrack privacy software that could expose end-users to Man-in-The-Middle (MiTM) attacks, browser session hijack, with c
Publish At:2020-03-11 09:24 | Read:1804 | Comments:0 | Tags:Breaking News Hacking Avast AntiTrack AVG hacking news infor

Schubser and his cookie dealing friend

I actually forgot to post this in February, so I’m a little late but the topic is as current as it was back then. One week in February my colleague, Jan Girlich and me took some time to review our tools and make three of them available on github. Jan wrote a Proof of Concept (PoC) Android app that allows exploiting Java object deserialization vulnerabi
Publish At:2019-09-19 18:20 | Read:2038 | Comments:0 | Tags:Coding Android deserialisation Firesheep Java MITM mod0cooki

Detecting KRACK Man in the Middle Attacks

What is KRACK? KRACK (Key Reinstallation attaCKs, KRACKs) is a serious weakness in the WPA2 protocol. WPA2 secures all modern protected Wi-Fi networks including those used by smartphones. Attackers within physical range of a Wi-Fi network can exploit protocol weaknesses by using key reinstallation attacks. The attack works against all modern protected Wi-Fi
Publish At:2017-10-21 13:50 | Read:7947 | Comments:0 | Tags:Mobile security Mobile Threat Defense Threat Research KRACK

Billions of mobile, desktop and IoT devices potentially exposed to BlueBorne Attack

Billions of mobile, desktop and IoT devices that use Bluetooth may be exposed to a new remote attack, even without any user interaction and pairing. The unique condition for BlueBorne attacks is that targeted devices must have Bluetooth enabled. The new attack technique, dubbed BlueBorne, was devised by experts with Armis Labs. Researchers have discovered a
Publish At:2017-09-13 09:25 | Read:5321 | Comments:0 | Tags:Breaking News Hacking Mobile BlueBorne attack Bluetooth hack

Perl devs fix an important flaw in DBD—MySQL that affects encryption between client and server

Perl development team solved a flaw in DBD—MySQL in some configurations that wasn’t enforcing encryption allowing an attacker to power MiTM attacks. The security researcher Pali Rohár reported an important flaw in DBD—MySQL, tracked as CVE-2017-10789, that affects only encryption between client and server. According to the expert, the issue in some con
Publish At:2017-07-07 02:35 | Read:4596 | Comments:0 | Tags:Breaking News Hacking DBD—MySQL MITM MySQL Riddle vulnerabil

Security vulnerabilities in Hyundai Blue Link mobile app allowed hackers to steal vehicles

Security vulnerabilities in the Hyundai Blue Link mobile apps allowed hackers to steal vehicles, the car maker fixed them. Security vulnerabilities in the Hyundai Blue Link mobile apps could be exploited by hackers to locate, unlock and start vehicles of the carmaker. The Blue Link application is available for both iOS and Android mobile OSs, it was develope
Publish At:2017-04-27 02:15 | Read:6233 | Comments:0 | Tags:Breaking News Hacking Car hacking Hyundai Blue Link MITM mob

Researchers discovered severe flaws in the Confide which is also used by White House staffers

Confide App, the secure messaging app used by staffers in the White House and on Capitol Hill is not as secure as the company claims. Confide is the secure messaging app used by President Donald Trump’s staffers for their secret communication. The official website of the application defines the encryption implemented by the mobile application with t
Publish At:2017-03-09 18:50 | Read:4818 | Comments:0 | Tags:Breaking News Digital ID Hacking Mobile Confide app evesdrop

A flaw in ESET Endpoint Antivirus allows to hack Apple Macs, patch it now

A flaw in ESET Endpoint Antivirus is exploitable to get remote root execution on Apple Mac systems via Man-In-The-Middle (MiTM) attacks. According to the security advisory published by Google Security Team’s Jason Geffner and Jan Bee on Seclists, it is possible to get remote root execution on Apple Mac systems via Man-In-The-Middle (MiTM) attacks. The
Publish At:2017-02-28 06:45 | Read:6012 | Comments:0 | Tags:Breaking News Hacking CVE-2016-0718 ESET Endpoint Antivirus

76 Popular iOS apps are vulnerable to man-in-the-middle (MITM) attacks

A study conducted on iOS mobile apps revealed that many of them are affected by security vulnerabilities that expose users to man-in-the-middle (MitM) attacks. A new study confirms that dozens of iOS apps are affected by vulnerabilities that could be exploited by hackers to run man-in-the-middle (MitM) and intercept data from connections even if protected by
Publish At:2017-02-07 12:35 | Read:5313 | Comments:0 | Tags:Breaking News Hacking Mobile eavesdropping iOS MITM mobile a

Browser User Interface Security Threats

Google Chrome users beware, hackers are behind you.  Users may be tricked into downloading malware masquerading as a fix for corrupted fonts. Google Chrome users beware.  Users may be tricked into downloading malware masquerading as a fix for corrupted fonts. Hackers have been breaking into insecure websites and inserting JavaScript that waits for Chrome bro
Publish At:2017-01-24 17:00 | Read:5588 | Comments:0 | Tags:Breaking News Hacking Google Chrome MITB MITM privacy

BSidesSF Preview: DNS Attacks, A History and Overview

In modern times, it is possible for an attacker to persistently and repeatedly hijack a victim’s bank account at most major US banks through the victim visiting a web page. This is done without browser exploits or any visible warning. For a criminal, these attacks are cheap and highly successful.The attack that I am talking about is DNS hijacking. DNS
Publish At:2017-01-19 06:10 | Read:5673 | Comments:0 | Tags:Events Featured Articles BsidesSF DNS Hijacking MITM

Is Quantum Networking The End of Man-in-the-Middle Attacks?

Research on quantum networking is well under way.In April 2012, Gerhard Rempe and other researchers at the Max Planck Institute of Quantum Optics in Germany announced their first working quantum network to the world.Then, just this year, Wolfgang Tittel and his researchers at the University of Calgary transported a light particle’s properties through s
Publish At:2016-12-06 01:05 | Read:6128 | Comments:0 | Tags:Cyber Security Featured Articles Information Security ISP MI

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud