Identity theft in 1915 | Kaspersky official blog
Credit to Author: Roman Dedenok| Date: Mon, 17 Jul 2023 13:29:00 +0000
Identity theft in the 1915 movie serial Les Vampires: MitM, bypassing 2FA, social engineering
Read MoreComputer Security Articles
RSS Reader for Computer Security Articles
MITM
Unfixed vulnerability in popular library puts IoT products at risk
Credit to Author: Pieter Arntz| Date: Wed, 04 May 2022 16:13:27 +0000
Researchers have disclosed an unpatched vulnerability in the popular uClibc library that could allow attackers to use DNS poisoning.
The post Unfixed vulnerability in popular library puts IoT products at risk appeared first on Malwarebytes Labs.
Read MoreLittle Red Riding Hood and the Wolf-in-the-Middle
Credit to Author: Nikolay Pankov| Date: Wed, 18 Sep 2019 15:37:19 +0000
Folk tales are a fount of wisdom, but not many would use them to teach children the basics of information security. Well, you could!
Read MoreBluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks
Credit to Author: Jovi Umawing| Date: Wed, 21 Aug 2019 15:56:45 +0000
 | |
| Researchers called it KNOB, a clever attack against the firmware of a Bluetooth chip that can allow hackers to successfully hijack paired devices and steal their sensitive data. Are users at risk? Categories: Tags: AppleblackberrybluetoothCiscoCVE-2019-9506iOSKey Negotiation of BluetoothKNOB attackmacOSman-in-the-middle attackmicrosoftmitmret hatwatchoswindows |
The post Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks appeared first on Malwarebytes Labs.
Read MoreVulnerabilities in financial mobile apps put consumers and businesses at risk
Credit to Author: Jovi Umawing| Date: Wed, 08 May 2019 16:30:00 +0000
 | |
| It’s good to know that your bank’s website boasts that little green padlock, promotes secure communication, and follows a two-factor authentication (2FA) scheme. But are their mobile apps equally secure? Categories: Tags: app vulnerabilitiesclient-side injectiondevelopment hygieneexposure of database parameters and sql queriesfinancialfinancial mobile app flawsimplicit trust of all certificatesinsecure data storageinsecure random number generatorlack of binary protectionsman-in-the-middleman-int-the-middlemitmprivate key exposuresecure app developmentsecurity hubrisSQL injectionunintended data leakagevulnerabilitiesweak encryption |
The post Vulnerabilities in financial mobile apps put consumers and businesses at risk appeared first on Malwarebytes Labs.
Read MoreOf hoodies and headphones: a spotlight on risks surrounding audio output devices
Credit to Author: Jovi Umawing| Date: Mon, 22 Apr 2019 18:15:34 +0000
 | |
| For years, researchers have been poking holes in our audio output devices in the name of security and privacy. They’ve found many ways our headphones can be hacked or otherwise compromised. Learn what they discovered, and how you can secure your own. Categories: Tags: ahaamerican heart associationaudio output deviceaudio output device securityben gurion universitybluebornebluetooth eavesdroppingheadphone risksheadphones and hoodiesman-in-the-middle attackmitmmultiplexed wired attack surfaceSennheiserSPEAKE(a)RSPEAKE(a)R malware |
The post Of hoodies and headphones: a spotlight on risks surrounding audio output devices appeared first on Malwarebytes Labs.
Read MoreMac malware intercepts encrypted web traffic for ad injection
Credit to Author: Thomas Reed| Date: Wed, 24 Oct 2018 15:00:43 +0000
 | |
| New Mac malware has been found that intercepts encrypted traffic for the purpose of injecting ads into web pages. But could this adware be used for more devious purposes in the future? Categories: Tags: adwaremacMac adwaremacOSmalwaremitm |
The post Mac malware intercepts encrypted web traffic for ad injection appeared first on Malwarebytes Labs.
Read MoreMitM and DoS attacks on domains through the use of residual certificates
Credit to Author: Alex Drozhzhin| Date: Wed, 29 Aug 2018 15:43:09 +0000
Due to certification centers specifics, it is not rare for other people to hold a valid HTTPS certificate for your domain. What can go wrong?
Read More