HackDig : Dig high-quality web security articles

ISaPWN – research on the security of ISaGRAF Runtime

In early 2020, we notified the Rockwell Automation Product Security Incident Response Team (RA PSIRT) of several vulnerabilities we had identified in the ISaGRAF Runtime execution environment. According to public sources of information, ISaGRAF Runtime is used as an automation framework in multiple products in various industries across the globe and its use
Publish At:2022-05-23 10:14 | Read:544 | Comments:0 | Tags:Research Controllers Encryption Firmware Industrial control

Unfixed vulnerability in popular library puts IoT products at risk

Researchers have found a vulnerability in a popular C standard library in IoT products that could allow attackers to perform DNS poisoning attacks against a target device. The library is known to be used by major vendors such as Linksys, Netgear, and Axis, but also by Linux distributions such as Embedded Gentoo. Because the library maintainer was unable t
Publish At:2022-05-04 12:48 | Read:1257 | Comments:0 | Tags:Exploits and vulnerabilities dns poisoning IoT library mitm

Intercepting 2FA: Over 1200 man-in-the-middle phishing toolkits detected

Two-factor authentication (2FA) has been around for a while now and for the majority of tech users in the US and UK, it has became a security staple. Indeed, wake up calls brought about by data breaches have stirred others out of their comfort zones into finally adopting 2FA and making it part of their online lives. But online criminals—quick as they are
Publish At:2022-01-06 12:45 | Read:1716 | Comments:0 | Tags:Reports 2fa Catching Transparent Phish evilginx Man in the M

Chrome casts away the padlock—is it good riddance or farewell?

It’s been an interesting journey for security messaging where browsers are concerned. Back in the day, many of the websites you’d visit on a daily basis weren’t secure. By secure, I mean that they didn’t use HTTPS. There was no padlock, which meant that the traffic between you and the website wasn’t encrypted, and so it was vulnerable to being sn
Publish At:2021-08-04 10:57 | Read:2245 | Comments:0 | Tags:Privacy blog blogspot browser chrome encrypted Google http H

French intel found flaws in Bluetooth Core and Mesh specs

Attackers could exploit a set of Bluetooth vulnerabilities, affecting the Core and Mesh Profile specifications, to conduct man-in-the-middle (MitM) attacks. Researchers at the french intelligence agency ANSSI discovered multiple flaws in the Bluetooth Core and Mesh Profile specifications that could be used to impersonate legitimate devices durin
Publish At:2021-05-24 20:33 | Read:2046 | Comments:0 | Tags:Breaking News Hacking Bluetooth Cybersecurity cybersecurity

Tor and anonymous browsing – just how safe is it?

byPaul DucklinAn article published on the open-to-allcomers blogging site Medium earlier this week has made for some scary headlines.Written as an independent research piece by an author going only by nusenu, the story is headlined:How Malicious Tor Relays are Exploiting Users in 2020 (Part I)[More than] 23% of the Tor network’s exit capacity has been attack
Publish At:2020-08-13 13:53 | Read:2840 | Comments:0 | Tags:Privacy bitcoin Exit node MITM Scam snooping surveillance To

Bugs in Avast AntiTrack expose users to hack

A flaw in the impacting Avast and AVG AntiTrack privacy software could expose users to browser hijacking and Man-in-The-Middle (MiTM) attacks. Security expert David Eade has discovered a vulnerability (CVE-2020-8987) in Avast and AVG AntiTrack privacy software that could expose end-users to Man-in-The-Middle (MiTM) attacks, browser session hijack, with c
Publish At:2020-03-11 09:24 | Read:2740 | Comments:0 | Tags:Breaking News Hacking Avast AntiTrack AVG hacking news infor

Schubser and his cookie dealing friend

I actually forgot to post this in February, so I’m a little late but the topic is as current as it was back then. One week in February my colleague, Jan Girlich and me took some time to review our tools and make three of them available on github. Jan wrote a Proof of Concept (PoC) Android app that allows exploiting Java object deserialization vulnerabi
Publish At:2019-09-19 18:20 | Read:2974 | Comments:0 | Tags:Coding Android deserialisation Firesheep Java MITM mod0cooki

