Blackwood APT delivers malware by hijacking legitimate software update requests
ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group, which they dubbed Blackwood. Blackwood has carried out cyberespionage …
Microsoft Defender can automatically contain compromised user accounts
The “contain user” feature select Microsoft Defender for Endpoint customers have been trying out since November 2022 is now available to a wider pool of …
Popular fintech apps expose valuable, exploitable secrets
92% of the most popular banking and financial services apps contain easy-to-extract secrets and vulnerabilities that can let attackers steal consumer data and finances, …
Multiple vulnerabilities discovered in smart home devices
ESET researchers found serious security vulnerabilities in three different home hubs: Fibaro Home Center Lite, HomeMatic Central Control Unit (CCU2) and eLAN-RF-003. Some of …
AWDL flaws open Apple users to tracking, MitM, malware planting
Vulnerabilities in Apple Wireless Direct Link (AWDL), the wireless protocol that underpins Apple’s AirPlay and AirDrop services, could allow attackers to track users in …
Who’s trying to eavesdrop on your customers’ encrypted mobile traffic?
The number one source of TLS/SSL Man in the Middle (MitM) attacks on encrypted mobile traffic are not corporate firewalls or captive portals used by hotels, airports and other …
Security company Fox-IT reveals, details MitM attack they suffered in September
Dutch IT security consultancy/service provider Fox-IT has revealed on Thursday that it has suffered a security breach, which resulted in some files and emails sent by the …
Bugs in Windows DNS client open millions of users to attack
In this month’s Patch Tuesday, Microsoft has included fixes for multiple critical memory corruption vulnerabilities in the Windows DNS client, which could be exploited …
Billions of Bluetooth-enabled devices vulnerable to new airborne attacks
Eight zero-day vulnerabilities affecting the Android, Windows, Linux and iOS implementations of Bluetooth can be exploited by attackers to extract information from, execute …
Password Reset MITM: Exposing the need for better security choices
Attackers that have set up a malicious site can use users’ account registration process to successfully perform a password reset process on a number of popular websites …
Lure10: Exploiting Wi-Fi Sense to MITM wireless Windows devices
Karma has long been a staple man-in-the-middle attack used in authorised wireless security assessments and unsanctioned ones, but as many modern operating systems now provide …
Over 2.8 million cheap Android smartphones come with preinstalled backdoor
If you’re using a cheap Android smartphone manufactured or sold by BLU, Infinix, Doogee, Leagoo, IKU, Beeline or Xolo, you are likely wide open to Man-in-the-Middle …