Man-In-The-Middle Attacks News, Articles and Updates

StrongPity2 spyware takes over for FinFisher

The cyber-gang behind the now defunct FinFisher man-in-the-middle attacks has switched over to using a new spyware dubbed StrongPity2 and is now using several popular websites to conduct watering hole attacks.

Misconfigured Amazon S3 Buckets allowing man-in-the-middle attacks

Misconfigured Amazon Web Service (AWS) S3 buckets that allow public writes are enabling man-in-the-middle (MITM) attacks on servers containing data from leading news media, retail and well-known cloud services.

Flaw in Windows DNS client exposed millions of users to hacking

Security researchers have advised the patching of a critical vulnerability in the DNS client used in Windows. The flaw could allow hackers to gain access to a target system.

Billions of Bluetooth devices vulnerable to MITM attacks; no user action

Billions of Bluetooth devices, including those running on Android, iOS, Linux, and Windows, contain vulnerabilities that can allow malicious actors to remotely execute code, take over devices, and perform (MitM) attacks.

US-CERT warns of MiTM security threats around inline SSL inspection

SSL inspection is much more widespread than previously thought and could help a MiTM attack, leading the US-CERT, part of the DHS in America, to issue a special advisory.

Business travellers putting organisations' cyber-security at risk

Private and corporate data are targets for hackers who are focussing their attention on rushed and stressed business people on the move.

Lenovo urges customers to uninstall dangerously flawed app from its systems

Exploit could lead to man-in-the-middle attack against desktop and laptop systems running the Lenovo Accelerator Application.

Baidu browser found to drip personal data in the clear

The Baidu browser for Android and Windows has been shown by Toronto-based CitizenLab to not only collect the personal information of its users and send it back to the company's servers but do so with weak, or nonexistent, encryption.

ICYMI: New PayPal spam; WEF top risks; Ukraine cyber-attack; OpenSSH vulnerabilities; IoT Doorbell flawed;

The latest In Case You Missed It (ICYMI) looks at a new type of PayPal spam, WEF names cyber-attacks as one of its top three threats, Ukraine suffers major cyber-attack on main airport, OpenSSH open to MitM attacks and the IoT doorbell that reveals its owners wifi key.

Star Wars BB-8 vulnerable to firmware hacking

Pen-testers manage to access insecure firmware update process on Star Wars BB-8

Drupal install process appears to be dripping

Thanks to a broken update procedure, installations of the Drupal CMS appear to be telling users that they are up-to-date despite still using older software.

Cyber-criminals could launch man-in-the-middle attack on Xbox Live users

Xbox Live keys "inadvertently disclosed"

Internet of malicious things: Yale home automation vulnerable

The Yale Home System (Europe) Android application vulnerable to a man-in-the-middle attack due to TLS errors .

The Vawtrak Trojan reemerges tougher and sneakier

The Vawtrak bug back and meaner than ever, say Proofpoint researchers

Researcher warns of vulnerability in Popcorn Time

Hackers could gain control of PC using 'Netflix for pirates' using its connection to CloudFlare made over HTTP instead of HTTPs to allow man in the middle attack.

ICYMI: WordPress XSS flaw, costly breaches & the return of Snooper's Charter

The latest ICYMI column looks at the latest WordPress XSS flaw, costly data breaches and the return of the controversial "Snooper's Charter".

ICYMI: Lenovo MiTM bug, 'hero' Snowden & cyber-insurance trust

This week's In Case You Missed It (ICYMI) column looks at the latest Lenovo flaw, Edward Snowden's standing in the UK, trust in cyber-insurance and a new version of TorrentLocker.

Updated: PC maker Lenovo exposes users to "massive security risk"

World number one PC maker Lenovo has been accused of running a "massive security risk" because flaws in its online product update service allow hackers to download malware onto its users' systems through a man-in-the-middle (MiTM) attack.

Son of Superfish, Lenovo bloatware variants start to surface

There are as many as a dozen variants of the Superfish bloatware found last week on Lenovo laptops, it has been discovered.

Pre-installed Lenovo adware hijacks TLS/SSL encryption

Lenovo's consumer laptops ran pre-installed adware/malware which could be used to intercept and hijack encrypted SSL/TLS web sessions.

Alarm bells ring for Internet of Things after smart TV hack

Two researchers from Colombia University in the US have found that millions of internet-connected TVs could be taken over in a man-in the-middle attack.

Apple criticised despite fixing iOS 7 and OS X flaws

Apple has been criticised despite correcting various security flaws on iOS 7 and OS X Lion and Mountain, with one such bug allowing hackers to intercept data via an SSL connection in a Man-in-the-Middle (MiTM) attack.

WhatsApp flaw leaves users open to spying

Global messaging service WhatsApp, now part of Facebook, has owned up to a security flaw which leaves it open to man-in-the-middle (MiTM) attacks.

DigiNotar hack details revealed by Dutch government

Details of the hack that lead to man-in-the-middle attacks on hundreds of thousands of Iranians' Google accounts and ultimately the liquidation of certificate authority DigiNotar have been released by the Dutch government.