Detecting KRACK Man in the Middle Attacks

What is KRACK? KRACK (Key Reinstallation attaCKs, KRACKs) is a serious weakness in the WPA2 protocol. WPA2 secures all modern protected Wi-Fi networks including those used by smartphones. Attackers within physical range of a Wi-Fi network can exploit protocol weaknesses by using key reinstallation attacks. The attack works against all modern protected Wi-Fi
Publish At:2017-10-21 13:50 | Read:9269 | Comments:0 | Tags:Mobile security Mobile Threat Defense Threat Research KRACK

Billions of mobile, desktop and IoT devices potentially exposed to BlueBorne Attack

Billions of mobile, desktop and IoT devices that use Bluetooth may be exposed to a new remote attack, even without any user interaction and pairing. The unique condition for BlueBorne attacks is that targeted devices must have Bluetooth enabled. The new attack technique, dubbed BlueBorne, was devised by experts with Armis Labs. Researchers have discovered a
Publish At:2017-09-13 09:25 | Read:7037 | Comments:0 | Tags:Breaking News Hacking Mobile BlueBorne attack Bluetooth hack

Perl devs fix an important flaw in DBD—MySQL that affects encryption between client and server

Perl development team solved a flaw in DBD—MySQL in some configurations that wasn’t enforcing encryption allowing an attacker to power MiTM attacks. The security researcher Pali Rohár reported an important flaw in DBD—MySQL, tracked as CVE-2017-10789, that affects only encryption between client and server. According to the expert, the issue in some con
Publish At:2017-07-07 02:35 | Read:5520 | Comments:0 | Tags:Breaking News Hacking DBD—MySQL MITM MySQL Riddle vulnerabil

Security vulnerabilities in Hyundai Blue Link mobile app allowed hackers to steal vehicles

Security vulnerabilities in the Hyundai Blue Link mobile apps allowed hackers to steal vehicles, the car maker fixed them. Security vulnerabilities in the Hyundai Blue Link mobile apps could be exploited by hackers to locate, unlock and start vehicles of the carmaker. The Blue Link application is available for both iOS and Android mobile OSs, it was develope
Publish At:2017-04-27 02:15 | Read:7767 | Comments:0 | Tags:Breaking News Hacking Car hacking Hyundai Blue Link MITM mob

Researchers discovered severe flaws in the Confide which is also used by White House staffers

Confide App, the secure messaging app used by staffers in the White House and on Capitol Hill is not as secure as the company claims. Confide is the secure messaging app used by President Donald Trump’s staffers for their secret communication. The official website of the application defines the encryption implemented by the mobile application with t
Publish At:2017-03-09 18:50 | Read:5611 | Comments:0 | Tags:Breaking News Digital ID Hacking Mobile Confide app evesdrop

A flaw in ESET Endpoint Antivirus allows to hack Apple Macs, patch it now

A flaw in ESET Endpoint Antivirus is exploitable to get remote root execution on Apple Mac systems via Man-In-The-Middle (MiTM) attacks. According to the security advisory published by Google Security Team’s Jason Geffner and Jan Bee on Seclists, it is possible to get remote root execution on Apple Mac systems via Man-In-The-Middle (MiTM) attacks. The
Publish At:2017-02-28 06:45 | Read:7000 | Comments:0 | Tags:Breaking News Hacking CVE-2016-0718 ESET Endpoint Antivirus

76 Popular iOS apps are vulnerable to man-in-the-middle (MITM) attacks

A study conducted on iOS mobile apps revealed that many of them are affected by security vulnerabilities that expose users to man-in-the-middle (MitM) attacks. A new study confirms that dozens of iOS apps are affected by vulnerabilities that could be exploited by hackers to run man-in-the-middle (MitM) and intercept data from connections even if protected by
Publish At:2017-02-07 12:35 | Read:6267 | Comments:0 | Tags:Breaking News Hacking Mobile eavesdropping iOS MITM mobile a


Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud